#!/bin/sh /etc/rc.common
START=20
####### Error code table
#101: ERROR: User profile is refered by other functions, deletion is not permitted
#102: ERROR: User profile:[$t] is a reserved name, please use other names

UCI_CONFIG="appuser"

FTP_SETACTION="ls"
SMB_SETACTION="smbpasswd"

FTP_DELACTION="ls"

PAP_SECRET="/etc/ppp/pap-secrets"
CHAP_SECRET="/etc/ppp/chap-secrets"
PAP_SECRET_L2TP="/etc/ppp/pap-secrets-l2tp"
CHAP_SECRET_L2TP="/etc/ppp/chap-secrets-l2tp"
PAP_SECRET_PPPOE="/etc/ppp/pap-secrets-pppoe"
CHAP_SECRET_PPPOE="/etc/ppp/chap-secrets-pppoe"
PAP_SECRET_SSLTUNNEL="/etc/ppp/pap-secrets-ssltunnel"
CHAP_SECRET_SSLTUNNEL="/etc/ppp/chap-secrets-ssltunnel"

SSLTUNNEL_PAPCONFIG=$PAP_SECRET_SSLTUNNEL
PPPOE_PAPCONFIG=$PAP_SECRET_PPPOE
L2TP_PAPCONFIG=$PAP_SECRET_L2TP
PPTP_PAPCONFIG=$PAP_SECRET

SSLTUNNEL_CHAPCONFIG=$CHAP_SECRET_SSLTUNNEL
PPPOE_CHAPCONFIG=$CHAP_SECRET_PPPOE
L2TP_CHAPCONFIG=$CHAP_SECRET_L2TP
PPTP_CHAPCONFIG=$CHAP_SECRET

OPENVPN_CONFIG="/etc/openvpn/psw-file"

SMB_DELACTION="smbpasswd -del"

SCRIPT_LOCK="/tmp/web_apply_lock/appuser"
CGI_ERROR_MSG="/tmp/cgi_error_msg"
RESERVED_NAME="root admin"

useradd() {
	#20120504 Modified, Boham
	# $1=username $2=password $3=group
	adduser -h /tmp -G $3 -D $1 -s /usr/bin/clish
	(echo $2;sleep 1;echo $2; sleep 1)|(passwd $1 >/dev/null 2>&1)	
}

usermod() {
	userdelete $1 
	useradd $1 $2 $3 	
}	

userdelete() {
	deluser $1
}

boot() {
	mkdir -p /tmp/profile_backup/user_mgt
	start
}

start() {	
	echo -n >/tmp/all_local_user_name
	appuser_booting_program $UCI_CONFIG
}





apply() {

#echo -n "appuser apply start "  >>/tmp/apply_dur.log 2>&1
#cat /proc/uptime >> /tmp/apply_dur.log 2>&1

##### CREATE A NEW USER ###################################################################################################
    new=`uci fchanges new $UCI_CONFIG`
	for t in $new; do
		##prevent to create reserved names:
		for name in $RESERVED_NAME ;do
			if [ "$t" = "$name" ] ;then
				echo -n "ERROR: User profile:[$t] is a reserved name, please use other names." >$CGI_ERROR_MSG
				uci revert $UCI_CONFIG.$t
				exit 102
			fi
		done
		
		#G43803:replace '^' in username to '.'
		replaced_name=`echo $t |tr '^' '.'`
		
		ipset -N usr_$t iphash
		echo "$t" >>/tmp/all_local_user_name
		
		pass=`uci get $UCI_CONFIG.$t.pass`
		l2tp=`uci get $UCI_CONFIG.$t.l2tp`
		pptp=`uci get $UCI_CONFIG.$t.pptp`
		pppoe=`uci get $UCI_CONFIG.$t.pppoe`
		ssltunnel=`uci get $UCI_CONFIG.$t.ssltunnel`
		openvpn=`uci get $UCI_CONFIG.$t.openvpn`
        pptpif=`uci get $UCI_CONFIG.$t.pptpif`
		fixip=`uci get $UCI_CONFIG.$t.fixip`
		smb=`uci get $UCI_CONFIG.$t.smb`
		ftp=`uci get $UCI_CONFIG.$t.ftp`
		sysuser=`uci get $UCI_CONFIG.$t.sysuser`
		usemotp=`uci get $UCI_CONFIG.$t.usemotp`
		motp_pin=`uci get $UCI_CONFIG.$t.motp_pin`
		motp_secret=`uci get $UCI_CONFIG.$t.motp_secret`
		quota_time=`uci get $UCI_CONFIG.$t.quota_time`	#pppoe time quota
		time_used=`uci get $UCI_CONFIG.$t.time_used`
		quota_traffic=`uci get $UCI_CONFIG.$t.quota_traffic`
		traffic_used=`uci get $UCI_CONFIG.$t.traffic_used`
		user_set_time_quota=`uci get $UCI_CONFIG.$t.user_set_time_quota`

