#!/bin/sh /etc/rc.common
START=20

. /etc/ref_update_mapping
. /etc/cgi_dialog19_api

####### Error code table
#101: Object deletion dialog box
#102: ERROR: User profile:[$t] is a reserved name, please use other names

UCI_CONFIG="appuser"

FTP_SETACTION="ls"
SMB_SETACTION="smbpasswd"

FTP_DELACTION="ls"

PAP_SECRET="/etc/ppp/pap-secrets"
CHAP_SECRET="/etc/ppp/chap-secrets"
PAP_SECRET_L2TP="/etc/ppp/pap-secrets-l2tp"
CHAP_SECRET_L2TP="/etc/ppp/chap-secrets-l2tp"
PAP_SECRET_PPPOE="/etc/ppp/pap-secrets-pppoe"
CHAP_SECRET_PPPOE="/etc/ppp/chap-secrets-pppoe"
PAP_SECRET_SSLTUNNEL="/etc/ppp/pap-secrets-ssltunnel"
CHAP_SECRET_SSLTUNNEL="/etc/ppp/chap-secrets-ssltunnel"

SSLTUNNEL_PAPCONFIG=$PAP_SECRET_SSLTUNNEL
PPPOE_PAPCONFIG=$PAP_SECRET_PPPOE
L2TP_PAPCONFIG=$PAP_SECRET_L2TP
PPTP_PAPCONFIG=$PAP_SECRET

SSLTUNNEL_CHAPCONFIG=$CHAP_SECRET_SSLTUNNEL
PPPOE_CHAPCONFIG=$CHAP_SECRET_PPPOE
L2TP_CHAPCONFIG=$CHAP_SECRET_L2TP
PPTP_CHAPCONFIG=$CHAP_SECRET

OPENVPN_CONFIG="/etc/openvpn/psw-file"

SMB_DELACTION="smbpasswd -del"

SCRIPT_LOCK="/tmp/web_apply_lock/appuser"
#CGI_ERROR_MSG="/tmp/cgi_error_msg"
RESERVED_NAME="root admin"
sys_uptime=`cat /proc/uptime | awk 'FS="[.]+" {print $1}'`
BATCH_DEREF_FILE="/tmp/obj_de_ref/${UCI_CONFIG}_$$_$sys_uptime"
dtime=`date +%Y/%m/%d-%H:%M:%S`
DBG_PRINT() {
	echo "[$UCI_CONFIG][$dtime] $1" > /dev/console
	return
}

useradd() {
	#20120504 Modified, Boham
	# $1=username $2=password $3=group
	adduser -h /tmp -G $3 -D $1 -s /usr/bin/clish
	(echo $2;sleep 1;echo $2; sleep 1)|(passwd $1 >/dev/null 2>&1)	
}

usermod() {
	userdelete $1 
	useradd $1 $2 $3 	
}	

userdelete() {
	deluser $1
}

boot() {
	#mkdir -p /tmp/profile_backup/user_mgt
	start
}

start() {	
	echo -n >/tmp/all_local_user_name
	appuser_booting_program $UCI_CONFIG
	#check if version upgrade was done by appuser_booting_program
	chgobj=`uci fchanges all $UCI_CONFIG`
	[ -n "$chgobj" ] && uci commit $UCI_CONFIG
	
}

new_appuser_apply() {
	t="$1"
	##prevent to create reserved names:
	for name in $RESERVED_NAME ;do
		if [ "$t" = "$name" ] ;then
			echo -n "[$t] is a reserved name, please use other names." >>$CGI_ERROR_MSG
			uci revert $UCI_CONFIG.$t
			exit 102
		fi
	done
	
