2 * Do an eval on the attribute description strings in the user_edit page. That will allow the login-time creation
4 * Add a login-time creation page which will allow the administrator to create the login-time string through a gui
5 instead of writing it directly in UUCP format.
6 * Call lib/{ldap,sql}/user_info in user_info before displaying any information about the user
7 * Add a configuration directive general_charset. Add a language meta tag in all pages
8 * Use sql_extra_servers directive when adding users in the badusers table. Add a da_sql_host_connect() function
9 to connect to a specific sql host
10 * Fix a typo in lib/sql/attrmap.php3
11 * Add an entry in the FAQ about the Dialup-Access attribute
12 * Add an entry in the FAQ about duplicate personal attributes in the user_admin page
13 * Only show the personal attributes in the New User page if we have ldap or we are using the userinfo table in sql
14 * Add a per nas finger_type directive
15 * Update the TODO file
16 * Add an entry in the FAQ about adding .php3 handling
17 * Add a few installation notes
18 * Fix a problem with user_stats.php3
19 * Update the README file with notes about the scripts present in the bin folder
20 * Add a <?php tag instead of a <?. Bug noted by Isam Ishaq <isam@planet.edu>
21 * Add support for regexp and like operators in accounting report generator
22 * Limit the split() to 2 elements in lib/defaults.php3
23 * Create a AcctUniqueId before adding a row in radacct in log_badlogins.
24 * Use Max-Monthly-Session not Max-Weekly-Session for the monthly limit
25 * When checking the weekly limit check first that $remaining is numeric before doing any comparisons
26 * Add a usage_summary parameter in user_finger. If it is passed then we only output a text like:
27 "Online: <num> Free: <num>" which can be used in outside pages
28 * Use $config[sql_usergroup_table] in show_groups.php3
29 * Add a config directive general_stats_use_totacct. If set we use the totacct table in the stats page instead of
31 * Small change in user_accounting.php3
32 * Escape " in login_time create page before parsing the login-time string
33 * Add Service-Type in user_edit.attrs
34 * In user_finger page if $user is NULL then set it to
35 * Add 3 more help pages from Stadler Karel <Karel.Stadler@psi.ch> for Service-Type,Framed-Protocol and Filter-ID
36 * Make all scripts use the mysql binary instead of DBI and make the sql password even if it is empty
37 * Make log_badlogins work with usernames containing spaces
38 * Only delete sessions which are not open in truncate_radacct. Bug noted by Evren Yurtesen <yurtesen@ispro.net.tr>
39 * Add a user input tag in user_stats.php3
40 * Change AcctStopTime = '0' with AcctStopTime IS NULL
41 * Add a few more attribute help pages from Ulrich Walcher <uwalcher@bcore.de>
42 * Also check for $server != '' in stats.php3. Bug noted by Ulrich Walcher <uwalcher@bcore.de>
43 * Consider the account locked either if Dialup-Access == FALSE or if it is not set at all
44 * Calculate weekly used time correctly (from Sunday 00:00:00)
45 * Allow for defining the ldap_filter used when searching for a user. The filter supports dynamic variables
46 like %u (username) and %U (username provided though http auth)
47 * Add a configuration directive counter_monthly_calculate_usage to calculate the monthly usage time. Calculate
48 it in user_admin if monthly_limit != 'none' or if this directive is set.
49 Based on a report by "apellido jr., wilfredo p"
50 * Add more comments in the admin.conf file
52 * Remove one sql query from user_admin which was not needed.
53 * Instead of a query like "LIKE 'YYYY-MM-DD%'" use "AcctStopTime >= 'YYYY-MM-DD 00:00:00 AND AcctStopTime
54 <= 'YYYY-MM-DD 23:59:59'" which will allow us to use sql indexes better.
