Test Form

<%@LANGUAGE="JSCRIPT"%><% //+(tabs=4) // // ACP account control // // Author: Robert B. Denny, DC-3 Dreams, SP // // Description: Provides ACP account control via HTTP-POST requests. // // POST Variables (may be in any order): // // op string requested account operation (see below) // nm string full name // un string login username // pw string password // ci true|false compress images // wu true|false web uploading // ft true|false allow FTP // sx true|false allow execute scripts // ad true|false administrator privileges // // Supported operations: // op=new add new account // op=chg change existing account // op=del delete account // op=ena enable account login // op=dis disable account login + kill user's job // // 11-Apr-08 rbd Initial edit // 09-Jun-10 rbd Fix UserClass.write() for test if user data exists // 31-Mar-21 rbd GEM: 1558 Don't create obsolete UserData folders, and // remove any old ones encountered when deleting an account. // ====== // ACTION // ====== if(Request.ServerVariables("REQUEST_METHOD").toLowerCase() != "post") { // Serve a test form if not a post %> Test Form

ACP Account Control Test Form

<% } else { // ======================= // POST - DO THE REAL WORK // ======================= // ======= // GLOBALS // ======= var e400 = "400 Bad Request"; var e403 = "403 Forbidden"; var e500 = "500 Server Error"; var rkUsers = "HKLM\\Software\\Denny\\ACP\\Users\\"; var rkUserData = "HKLM\\Software\\Denny\\ACP\\UserData\\"; var fso = new ActiveXObject("Scripting.FileSystemObject"); // Windows file control var shl = new ActiveXObject("WScript.Shell"); // For Windows registry access // ========== // USER CLASS // ========== var userClass = function(un) { // Safe to call if this already exists. Will assure ASP files are there function _createUserFolder(un, fldName) { var fldPath = Server.MapPath("/" + fldName + "/" + un + "/"); if (!fso.FolderExists(fldPath)) fso.CreateFolder(fldPath); // Populate with copies of ASP files in parent var e = new Enumerator(fso.GetFolder(fso.GetParentFolderName(fldPath)).Files); for(; !e.atEnd(); e.moveNext()) { fso.CopyFile(e.item().Path, fldPath + e.item().Name, true); // Make it OK if it exists } } function _deleteUserFolder(un, fldName) { var fldPath = Server.MapPath("/" + fldName + "/" + un); fso.DeleteFolder(fldPath); } // Prevent bad flag strings in fromFormData() function _safeBool(fn) { return (Request(fn) == "true" ? "true" : "false"); } this.read = function() { var raw, bits; try { raw = shl.RegRead(rkUsers + this.username); } catch(ex) { return false; // No such user } bits = raw.split("|"); this.name = bits[0]; this.password = bits[2]; this.compFiles = bits[7]; this.webUpload = bits[3]; this.canFTP = bits[5]; this.uplScripts = bits[4]; this.admin = bits[6]; this.disabled = bits[8]; return true; } this.fromFormData = function () { this.username = Request("un"); this.name = Request("nm"); this.password = Request("pw"); this.compFiles = _safeBool("ci"); this.webUpload = _safeBool("wu"); this.canFTP = _safeBool("ft"); this.uplScripts = _safeBool("sx"); this.admin = _safeBool("ad"); } this.write = function () { var raw = this.name + "|"; raw += this.username + "|"; raw += this.password + "|"; raw += this.webUpload + "|"; raw += this.uplScripts + "|"; raw += this.canFTP + "|"; raw += this.admin + "|"; raw += this.compFiles + "|"; raw += this.disabled; shl.RegWrite(rkUsers + this.username, raw); _createUserFolder(this.username, "images"); _createUserFolder(this.username, "logs"); _createUserFolder(this.username, "plans"); } this.delete_ = function () { try { shl.RegDelete(rkUserData + this.username + "\\"); // Remove old outdated UserData folder if present } catch( ex ) { } shl.RegDelete(rkUsers + this.username); _deleteUserFolder(this.username, "images"); _deleteUserFolder(this.username, "logs"); _deleteUserFolder(this.username, "plans"); } // Construction this.username = un; this.name = ""; this.password = ""; this.compFiles = "false"; this.webUpload = "false"; this.canFTP = "false"; this.uplScripts = "false"; this.admin = "false"; this.disabled = "false"; //------------------------ this.exists = this.read(); //------------------------ } // UserClass // ========= // FUNCTIONS // ========= // ---------------- // Helper functions // ---------------- // ------------------------------------------------------------------------ // retError() - Send back an error response, ending the request. // // Never returns. // ------------------------------------------------------------------------ function retError(status, msg) { Response.Clear(); Response.Status = status; Response.ContentType = "text/plain"; Response.Write(status + "\r\n"); Response.Write(msg + "\r\n"); Response.End(); } // ------------------------------------------------------------------------ // valData() - Validate that a post variable is present and non-blank // // Sends HTTP 400 error and quits if field missing. // ------------------------------------------------------------------------ function valData(fldNames) { var bits = fldNames.split(","); for(var i in bits) { if(Request(bits[i]) === "") retError(e400, "Missing field \"" + bits[i] + "\""); } } // ---------------- // Action Functions // ---------------- // ------------------------------------------------------------------------ // addAcct() - Add a new user account // ------------------------------------------------------------------------ function addAcct() { valData("un,nm,pw"); var U = new userClass(Request("un")); if(U.exists) retError(e400, "Account for " + Request("un") + " already exists."); U.fromFormData(); U.write(); } // ------------------------------------------------------------------------ // chgAcct() - Add a new user account // un identifies account, un cannot be changed! // ------------------------------------------------------------------------ function chgAcct() { valData("un,nm,pw"); var U = new userClass(Request("un")); if(!U.exists) retError(e400, "Account for " + Request("un") + " not found."); U.fromFormData(); U.write(); } // ------------------------------------------------------------------------ // delAcct() - Delete a user account // un identifies account // ------------------------------------------------------------------------ function delAcct() { valData("un"); var U = new userClass(Request("un")); if(!U.exists) retError(e400, "Account for " + Request("un") + " not found."); U.delete_(); } // ------------------------------------------------------------------------ // enaAcct() - Enable/Disable a user account for login // ------------------------------------------------------------------------ function enaAcct(enable) { valData("un"); var U = new userClass(Request("un")); if(!U.exists) retError(e400, "Account for " + Request("un") + " not found."); U.disabled = enable ? "false" : "true"; U.write(); // If disabling, kill any current observing job if belongs to user if(!enable && Util.ScriptActive && Lock.Locked && Lock.Username == Request("un")) { Util.Console.PrintLine("**ACCOUNT DISABLED - RUN WAS STOPPED BY SYSTEM**"); Util.AbortScript(); } } // ==== // MAIN // ==== if(!User.IsAdministrator) retError(e403, "Access allowed only for administrators."); // Ends Response (typ.) valData("un"); if(Request("un") == "localweb" || Request("un") == "local_user") retError(e403, "Access to account " + Request("un") + " is prohibited."); var succMsg; // Error trapping dispatcher try { switch(Request("op")) { case "new": addAcct(); succMsg = "created"; break; case "chg": chgAcct(); succMsg = "updated"; break; case "del": delAcct(); succMsg = "deleted"; break; case "ena": enaAcct(true); succMsg = "enabled"; break; case "dis": enaAcct(false); succMsg = "disabled"; break; default: retError(e400, Request("op") + " is not a valid opcode"); } } catch(ex) { retError(e500, (ex.message ? ex.message : ex)); } Response.ContentType = "text/plain"; Response.Status = "200 OK"; Response.Write("Account " + succMsg + " successfully."); } // End of POST block %>