	#G43803: rollback '^' in username to original character '.'
	orig_name=`echo $t |tr '^' '.'`
	
	ipset -N usr_$t iphash
	echo "$t" >>/tmp/all_local_user_name
	
	pass=`uci get $UCI_CONFIG.$t.pass`
	l2tp=`uci get $UCI_CONFIG.$t.l2tp`
	pptp=`uci get $UCI_CONFIG.$t.pptp`
	pppoe=`uci get $UCI_CONFIG.$t.pppoe`
	ssltunnel=`uci get $UCI_CONFIG.$t.ssltunnel`
	pptpif=`uci get $UCI_CONFIG.$t.pptpif`
	fixip=`uci get $UCI_CONFIG.$t.fixip`
	sysuser=`uci get $UCI_CONFIG.$t.sysuser`
	usemotp=`uci get $UCI_CONFIG.$t.usemotp`
	motp_pin=`uci get $UCI_CONFIG.$t.motp_pin`
	motp_secret=`uci get $UCI_CONFIG.$t.motp_secret`
	quota_time=`uci get $UCI_CONFIG.$t.quota_time`	#pppoe time quota
	time_used=`uci get $UCI_CONFIG.$t.time_used`
	quota_traffic=`uci get $UCI_CONFIG.$t.quota_traffic`
	traffic_used=`uci get $UCI_CONFIG.$t.traffic_used`
	user_set_time_quota=`uci get $UCI_CONFIG.$t.user_set_time_quota`
	vsftpd_status=`uci get $UCI_CONFIG.$t.vsftpd_status`
	#no used
	#smb=`uci get $UCI_CONFIG.$t.smb`
	#ftp=`uci get $UCI_CONFIG.$t.ftp`
	#openvpn=`uci get $UCI_CONFIG.$t.openvpn`
	
	uci set $UCI_CONFIG.$t.time_proportion=$time_used/$quota_time
	uci set $UCI_CONFIG.$t.traffic_proportion=$traffic_used/$quota_traffic
	
	if [ "$vsftpd_status" = "enable" ]; then
		ftp_username=`uci get appuser.$t.shown_name`
		uci set ftp_userconfig.$t=profile
		uci set ftp_userconfig.$t.shown_name=$ftp_username
		uci set ftp_userconfig.$t.volume=''
		uci set ftp_userconfig.$t.path='/'
		#uci set ftp_userconfig.$t.access_right=''
		uci commit ftp_userconfig
		passwd=`uci get appuser.$t.pass`
		touch /tmp/"$t"_pwfile
		echo $passwd > /tmp/"$t"_pwfile
		echo $passwd >> /tmp/"$t"_pwfile
		pure-pw useradd $ftp_username -u pure_ftpd_user -d /dev/null < /tmp/"$t"_pwfile
		rm -rf /tmp/"$t"_pwfile
		pure-pw mkdb
	fi
	state=`uci get $UCI_CONFIG.$t.state`
	[ "$state" = "disable" ] && continue