55 * Add a few comments in bin/clean_radacct
56 * Add a new script bin/truncate_radacct which will delete all sessions from the radacct table which
57 are older than a configurable number of days
58 * Fix a typo in sql.attrmap. Fix by Evren Yurtesen <eyurtese@turkuamk.fi>
59 * Work even when register_globals if off. Suggestion from Evren Yurtesen <eyurtese@turkuamk.fi>
60 Also add an entry in the FAQ about that.
61 * We don't need ORDER BY GroupName in show_groups.php3 since we have GROUP BY
62 * Use CISCO-POP-MGMT-MIB in snmpfinger instead of CISCO-CALL-HISTORY-MIB. Thanks to
63 Evren Yurtesen <eyurtese@turkuamk.fi> for the suggestion.
64 * Remember a few things in the user_test page. Also add another configuration file directive
65 general_radius_server_auth_proto specifying the default authentication protocol of the radius
67 * Replace single quotes with double quotes in log_badlogins
68 * Add a missing <?php tag. Bug noted by Simon Burns <simon@ababa.org>
69 * Add sql_use_http_credentials configuration directive to connect to the sql database using the http user
70 credentials (that way there can be more than one administrator usernames, each with different privileges
72 * Add more error messages when interacting with the SQL database
73 * Add sql_connect_timeout and sql_extra_servers configuration directives to be used by the log_badlogins script
74 * In log_badlogins create a separate sql input file for each sql server and append sql commands to it. If the
75 sql command succeeds we delete the corresponding input file. That way if an sql server is down we store the
76 accounting info in the input file and then send it all when it comes back up.
77 * Add a directive sql_debug. Add debugging statements in the sql library
78 * Add a directive ldap_debug. Add debugging statements in the ldap library
79 * Add debug statements in the pg driver
80 * In debug, output the sql queries in italic. Refer to enabling debugging in the FAQ
81 * Don't include user_info.php3 in the user_test page.
82 * Make things a little bit more simple in lib/ldap/change_attrs.php3
83 * Fix a small bug in lib/ldap/create_user.php3. Unset the mod array before adding any values to it.
84 * Fix a small problem with debugging
85 * Do a write lock in radacct before truncating it in truncate_radacct
86 * In user_new show a select box with all the available groups. Based on an idea by Karel Stadler (kstadler)
87 * Add a column Admin in the badusers table which will contain the administrator username if that is available
88 * Add two new tables totacct and mtotacct containing per user aggregated statistics for each day and month
89 respectively. Also add two corresponding scripts in the bin folder, tot_stats and monthly_tot_stats. Lastly,
90 create a new page, user_stats.php3 which will show the top users in connections or connections duration based
91 on the data in the totacct table.
92 * Add a few comments in the tot_stats and monthly_tot_stats scripts
93 * Add support for ! in usernames in log_badlogins
94 * Call gethostbyaddr with an @ in front to suppress error messages
95 * Also add support for @ in usernames in log_badlogins
97 * Add a string encoder for greek
98 * If general_decode_normal_attributes is set then encode attributes in lib/ldap/change_info. In the near future
99 language specific user attributes will be added in the change info and new user pages. Remove comments from
100 admin.conf about the change info page not working if this directive is used.
101 * When spliting cn in lib/ldap/create_user.php3 limit the split to 2 new elements not 3.
102 * Fix a few bugs in log_badlogins
103 * Fix a parse error in failed_logins.php3
104 * Fix a bug in lib/defaults.php3 which did not allow the default.vals file to be used correctly
105 * Include password.php3 in lib/ldap/password_check.php3
106 * When searching a user in ldap through the find page only try to find the users which have a uid attribute (username)
107 * Allow selecting a specific access server in the failed logins page
108 * In the user admin page use AcctStartTime not AcctStopTime when calculating usage for the last 7 days
109 * Also show server:port in the user test page (so that it shows when used for server checks)
110 * Now the create user page should work with sql
111 * Make the default general_lib_type sql instead of ldap
113 * Use require_once when including lib/functions.php3 in lib/sql
114 * In the buttons toolbar Edit User should not be clickable.
115 * Add an arrow gif in htdocs/images to be used in the buttons page when adding multiple finger pages
116 * In snmpfinger also consider '-' as a valid character for a username
117 * Add support for realm in username and allow for realm striping in the web pages and in log_badlogins
118 * Add a few more comments in the admin.conf
119 * Update the FAQ with an entry about the Online Users page not showing anything.
120 * Update the FAQ with an entry about sessions.