		uci set $UCI_CONFIG.$t.time_proportion=$time_used/$quota_time
		uci set $UCI_CONFIG.$t.traffic_proportion=$traffic_used/$quota_traffic

		state=`uci get $UCI_CONFIG.$t.state`
		[ "$state" = "disable" ] && continue

		if [ "$pptp" = "enable" ] || [ "$l2tp" = "enable" ] || [ "$pppoe" = "enable" ] || [ "$openvpn" = "enable" ] || [ "$ssltunnel" = "enable" ] ;then
			if [ "$usemotp" = "enable" ] ;then
				json set appuser.$t usemotp=1 motp_pin=$motp_pin motp_secret=$motp_secret
				if [ "$fixip" = "" ]; then
					if [ "$pptp" = "enable" ]; then
						echo "$replaced_name * $motp_secret *" >> $PPTP_CHAPCONFIG
						echo "$replaced_name * $motp_secret *" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$replaced_name * $motp_secret *" >> $L2TP_CHAPCONFIG
						echo "$replaced_name * $motp_secret *" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$replaced_name * $motp_secret *" >> $PPPOE_CHAPCONFIG
						echo "$replaced_name * $motp_secret *" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$replaced_name * $motp_secret *" >> $SSLTUNNEL_CHAPCONFIG
						echo "$replaced_name * $motp_secret *" >> $SSLTUNNEL_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$replaced_name $pass" >> $OPENVPN_CONFIG
					fi
				else
					if [ "$pptp" = "enable" ]; then
						echo "$replaced_name * $motp_secret $fixip" >> $PPTP_CHAPCONFIG
						echo "$replaced_name * $motp_secret $fixip" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$replaced_name * $motp_secret $fixip" >> $L2TP_CHAPCONFIG
						echo "$replaced_name * $motp_secret $fixip" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$replaced_name * $motp_secret $fixip" >> $PPPOE_CHAPCONFIG
						echo "$replaced_name * $motp_secret $fixip" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$replaced_name * $motp_secret $fixip" >> $SSLTUNNEL_CHAPCONFIG
						echo "$replaced_name * $motp_secret $fixip" >> $SSLTUNNEL_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$replaced_name $pass" >> $OPENVPN_CONFIG
					fi
				fi
			else
				json set appuser.$t usemotp=0 motp_pin= motp_secret=
				if [ "$fixip" = "" ]; then
					if [ "$pptp" = "enable" ]; then
						echo "$replaced_name * $pass *" >> $PPTP_CHAPCONFIG
						echo "$replaced_name * $pass *" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$replaced_name * $pass *" >> $L2TP_CHAPCONFIG
						echo "$replaced_name * $pass *" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$replaced_name * $pass *" >> $PPPOE_CHAPCONFIG
						echo "$replaced_name * $pass *" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$replaced_name * $pass *" >> $SSLTUNNEL_CHAPCONFIG
						echo "$replaced_name * $pass *" >> $SSLTUNNEL_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$replaced_name $pass" >> $OPENVPN_CONFIG
					fi
				else
					if [ "$pptp" = "enable" ]; then
						echo "$replaced_name * $pass $fixip" >> $PPTP_CHAPCONFIG
						echo "$replaced_name * $pass $fixip" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$replaced_name * $pass $fixip" >> $L2TP_CHAPCONFIG
						echo "$replaced_name * $pass $fixip" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$replaced_name * $pass $fixip" >> $PPPOE_CHAPCONFIG
						echo "$replaced_name * $pass $fixip" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$replaced_name * $pass $fixip" >> $SSLTUNNEL_CHAPCONFIG
						echo "$replaced_name * $pass $fixip" >> $SSLTUNNEL_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$replaced_name $pass" >> $OPENVPN_CONFIG
					fi
				fi
			fi
			json set pptp.$t ifname=$pptpif
		else
			json set appuser.$t usemotp=0 motp_pin= motp_secret=
		fi
	