	if [ "$pptp" = "enable" ] || [ "$l2tp" = "enable" ] || [ "$pppoe" = "enable" ] || [ "$ssltunnel" = "enable" ] ;then
		if [ "$usemotp" = "enable" ] ;then
			json set appuser.$t usemotp=1 motp_pin=$motp_pin motp_secret=$motp_secret
			if [ "$fixip" = "" ]; then
				if [ "$pptp" = "enable" ]; then
					echo "$orig_name * $motp_secret *" >> $PPTP_CHAPCONFIG
					echo "$orig_name * $motp_secret *" >> $PPTP_PAPCONFIG
				fi
				if [ "$l2tp" = "enable" ]; then
					echo "$orig_name * $motp_secret *" >> $L2TP_CHAPCONFIG
					echo "$orig_name * $motp_secret *" >> $L2TP_PAPCONFIG
				fi
				if [ "$pppoe" = "enable" ]; then
					echo "$orig_name * $motp_secret *" >> $PPPOE_CHAPCONFIG
					echo "$orig_name * $motp_secret *" >> $PPPOE_PAPCONFIG
				fi
				if [ "$ssltunnel" = "enable" ]; then
					echo "$orig_name * $motp_secret *" >> $SSLTUNNEL_CHAPCONFIG
					echo "$orig_name * $motp_secret *" >> $SSLTUNNEL_PAPCONFIG
				fi
				#if [ "$openvpn" = "enable" ]; then
				#	echo "$orig_name $pass" >> $OPENVPN_CONFIG
				#fi
			else
				if [ "$pptp" = "enable" ]; then
					echo "$orig_name * $motp_secret $fixip" >> $PPTP_CHAPCONFIG
					echo "$orig_name * $motp_secret $fixip" >> $PPTP_PAPCONFIG
				fi
				if [ "$l2tp" = "enable" ]; then
					echo "$orig_name * $motp_secret $fixip" >> $L2TP_CHAPCONFIG
					echo "$orig_name * $motp_secret $fixip" >> $L2TP_PAPCONFIG
				fi
				if [ "$pppoe" = "enable" ]; then
					echo "$orig_name * $motp_secret $fixip" >> $PPPOE_CHAPCONFIG
					echo "$orig_name * $motp_secret $fixip" >> $PPPOE_PAPCONFIG
				fi
				if [ "$ssltunnel" = "enable" ]; then
					echo "$orig_name * $motp_secret $fixip" >> $SSLTUNNEL_CHAPCONFIG
					echo "$orig_name * $motp_secret $fixip" >> $SSLTUNNEL_PAPCONFIG
				fi
				#if [ "$openvpn" = "enable" ]; then
				#	echo "$orig_name $pass" >> $OPENVPN_CONFIG
				#fi
			fi
		else
			json set appuser.$t usemotp=0 motp_pin= motp_secret=
			if [ "$fixip" = "" ]; then
				if [ "$pptp" = "enable" ]; then
					echo "$orig_name * $pass *" >> $PPTP_CHAPCONFIG
					echo "$orig_name * $pass *" >> $PPTP_PAPCONFIG
				fi
				if [ "$l2tp" = "enable" ]; then
					echo "$orig_name * $pass *" >> $L2TP_CHAPCONFIG
					echo "$orig_name * $pass *" >> $L2TP_PAPCONFIG
				fi
				if [ "$pppoe" = "enable" ]; then
					echo "$orig_name * $pass *" >> $PPPOE_CHAPCONFIG
					echo "$orig_name * $pass *" >> $PPPOE_PAPCONFIG
				fi
				if [ "$ssltunnel" = "enable" ]; then
					echo "$orig_name * $pass *" >> $SSLTUNNEL_CHAPCONFIG
					echo "$orig_name * $pass *" >> $SSLTUNNEL_PAPCONFIG
				fi
				#if [ "$openvpn" = "enable" ]; then
				#	echo "$orig_name $pass" >> $OPENVPN_CONFIG
				#fi
			else
				if [ "$pptp" = "enable" ]; then
					echo "$orig_name * $pass $fixip" >> $PPTP_CHAPCONFIG
					echo "$orig_name * $pass $fixip" >> $PPTP_PAPCONFIG
				fi
				if [ "$l2tp" = "enable" ]; then
					echo "$orig_name * $pass $fixip" >> $L2TP_CHAPCONFIG
					echo "$orig_name * $pass $fixip" >> $L2TP_PAPCONFIG
				fi
				if [ "$pppoe" = "enable" ]; then
					echo "$orig_name * $pass $fixip" >> $PPPOE_CHAPCONFIG
					echo "$orig_name * $pass $fixip" >> $PPPOE_PAPCONFIG
				fi
				if [ "$ssltunnel" = "enable" ]; then
					echo "$orig_name * $pass $fixip" >> $SSLTUNNEL_CHAPCONFIG
					echo "$orig_name * $pass $fixip" >> $SSLTUNNEL_PAPCONFIG
				fi
				#if [ "$openvpn" = "enable" ]; then
				#	echo "$orig_name $pass" >> $OPENVPN_CONFIG
				#fi
			fi
		fi
		json set pptp.$t ifname=$pptpif
	else
		json set appuser.$t usemotp=0 motp_pin= motp_secret=
	fi
	