121 * Allow the user to add extra attributes in the test user page
122 * Add a few comments in log_badlogins, support auth logs containing the password, work nice when the client
123 is localhost, add an option to scan the whole radius.log and add failed logins in the sql database (can be
124 used for initialization).
125 * html fixes in accounting.php3
126 * Fix a problem in user_accounting when NASIPAddress is not set.
127 * Use CISCO-AAA-SESSION-MIB in snmpfinger
128 * In lib/ldap/functions.php3 only ask for the cn attribute in ldap_search not the whole entry. That should make
129 user_finger a lot faster when the user database is in ldap
130 * In lib/functions.php3 pass a second argument to date2timediv with the current time. user_finger calls that
131 function for each online user so we now don't need to do a lot of calls to time() but only one. That should make
132 user_finger somewhat faster.
133 * Fix a small issue with the general_accounting_info_order
134 * Fix a problem in failed_logins when NASIPAddress is not set.
135 * Allow for multiple regular profile attributes in a user entry.
136 * Allow for normal ldap user attributes to be utf8 encoded instead of ascii. Changing attribute values through
137 user_info will not work in that case.
138 * Fix a small bug in lib/ldap/defaults.php3. We should not be using $i in a for() loop but a new variable
139 * Add a comment in admin.conf about ldap server failover
140 * Map a specific username to the directory manager if we are using ldap and http authentication
142 * Small html fixes in user_edit.php3 and password.php3
143 * Show number of failed logins in the last 7 days in the user admin page
144 * Show date in the user/server test page
145 * In config.php3 include a relative admin.conf file not an absolute
146 * Add an entry in the FAQ about php magic quotes
147 * Escape double quotes in attribute values in the user edit page
148 * Fix a bug in lib/sql/change_passwd.php3 when not using operators.
149 Bug report from Sheldon Fougere <sfougere@solutioninc.com>
150 * Add the caller id in the connection status attributes in the show user page
151 * Allow for multiple default values. Also add a generic flag in ldap attrmap. If it exists then the
152 attribute is generic and user values *do not* overwrite default values. The operators in the generic
153 attribute can be used for that. The same is very difficult to implement for sql, so for now user
154 values overwrite default values in sql (user edit page).
155 A lot of code and a lot of files where changed so there may be bugs somewhere.
156 * In the user edit page print a message under the User Password field about if it exists or not. Update
157 the user_info.php3 lib files to check for it.
158 * In lib/ldap/defaults.php3 Dialup-Access should not be added in the default_vals. It is not inherited.
159 * If we are editing a group show a comment that in the radiusd sql module the group tables are evaluated
160 after the user tables. As a result user values should in general overwrite default values.
161 * Add support for the default_user_profile of the sql module in lib/sql/defaults.php3
162 * In sql.attrmap User-Password should map to User-Password, not Password
163 * If an sql attribute is not contained in sql, assume that it has the same name as in dialup_admin and that
164 it is a reply item. Add a comment for that in conf/sql.attrmap.
165 * Change the way radius attributes are read from the sql database. The change should make things somewhat
166 faster. Create a reverse mapping from radius attributes to dialup_admin attributes.
167 * Add a configuration directive called ldap_use_http_credentials. If it is set to yes then we try to
168 connect to the ldap server with the username/password given in http authentication, not those contained
169 in admin.conf. That way multiple admins with different permissions on the ldap tree can work on a single
171 * With the same logic we allow for multiple buttons html pages. We now create a folder html/buttons which
172 by default contains a folder default. If the user logs in with http authentication then we try
173 to open the file html/buttons/<username>/buttons.html.php3. If we can't we open
174 html/buttons/default/buttons.html.php3. That way we can create muiltiple views of say the online users
175 page based on which admin requests the page.
176 * Call config.php3 before outputing any html.
177 * Add sessions in order to cache the various mappings. Add a corresponding configuration directive
178 general_use_session. Also add a session cache destroy page.
179 * Also cache the admin.conf if use_session is set to 1 in config.php3
181 * Remove the auto password generator from the user edit page. It has no meaning since the password is not
183 * In lib/sql/defaults.php3 instead of doing a select for each group the user belongs to, do one select with
184 a where in () caluse.