		[ "$sysuser" = "true" ] && {
			group=`uci get $UCI_CONFIG.$t.group`
			useradd $replaced_name $pass $group
			[ "$ftp" = "enable" ]  && {
				$FTP_SETACTION $t $pass
			}
			[ "$smb" = "enable" ]  && {
				$SMB_SETACTION $t $pass
			}
		}
		##G44299: delete usage-time-expired records
		#mkdir /tmp/profile_backup/user_mgt/$t
		#touch /tmp/profile_backup/user_mgt/$t/utime_expired_ip
		uci set appuser.$t.user_remain_time_quota=$user_set_time_quota
	done
	
##### DELETE AN USER ###################################################################################################
	delete=`uci fchanges delete $UCI_CONFIG`
	for t in $delete; do
		#G43803:replace '^' in username to '.'
		replaced_name=`echo $t |tr '^' '.'`
		
		#If user profile is deleted, remove user's IP
		user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
		for ip in $user_logined_ip ;do
			ipset -D logined_user_ip $ip
		done
		
		ipset -X usr_$t 2>/dev/null
		[ "$?" = "0" ] || {
			echo -n "ERROR: User profile:[$t] is refered by other places, deletion is not permitted. Please remove the references before deletion" >$CGI_ERROR_MSG
			uci revert $UCI_CONFIG.$t
			#revert if deletion is not permitted
			for ip in $user_logined_ip ;do
				ipset -A logined_user_ip $ip
			done
			exit 101
		}
		usemotp=`uci oget $UCI_CONFIG.$t.usemotp`
		if [ "$usemotp" = "enable" ] ;then
			motp_secret=`uci oget $UCI_CONFIG.$t.motp_secret`
			sed -i "/^$replaced_name \* $motp_secret/d" $PPTP_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $PPTP_CHAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $L2TP_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $L2TP_CHAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $PPPOE_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $PPPOE_CHAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $SSLTUNNEL_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret/d" $SSLTUNNEL_CHAPCONFIG
		else
			pass=`uci oget $UCI_CONFIG.$t.pass`
			sed -i "/^$replaced_name \* $pass/d" $PPTP_PAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $PPTP_CHAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $L2TP_PAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $L2TP_CHAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $PPPOE_PAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $PPPOE_CHAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $SSLTUNNEL_PAPCONFIG
			sed -i "/^$replaced_name \* $pass/d" $SSLTUNNEL_CHAPCONFIG
			sed -i "/^$replaced_name $pass/d" $OPENVPN_CONFIG
		fi
		
		json delete appuser.$t
		json delete pptp.$t.ifname
		
		userdelete $replaced_name
		$FTP_DELACTION $t
		$SMB_DELACTION $t  
		
		sed -i '/'"$t"'/d' /tmp/all_local_user_name
		#Only remove records which is authenticated by LOCAL(USER_LOCAL=0)
		sed -i "/^$t 0/d" /var/ubf_record
		
		#delete it from related user group
		usrgrp_temp=`uci filter appuser_group member $t`
		[ -n "$usrgrp_temp" ] && {
			for item in $usrgrp_temp; do
				#echo "appuser: delete user:$t from group:$item" >/dev/console
				ipset -D usr_grp_$item usr_$t
				uci delete appuser_group.$item.member=$t
			done
			uci commit appuser_group
		}
		##G44299: delete usage-time-expired records
		rm -rf /tmp/profile_backup/user_mgt/$t
		
		##Remove all session cookies of this user
		session_list=`json -f /var/ubf_session.json show |grep "username=$t" |cut -d'.' -f 1`
		for session in $session_list ;do
			usertype=`json -f /var/ubf_session.json get $session.auth`
			[ "$usertype" = "0" ] && json -f /var/ubf_session.json delete $session
		done
	done
	