	[ "$sysuser" = "true" ] && {
		group=`uci get $UCI_CONFIG.$t.group`
		useradd "$orig_name" "$pass" "$group"
		#[ "$ftp" = "enable" ]  && $FTP_SETACTION $t $pass
		#[ "$smb" = "enable" ]  && $SMB_SETACTION $t $pass
	}
	uci set appuser.$t.user_remain_time_quota=$user_set_time_quota
}

mod_appuser_apply() {
	t="$1"
	user="$t"
	#G43803:replace '^' in username to '.'
	orig_name=`echo $t |tr '^' '.'`
	
	state=`uci get $UCI_CONFIG.$t.state`
	pass_old=`uci oget $UCI_CONFIG.$t.pass`
	pass_new=`uci get $UCI_CONFIG.$t.pass`
	l2tp=`uci get $UCI_CONFIG.$t.l2tp`
	pptp=`uci get $UCI_CONFIG.$t.pptp`
	pppoe=`uci get $UCI_CONFIG.$t.pppoe`
	ssltunnel=`uci get $UCI_CONFIG.$t.ssltunnel`
	pptpif=`uci get $UCI_CONFIG.$t.pptpif`
	fixip=`uci get $UCI_CONFIG.$t.fixip`
	sysuser=`uci get $UCI_CONFIG.$t.sysuser`
	usemotp=`uci get $UCI_CONFIG.$t.usemotp`
	motp_pin=`uci get $UCI_CONFIG.$t.motp_pin`
	motp_secret=`uci get $UCI_CONFIG.$t.motp_secret`
	usemotp_old=`uci oget $UCI_CONFIG.$t.usemotp`
	quota_time=`uci get $UCI_CONFIG.$t.quota_time`
	time_used=`uci get $UCI_CONFIG.$t.time_used`
	quota_traffic=`uci get $UCI_CONFIG.$t.quota_traffic`
	traffic_used=`uci get $UCI_CONFIG.$t.traffic_used`
	user_set_time_quota=`uci get $UCI_CONFIG.$t.user_set_time_quota`
	vsftpd_status=`uci get $UCI_CONFIG.$t.vsftpd_status`
	#following are not used now
	#ftp=`uci get $UCI_CONFIG.$t.ftp`
	#smb=`uci get $UCI_CONFIG.$t.smb`
	#openvpn=`uci get $UCI_CONFIG.$t.openvpn`

	uci set $UCI_CONFIG.$t.time_proportion=$time_used/$quota_time
	uci set $UCI_CONFIG.$t.traffic_proportion=$traffic_used/$quota_traffic
	
	ftp_status_old=`uci oget appuser.$t.vsftpd_status`
	ftp_status_new=`uci get appuser.$t.vsftpd_status`
	if [ "$ftp_status_old" != "$ftp_status_new" ]; then
		if [ "$vsftpd_status" = "enable" ]; then
			ftp_username=`uci get appuser.$t.shown_name`
			uci set ftp_userconfig.$t=profile
			uci set ftp_userconfig.$t.shown_name=$ftp_username
			uci set ftp_userconfig.$t.volume=''
			uci set ftp_userconfig.$t.path='/'
			#uci set ftp_userconfig.$t.access_right=''
			uci commit ftp_userconfig
			passwd=`uci get appuser.$t.pass`
			touch /tmp/"$t"_pwfile
			echo $passwd > /tmp/"$t"_pwfile
			echo $passwd >> /tmp/"$t"_pwfile
			pure-pw useradd $ftp_username -u pure_ftpd_user -d /dev/null < /tmp/"$t"_pwfile
			rm -rf /tmp/"$t"_pwfile
			pure-pw mkdb
		else
			ftp_username=`uci get appuser.$t.shown_name`
			uci delete ftp_userconfig.$t
			uci commit ftp_userconfig
			#rm -rf /etc/vsftpd_user_conf/$t
			#disable delete user from
			pure-pw userdel $ftp_username
			pure-pw mkdb
		fi
	fi
	