185 * Also cache the default.vals file.
186 * Update documentation
187 * Only connect and bind to the ldap server if we haven't done that before.
188 * Remove previous change. It was causing problems
189 * In the user test page ignore comments from the auth.request file
190 * Add a new config directive, ldap_write_server. If it is set then when we update the directory we try to
191 connect to that one instead of the ldap_server. That way we can read from the fast read-only replicas and
192 write to a slower master.
193 * Fix a few more bugs
194 * Add a failed logins page, to show the most recent failed logins.
195 * Fix a bug in the failed logins page
196 * Change use of AcctStartTime with AcctStopTime in failed_logins.php3 to match that in user_admin
197 * Fix a bug with failed logins in user_admin.
198 * Add the failed logins page in the buttons page
199 * Add a missing WHERE UserName = '$login' in the UPDATE statement in lib/sql/change_info.php3. Patch by
200 Eddie Bindt <eddieb@users.sourceforge.net>
202 * Update the FAQ about missing attributes from the user/group edit pages and add a few comments
203 in the configuration files
204 * Add support for the Expiration attribute. Add it in the sql attribute map, in user_edit.attrs and
205 check for it in user_admin
206 * Add a few more keys in the userinfo and badusers tables.
207 * Fix a problem with lib/sql/defaults.php3 where the first character in the default value when using
208 operators was set to the opeator
209 * Add a user find page. User can be searched based on the full name, department or RADIUS attribute.
210 The radius attribute should be included in the _user_ profile, not in a group/regular/default profile.
211 * Add support for the user ldap regular profile attribute in user_edit.attrs
212 * Fix a stupid bug in accounting.php3. We should not use the show_attrs array.
214 * Add attributes for the sql group tables in admin.conf. Now SQL group support should really work!
216 * html fixes in show_groups.php3
217 * When reporting sql errors also print the output of da_sql_error
218 * When updating ldap user information don't do an update if the new attribute value
219 is '-' (default value)
220 * Comment out Reply-Message in conf/user_edit.attrs since in sql it maps to the same attribute as
223 * Add Reply-Message in conf/user_edit.attrs so that it appears in the user/group edit pages
224 * Allow the administrator to specify a group in the New User page. Update lib/sql/create_user.php3 to add
225 the user to the specified group
226 * Call user_info.php3 and defaults.php3 in user_new.php3 after creating a user
227 * Only run if $login is not NULL in lib/sql/defaults.php3
228 * In group admin add a button to administer the selected user which will redirect the administrator to the
229 corresponding user_admin page
230 * Add a show_groups.php3 to show all active user groups
232 * Only call user_info.php3 in user_new.php3 when we are creating a user
233 * Fix a bug with personal information attributes in user_new.php3
235 * Add support for groups in SQL. Added several new files and modified a few more.
236 * Default values in SQL are now extracted from the group membership. Added a lib/sql/defaults.php3 file.
237 As a result the default operator is not '=' anymore but whatever we find in the group check and reply tables.
238 * In lib/sql/user_info.php3 set user_exists in more than one places.
239 * Add support for the '=*' and '!*' operators
240 * Added a HELP_WANTED file describing what are the major things missing which people could contribute.
242 * Added a help page for the Session Timeout and Idle Timeout attributes.
243 * The new group page should only be available if the general library type is sql.
244 * Fix a small bug in lib/sql/create_user.php3 where work and home phone were stored in the wrong fields.
245 * Set personal information attributes in lib/sql/user_info.php3 to default values.
246 * Add a page to change the user's personal information. Changed the user toolbar and added htdocs/user_info.php3
247 along with lib/{sql,ldap}/change_info.php3
248 * Print a message if we can't connect to the ldap server in lib/ldap/user_info.php3
249 * Use a textarea for new members in group_admin.php3 and group_new.php3. Update lib/sql/create_group.php3 and
250 lib/sql/group_admin.php3
251 * Set a few more personal information attributes to defaults in lib/sql/user_info.php3
252 * Fix a typo for department
253 * Set personal information attributes to defaults in lib/ldap/user_info.php3
254 * Have adddress and home address in user personal info
255 * Set $user_info in lib/{ldap,sql}/user_info.php3 and only if the user exists and has personal info
256 * Show language attributes only if general_prefered_lang is not 'en'
258 * Add limit of results returned in accounting.php3
259 * Fix a bug in time2strclock() in lib/functions.php3. Seconds ammount more than 9 would not show.