##### MODIFY AN USER ###################################################################################################
	modify=`uci fchanges modify $UCI_CONFIG`
	for t in $modify; do
		#G43803:replace '^' in username to '.'
		replaced_name=`echo $t |tr '^' '.'`
		user=$t
		state=`uci get $UCI_CONFIG.$t.state`
		pass_old=`uci oget $UCI_CONFIG.$t.pass`
		pass_new=`uci get $UCI_CONFIG.$t.pass`
		l2tp=`uci get $UCI_CONFIG.$t.l2tp`
		pptp=`uci get $UCI_CONFIG.$t.pptp`
		pppoe=`uci get $UCI_CONFIG.$t.pppoe`
		ssltunnel=`uci get $UCI_CONFIG.$t.ssltunnel`
		openvpn=`uci get $UCI_CONFIG.$t.openvpn`
        pptpif=`uci get $UCI_CONFIG.$t.pptpif`
		fixip=`uci get $UCI_CONFIG.$t.fixip`
		ftp=`uci get $UCI_CONFIG.$t.ftp`
		smb=`uci get $UCI_CONFIG.$t.smb`
		sysuser=`uci get $UCI_CONFIG.$t.sysuser`
		usemotp=`uci get $UCI_CONFIG.$t.usemotp`
		motp_pin=`uci get $UCI_CONFIG.$t.motp_pin`
		motp_secret=`uci get $UCI_CONFIG.$t.motp_secret`
		usemotp_old=`uci oget $UCI_CONFIG.$t.usemotp`
		quota_time=`uci get $UCI_CONFIG.$t.quota_time`
		time_used=`uci get $UCI_CONFIG.$t.time_used`
		quota_traffic=`uci get $UCI_CONFIG.$t.quota_traffic`
		traffic_used=`uci get $UCI_CONFIG.$t.traffic_used`
		user_set_time_quota=`uci get $UCI_CONFIG.$t.user_set_time_quota`

		uci set $UCI_CONFIG.$t.time_proportion=$time_used/$quota_time
		uci set $UCI_CONFIG.$t.traffic_proportion=$traffic_used/$quota_traffic

		[ "$sysuser" = "true" -a "$state" = "enable" ] && {
			group=`uci get $UCI_CONFIG.$t.group`
			usermod $replaced_name $pass_new $group
			[ "$ftp" = "enable" ]  && {
			$FTP_SETACTION $user $pass_new
			}
			[ "$ftp" = "disable" ]  && {
			$FTP_DELACTION $user
			}
			[ "$smb" = "enable" ]  && {
			$SMB_SETACTION $user $pass_new
			}
			[ "$smb" = "disable" ]  && {
			$SMB_DELACTION $user
			}
		}
		
		[ "$sysuser" = "false" -o "$state" = "disable" ] && {
			userdelete $replaced_name
			$FTP_DELACTION $user
			$SMB_DELACTION $user 
		}

		##### DELETE PART ##############################################################################################
		if [ "$usemotp_old" = "enable" ] ;then
			motp_secret_old=`uci oget $UCI_CONFIG.$t.motp_secret`
			sed -i "/^$replaced_name \* $motp_secret_old/d" $PPTP_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $PPTP_CHAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $L2TP_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $L2TP_CHAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $PPPOE_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $PPPOE_CHAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $SSLTUNNEL_PAPCONFIG
			sed -i "/^$replaced_name \* $motp_secret_old/d" $SSLTUNNEL_CHAPCONFIG
		else
			sed -i "/^$replaced_name \* $pass_old/d" $PPTP_PAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $PPTP_CHAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $L2TP_PAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $L2TP_CHAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $PPPOE_PAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $PPPOE_CHAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $SSLTUNNEL_PAPCONFIG
			sed -i "/^$replaced_name \* $pass_old/d" $SSLTUNNEL_CHAPCONFIG
			sed -i "/^$replaced_name $pass_old/d" $OPENVPN_CONFIG
		fi
		