	[ "$sysuser" = "true" -a "$state" = "enable" ] && {
		group=`uci get $UCI_CONFIG.$t.group`
		usermod $orig_name $pass_new $group
		#[ "$ftp" = "enable" ] && $FTP_SETACTION $user $pass_new 
		#[ "$ftp" = "disable" ] && $FTP_DELACTION $user
		#[ "$smb" = "enable" ] && $SMB_SETACTION $user $pass_new
		#[ "$smb" = "disable" ] && $SMB_DELACTION $user
	}
	
	[ "$sysuser" = "false" -o "$state" = "disable" ] && {
		userdelete "$orig_name"
		#$FTP_DELACTION $user
		#$SMB_DELACTION $user 
	}

	##### DELETE PART ##############################################################################################
	if [ "$usemotp_old" = "enable" ] ;then
		motp_secret_old=`uci oget $UCI_CONFIG.$t.motp_secret`
		sed -i "/^$orig_name \* $motp_secret_old/d" $PPTP_PAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $PPTP_CHAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $L2TP_PAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $L2TP_CHAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $PPPOE_PAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $PPPOE_CHAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $SSLTUNNEL_PAPCONFIG
		sed -i "/^$orig_name \* $motp_secret_old/d" $SSLTUNNEL_CHAPCONFIG
	else
		sed -i "/^$orig_name \* $pass_old/d" $PPTP_PAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $PPTP_CHAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $L2TP_PAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $L2TP_CHAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $PPPOE_PAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $PPPOE_CHAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $SSLTUNNEL_PAPCONFIG
		sed -i "/^$orig_name \* $pass_old/d" $SSLTUNNEL_CHAPCONFIG
		#sed -i "/^$orig_name $pass_old/d" $OPENVPN_CONFIG
	fi
	