260 Bug noted by Timophey <bcloud@mail.ru>
261 * Reaarange a few things in user_admin. Put Subscription Analysis first and 'Account Status' second. Make a
263 * Change log_badlogins to use the mysql binary instead of the DBI module. That way we don't have any
264 dependencies and we don't need to bother with connection maintainance (dead mysql connections etc).
265 * html fixes in user_finger.php3
266 * Fix a bug in lib/add_badusers.php3 which did not allow inserts in the badusers table.
267 * Make lib/ldap/password_check.php3 behave properly when it is passed a null password
268 * Allow for daily/weekly/monthly limits to be set to none and show correct results in the show user page
269 * Fix a small bug in user_admin.php3.
270 * Pass the whole password as salt in da_encrypt() in password_check.php3
271 * Refresh the online users page every 50 secs. Patch by Alexandre Strube <surak@barroco.com.br>
272 * Check if the last logged in server and client ip are valid before calling gethostbyaddr
273 * If the same attribute appears more than once in the user edit page then show a count of the number of
274 occurences next to the attribute name
275 * Add a server argument to user_finger.php3. If it is set then the page will only show the logged in users
276 in that access server instead of all of them. Update the README with documentation for that fact.
278 * Add general_ld_library_path directive and set LD_LIBRARY_PATH accordingly (used in snmpfinger and
280 * Add general_finger_type directive to determine if we will use snmpfinger in user_finger.php3
281 * Fix a bug in config.php3 when we have a directive containing ':'
282 * Fix a bug in lib/ldap/change_attrs.php3 that did not allow changing more than one value of a
283 multivalued attribute simultaneously.
284 * Added selection of ordering in user_accounting.php3. Now it can be either ascending (older records
285 first) or descending (most recent records first). Added a corresponding configuration directive.
286 * Added operator support in sql. The eq(=),set(:=) and add(+=) operators are supported. Added an
287 sql_use_operators configuration directive. Hope everything works.
288 * Fixed a bug in sql/change_attrs which did not allow multi valued attributes in sql.
289 * unset item_vals before adding info in ldap and sql user_info files.
290 * Add support for the rest of the operators. Created the lib/operators.php3 file containing helper functions
291 * Fix a small bug in log_badlogins. The nas domain should be a variable not hard coded.
292 * Fix a bug in lib/sql/delete_user.php3. Call da_sql_query with the correct arguments
294 * Make user_delete.php3 print something when a user is deleted
295 * Cache nas hostname lookups in user_accounting
297 * Allow for variable expansion in the configuration file. Something like:
298 general_base_dir: /usr/local/dialup_admin
299 general_default_file: %{general_base_dir}/conf/default.vals
300 * Small changes in the README file
301 * A few corrections in the sql drivers
302 * Enlarged the textboxes in the user_edit page
303 * Created a folder help
304 * Added a help page for:
313 * A few bugfixes for the general sql code (typo mistakes mostly)
315 * Deleted a mysql_close from lib/mysql/create_user since we now have persistent sql connections
316 * Removed the select_db() from accounting.php3 since it is not needed
317 * A lot of html changes in accounting.php3
318 * Changed the sql code to be modular. Now under lib we don't have a mysql directory but a sql directory
319 with a directory drivers which contains the database specific functions. As a result all calls to mysql*
320 functions where changed to call da_sql* functions. Right now mysql should work and postgresql *may* work
321 It is not tested though. Hopefully things will come back to being stable in a few days.
322 * Added sql_port and sql_type configuration file directives
324 * Fixed a bug in lib/ldap/change_attrs. When we modify an attribute do an ldap_mod_del($mod) and then a
326 * In accounting.php3 show the attribute description instead of the attribute name.