		##### ADD PART #################################################################################################
		if [ "$state" = "enable" ]; then
			if [ "$pptp" = "enable" ] || [ "$l2tp" = "enable" ] || [ "$pppoe" = "enable" ] || [ "$openvpn" = "enable" ] || [ "$ssltunnel" = "enable" ] ;then
				if [ "$usemotp" = "enable" ] ;then
					json set appuser.$t usemotp=1 motp_pin=$motp_pin motp_secret=$motp_secret
					if [ "$fixip" = "" ]; then
						if [ "$pptp" = "enable" ]; then
							echo "$replaced_name * $motp_secret *" >> $PPTP_CHAPCONFIG
							echo "$replaced_name * $motp_secret *" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$replaced_name * $motp_secret *" >> $L2TP_CHAPCONFIG
							echo "$replaced_name * $motp_secret *" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$replaced_name * $motp_secret *" >> $PPPOE_CHAPCONFIG
							echo "$replaced_name * $motp_secret *" >> $PPPOE_PAPCONFIG
						fi
						if [ "$ssltunnel" = "enable" ]; then
							echo "$replaced_name * $motp_secret *" >> $SSLTUNNEL_CHAPCONFIG
							echo "$replaced_name * $motp_secret *" >> $SSLTUNNEL_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$replaced_name $pass_new" >> $OPENVPN_CONFIG
						fi
					else
						if [ "$pptp" = "enable" ]; then
							echo "$replaced_name * $motp_secret $fixip" >> $PPTP_CHAPCONFIG
							echo "$replaced_name * $motp_secret $fixip" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$replaced_name * $motp_secret $fixip" >> $L2TP_CHAPCONFIG
							echo "$replaced_name * $motp_secret $fixip" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$replaced_name * $motp_secret $fixip" >> $PPPOE_CHAPCONFIG
							echo "$replaced_name * $motp_secret $fixip" >> $PPPOE_PAPCONFIG
						fi
						if [ "$ssltunnel" = "enable" ]; then
							echo "$replaced_name * $motp_secret $fixip" >> $SSLTUNNEL_CHAPCONFIG
							echo "$replaced_name * $motp_secret $fixip" >> $SSLTUNNEL_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$replaced_name $pass_new" >> $OPENVPN_CONFIG
						fi
					fi
				else
					json set appuser.$t usemotp=0 motp_pin= motp_secret=
					if [ "$fixip" = "" ]; then
						if [ "$pptp" = "enable" ]; then
							echo "$replaced_name * $pass_new *" >> $PPTP_CHAPCONFIG
							echo "$replaced_name * $pass_new *" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$replaced_name * $pass_new *" >> $L2TP_CHAPCONFIG
							echo "$replaced_name * $pass_new *" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$replaced_name * $pass_new *" >> $PPPOE_CHAPCONFIG
							echo "$replaced_name * $pass_new *" >> $PPPOE_PAPCONFIG
						fi
						if [ "$ssltunnel" = "enable" ]; then
							echo "$replaced_name * $pass_new *" >> $SSLTUNNEL_CHAPCONFIG
							echo "$replaced_name * $pass_new *" >> $SSLTUNNEL_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$replaced_name $pass_new" >> $OPENVPN_CONFIG
						fi
					else
						if [ "$pptp" = "enable" ]; then
							echo "$replaced_name * $pass_new $fixip" >> $PPTP_CHAPCONFIG
							echo "$replaced_name * $pass_new $fixip" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$replaced_name * $pass_new $fixip" >> $L2TP_CHAPCONFIG
							echo "$replaced_name * $pass_new $fixip" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$replaced_name * $pass_new $fixip" >> $PPPOE_CHAPCONFIG
							echo "$replaced_name * $pass_new $fixip" >> $PPPOE_PAPCONFIG
						fi
						if [ "$ssltunnel" = "enable" ]; then
							echo "$replaced_name * $pass_new $fixip" >> $SSLTUNNEL_CHAPCONFIG
							echo "$replaced_name * $pass_new $fixip" >> $SSLTUNNEL_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$replaced_name $pass_new" >> $OPENVPN_CONFIG
						fi
					fi
				fi
				json set pptp.$t ifname=$pptpif
			else
				json set appuser.$t usemotp=0 motp_pin= motp_secret=
			fi
		fi
		
		sed -i "/^$t 0/d" /var/ubf_record
		
		#reset related record of the user profile, even the user is logined
		user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
		for ip in $user_logined_ip ;do
			ipset -D logined_user_ip $ip
		done
		
		ipset -F usr_$t
		
		#G40542: reset login limit 
		json set appuser.$t.login_count=0
		
		##Reset account Expiration
		#uci set appuser.$t.expire_status=Valid
		#json set appuser.$t expire=
		
		uci set appuser.$t.user_remain_time_quota=$user_set_time_quota
		
		##Remove all session cookies of this user
		session_list=`json -f /var/ubf_session.json show |grep "username=$t" |cut -d'.' -f 1`
		for session in $session_list ;do
			usertype=`json -f /var/ubf_session.json get $session.auth`
			[ "$usertype" = "0" ] && json -f /var/ubf_session.json delete $session
		done
	done
##### COMMIT CONFIG ###################################################################################################
	uci commit $UCI_CONFIG
	cp /etc/passwd /etc/persistence/data/passwd
	cp /etc/persistence/data/group /etc/persistence/data/group_backup
	cp /etc/persistence/data/passwd /etc/persistence/data/passwd_backup

	#echo -n "appuser apply end "  >>/tmp/apply_dur.log 2>&1
	#cat /proc/uptime >> /tmp/apply_dur.log 2>&1
}