	##### ADD PART #################################################################################################
	if [ "$state" = "enable" ]; then
		if [ "$pptp" = "enable" ] || [ "$l2tp" = "enable" ] || [ "$pppoe" = "enable" ] || [ "$ssltunnel" = "enable" ] ;then
			if [ "$usemotp" = "enable" ] ;then
				json set appuser.$t usemotp=1 motp_pin=$motp_pin motp_secret=$motp_secret
				if [ "$fixip" = "" ]; then
					if [ "$pptp" = "enable" ]; then
						echo "$orig_name * $motp_secret *" >> $PPTP_CHAPCONFIG
						echo "$orig_name * $motp_secret *" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$orig_name * $motp_secret *" >> $L2TP_CHAPCONFIG
						echo "$orig_name * $motp_secret *" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$orig_name * $motp_secret *" >> $PPPOE_CHAPCONFIG
						echo "$orig_name * $motp_secret *" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$orig_name * $motp_secret *" >> $SSLTUNNEL_CHAPCONFIG
						echo "$orig_name * $motp_secret *" >> $SSLTUNNEL_PAPCONFIG
					fi
					#if [ "$openvpn" = "enable" ]; then
					#	echo "$orig_name $pass_new" >> $OPENVPN_CONFIG
					#fi
				else
					if [ "$pptp" = "enable" ]; then
						echo "$orig_name * $motp_secret $fixip" >> $PPTP_CHAPCONFIG
						echo "$orig_name * $motp_secret $fixip" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$orig_name * $motp_secret $fixip" >> $L2TP_CHAPCONFIG
						echo "$orig_name * $motp_secret $fixip" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$orig_name * $motp_secret $fixip" >> $PPPOE_CHAPCONFIG
						echo "$orig_name * $motp_secret $fixip" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$orig_name * $motp_secret $fixip" >> $SSLTUNNEL_CHAPCONFIG
						echo "$orig_name * $motp_secret $fixip" >> $SSLTUNNEL_PAPCONFIG
					fi
					#if [ "$openvpn" = "enable" ]; then
					#	echo "$orig_name $pass_new" >> $OPENVPN_CONFIG
					#fi
				fi
			else
				json set appuser.$t usemotp=0 motp_pin= motp_secret=
				if [ "$fixip" = "" ]; then
					if [ "$pptp" = "enable" ]; then
						echo "$orig_name * $pass_new *" >> $PPTP_CHAPCONFIG
						echo "$orig_name * $pass_new *" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$orig_name * $pass_new *" >> $L2TP_CHAPCONFIG
						echo "$orig_name * $pass_new *" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$orig_name * $pass_new *" >> $PPPOE_CHAPCONFIG
						echo "$orig_name * $pass_new *" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$orig_name * $pass_new *" >> $SSLTUNNEL_CHAPCONFIG
						echo "$orig_name * $pass_new *" >> $SSLTUNNEL_PAPCONFIG
					fi
					#if [ "$openvpn" = "enable" ]; then
					#	echo "$orig_name $pass_new" >> $OPENVPN_CONFIG
					#fi
				else
					if [ "$pptp" = "enable" ]; then
						echo "$orig_name * $pass_new $fixip" >> $PPTP_CHAPCONFIG
						echo "$orig_name * $pass_new $fixip" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$orig_name * $pass_new $fixip" >> $L2TP_CHAPCONFIG
						echo "$orig_name * $pass_new $fixip" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$orig_name * $pass_new $fixip" >> $PPPOE_CHAPCONFIG
						echo "$orig_name * $pass_new $fixip" >> $PPPOE_PAPCONFIG
					fi
					if [ "$ssltunnel" = "enable" ]; then
						echo "$orig_name * $pass_new $fixip" >> $SSLTUNNEL_CHAPCONFIG
						echo "$orig_name * $pass_new $fixip" >> $SSLTUNNEL_PAPCONFIG
					fi
					#if [ "$openvpn" = "enable" ]; then
					#	echo "$orig_name $pass_new" >> $OPENVPN_CONFIG
					#fi
				fi
			fi
			json set pptp.$t ifname=$pptpif
		else
			json set appuser.$t usemotp=0 motp_pin= motp_secret=
		fi
	fi
	
	#send event msg:"logout all IP within the user name" to ubf_polling_d
	/sbin/ubf_eventmq_sender "2" "$t" "0" "0" "0" "0" "0"
	
	sed -i "/^$t 0/d" /var/ubf_record
	
	#remove web portal login record while profile was modified
	user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
	for ip in $user_logined_ip ;do
		/usr/sbin/ubf_usr_manage.sh "appuser#1" -D ip $ip
	done
	
	ipset -F usr_$t
	
	#G40542: reset account login counter (the number of IP logined as this user via web portal)
	json set appuser.$t login_count=0
	
	#reset time quota
	uci set appuser.$t.user_remain_time_quota=$user_set_time_quota
	
	##Remove all session cookies of this user (web portal login)
	session_list=`json -f /var/ubf_session.json show |grep "username=$t" |cut -d'.' -f 1`
	for session in $session_list ;do
		usertype=`json -f /var/ubf_session.json get $session.auth`
		[ "$usertype" = "0" ] && json -f /var/ubf_session.json delete $session
	done
}

del_appuser_apply() {
	t="$1"
	#G43803:replace '^' in username to '.'
	orig_name=`echo $t |tr '^' '.'`
	