328 * In lib/ldap/check_password.php3 don't do a user search but use the already available user DN
329 * Remove the language support from the get_user_info() functions. They are only used in the user_finger page
330 * In user_state show weekly usage for the week starting from sunday 00:00, not for the last 7 days
331 * Show upload/download when connected or for the last time the user connected
332 * Fixed a few minor problems with the help and about pages
334 * Fixed a small problem with total upload,download numbers in user_admin
335 * Fixed a major problem in the accounting report generator when adding an attribute check. Now it
337 * Fixed a small bug in lib/mysql/functions.php3. Bug found be galileo@microsky.net
339 * Fixed a few more problems in the mysql code
341 * the help page now prints the README file. It also has a common layout with the other pages
342 * Changed the about page to have a common look with the other pages.
344 * Fixed a few typing mistakes in mysql.attrmap
345 * If the corresponding attribute name (in ldap or mysql) is 'none' then do not
346 edit/add it. Based on a bug report by galileo@microsky.net
347 * Fixed a few errors in lib/attrshow.php3
349 * Added user test page. It will use radclient to send a radius access-request
350 to the radius server and check the response. This page is also used to check
351 that the radius server is working fine. Added user_test.php3 and a few config
353 * Support for multi valued attributes.
354 * Changed cleartext encryption name from none to clear
355 * Renamed the general_sql_row_limit configuration directive to sql_row_limit
358 * Small changes in html code
359 * Small changes in the README file
360 * Fixed a small problem in delete_user from ldap
361 * Removed the Base64 encode since it was causing problems
363 * Changed all ldap_bind() to use the ldap bind DN and password. Should have been
364 the default behaviour
365 * Do a Base64 encode in ldap/change_password.php3 before sending the password to
367 * Added support for module messages in log_badlogins and user_accounting
368 * Updated documentation
370 * Added support for users in mysql database. All bugs are welcome. To activate
371 just use mysql as library_type
372 * Added support for salt in crypt.php3
373 * Added userinfo table to keep information for users (Name,Phone etc). Added two
374 corresponding values in admin.conf
375 * Added mysql.attrmap for mysql support
377 * Added persistent connections for mysql (mysql_pconnect())
379 * Added password change facility in user_edit. Support for multiple
380 password encryption methods
381 * Added user deletion page user_delete.php3 with corresponding ldap lib code
382 * Moved the second user_info.php3 include in user_edit to the correct location. Also
383 used isset instead of == ''
384 * Moved the action toolbar (show,edit,accounting...) into a separate html file
385 * Added the nas model in user_finger.php3
387 * Added the caller id in the finger facility
388 * Changed the start date in the badusers file to 0000
389 * Added the out of quota message in user_admin
390 * fixed a few problems with the html code in user_admin.php3
391 * calculate account status in user_admin for the last week only
392 * Change font color to red if used time > corresponding limit (weekly or daily)
393 * Added the user_stats.php3. It can be used by outside pages to get a quick
394 overview of the status of the user. It will return the following fields
395 separated by new lines:
396 account_status(active or inactive),lock message,weekly limit,daily limit,
397 weekly used,weekly connections,daily used,daily connections
398 * fixed a bug in the subscription analysis in user_admin.php3
399 * calculate weekly used from sunday 00:00:00 when the counters reset
400 * added clean_radacct which will clean radacct entries which have been open
401 for more than a day. It will not do any harm even if it is incorrect since
402 when rlm_sql runs if the update operation fails then it will fall back to
403 insert (see sql.conf)
404 * added log_badlogins. It will continuously read the radius.log file and log
405 to the radacct table all login incorrect and multiple logins with a
406 corresponding acctterminatecause. user_accounting.php3 is already prepared
407 for this (it will show those entries in red)
408 * fix a small bug with null values in change_vals.php3 of the ldap lib
410 * Added the badusers table
411 * Added the default and regular profile from ldap for user_edit
412 * Added the snmpfinger in the finger facility so that it will not
413 relly on the sql database.
414 * Added the new user facility
415 * Added support for the Lock Message facility
416 * Various bug fixes and enhancements
419 * Added the @ sign in the {mysql,ldap}_{open,close} functions so that
420 they don't show error messages
421 * Changed double quotes with single quotes where applicable for performance