	#delete user  should be delete the ftp user ...
	uci delete ftp_userconfig.$t
	uci commit ftp_userconfig
	#rm -rf /etc/vsftpd_user_conf/$t
	pure-pw userdel $t
	pure-pw mkdb
	
	filter_deref_param "$t" "$UCI_CONFIG" "$ref_user_profile" "act_del"
	if [ "$need_deref" = "1" ] ;then	#$need_deref is defined in "filter_deref_param" as a global parameter
		ERR_CODE=101
		usemotp=`uci oget $UCI_CONFIG.$t.usemotp`
		if [ "$usemotp" = "enable" ] ;then
			motp_secret=`uci oget $UCI_CONFIG.$t.motp_secret`
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $PPTP_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $PPTP_CHAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $L2TP_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $L2TP_CHAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $PPPOE_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $PPPOE_CHAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $SSLTUNNEL_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $motp_secret/d\" $SSLTUNNEL_CHAPCONFIG" >>$BATCH_DEREF_FILE
		else
			pass=`uci oget $UCI_CONFIG.$t.pass`
			echo "sed -i \"/^$orig_name \* $pass/d\" $PPTP_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $PPTP_CHAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $L2TP_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $L2TP_CHAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $PPPOE_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $PPPOE_CHAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $SSLTUNNEL_PAPCONFIG" >>$BATCH_DEREF_FILE
			echo "sed -i \"/^$orig_name \* $pass/d\" $SSLTUNNEL_CHAPCONFIG" >>$BATCH_DEREF_FILE
		fi
		
		echo "json delete appuser.$t" >>$BATCH_DEREF_FILE
		echo "json delete pptp.$t.ifname" >>$BATCH_DEREF_FILE
		echo "deluser $orig_name 2>/dev/null" >>$BATCH_DEREF_FILE
		#$FTP_DELACTION $t
		#$SMB_DELACTION $t
		echo "sed -i '/'\"$t\"'/d' /tmp/all_local_user_name 2>/dev/null" >>$BATCH_DEREF_FILE
		#Only remove records which is authenticated by LOCAL(USER_LOCAL=0)
		echo "sed -i \"/^$t 0/d\" /var/ubf_record 2>/dev/null" >>$BATCH_DEREF_FILE
		
		#If user profile is deleted, remove its IP from web portal ipset
		user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
		for ip in $user_logined_ip ;do
			echo "/usr/sbin/ubf_usr_manage.sh appuser -D ip $ip" >>$BATCH_DEREF_FILE
		done
		
		##Remove all session cookies of this user
		session_list=`json -f /var/ubf_session.json show |grep "username=$t" |cut -d'.' -f 1`
		for session in $session_list ;do
			usertype=`json -f /var/ubf_session.json get $session.auth`
			[ "$usertype" = "0" ] && echo "json -f /var/ubf_session.json delete $session" >>$BATCH_DEREF_FILE
		done
		
		#send event msg:"logout all IP within the user name" to ubf_polling_d
		echo "/sbin/ubf_eventmq_sender \"2\" \"$t\" \"0\" \"0\" \"0\" \"0\" \"0\"" >>$BATCH_DEREF_FILE
	else
		usemotp=`uci oget $UCI_CONFIG.$t.usemotp`
		if [ "$usemotp" = "enable" ] ;then
			motp_secret=`uci oget $UCI_CONFIG.$t.motp_secret`
			sed -i "/^$orig_name \* $motp_secret/d" $PPTP_PAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $PPTP_CHAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $L2TP_PAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $L2TP_CHAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $PPPOE_PAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $PPPOE_CHAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $SSLTUNNEL_PAPCONFIG
			sed -i "/^$orig_name \* $motp_secret/d" $SSLTUNNEL_CHAPCONFIG
		else
			pass=`uci oget $UCI_CONFIG.$t.pass`
			sed -i "/^$orig_name \* $pass/d" $PPTP_PAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $PPTP_CHAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $L2TP_PAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $L2TP_CHAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $PPPOE_PAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $PPPOE_CHAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $SSLTUNNEL_PAPCONFIG
			sed -i "/^$orig_name \* $pass/d" $SSLTUNNEL_CHAPCONFIG
		fi
		
		json delete appuser.$t
		json delete pptp.$t.ifname
		deluser $orig_name 2>/dev/null
		sed -i '/'"$t"'/d' /tmp/all_local_user_name 2>/dev/null
		#Only remove records which is authenticated by LOCAL(USER_LOCAL=0)
		sed -i "/^$t 0/d" /var/ubf_record 2>/dev/null
		
		#If user profile is deleted, remove its IP from web portal ipset
		user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
		for ip in $user_logined_ip ;do
			/usr/sbin/ubf_usr_manage.sh "appuser#2" -D ip $ip
		done
		##Remove all session cookies of this user
		session_list=`json -f /var/ubf_session.json show |grep "username=$t" |cut -d'.' -f 1`
		for session in $session_list ;do
			usertype=`json -f /var/ubf_session.json get $session.auth`
			[ "$usertype" = "0" ] && json -f /var/ubf_session.json delete $session
		done
		
		#send event msg:"logout all IP within the user name" to ubf_polling_d
		/sbin/ubf_eventmq_sender "2" "$t" "0" "0" "0" "0" "0"
	fi
}

appuser_apply() {
	newobj=`uci fchanges new $UCI_CONFIG`
	modobj=`uci fchanges modify $UCI_CONFIG`
	delobj=`uci fchanges delete $UCI_CONFIG`
	[ -n "$newobj" ] && {
		for elem in $newobj; do
			new_appuser_apply "$elem"
		done
		need_commit=1
	}
	[ -n "$modobj" ] && {
		for elem in $modobj; do
			mod_appuser_apply "$elem"
		done
		need_commit=1
	}
	[ -n "$delobj" ] && {
		for elem in $delobj; do
			del_appuser_apply "$elem"
		done
		need_commit=1
	}
}

#reduce needless dhcpd restart
check_restart_dhcpd(){
	DHCP_RESTART=0
	[ -n "$newobj" ] && {
		cfg_fixip=$(uci get appuser.$newobj.fixip)
		cfg_state=$(uci get appuser.$newobj.state)
		if [ "$cfg_fixip" != "" -a "$cfg_state" == "enable" ];then
			DHCP_RESTART=1
		fi
	}
	[ -n "$modobj" ] && {
		cfg_fixip_change=$(uci changes appuser | grep fixip)
		cfg_state=$(uci get appuser.$modobj.state)
		cfg_fixip=$(uci get appuser.$modobj.fixip)
		cfg_state_change=$(uci changes appuser | grep state)
		# if enable and changed fixip
		if [ "$cfg_fixip_change" != "" -a "$cfg_state" == "enable" ];then
			DHCP_RESTART=1
		# if have fixip and changed enable/disable 
		elif [ "$cfg_fixip" != "" -a "$cfg_state_change" != "" ];then
			DHCP_RESTART=1
		# if changed fixip and changed enable/disable  (just for "enable+fixip" change to "disable+no fixip")
		elif [ "$cfg_fixip_change" != "" -a "$cfg_state_change" != "" ];then
			DHCP_RESTART=1
		fi
	}
	[ -n "$delobj" ] && {
		cfg_fixip=$(uci oget appuser.$delobj.fixip)
		cfg_state=$(uci oget appuser.$delobj.state)
		if [ "$cfg_fixip" != "" -a "$cfg_state" == "enable" ];then
			DHCP_RESTART=1
		fi
	}
}

apply() {
	lock $SCRIPT_LOCK
	ERR_CODE=0
	need_commit=0
	usrgrp_temp=""
	
	#initialize -19 dialog format
	CGI_19_DIALOG_BOX_SETUP "CONFIRM" "Object Dereference" "2"
	CGI_19_DIALOG_BUTTON_SETUP "1" "$BATCH_DEREF_FILE &"
	CGI_19_DIALOG_BUTTON_SETUP "2" "rm $BATCH_DEREF_FILE"
	
	#initialized dereference batch file
	BATCH_DEREF_INIT "$UCI_CONFIG"
	
	appuser_apply
	
	if [ "$need_commit" = "1" ]; then
		[ -n "$delobj" ] && {
			for elem in $delobj; do
				usrgrp_temp=`uci filter appuser_group member $elem`
				[ -n "$usrgrp_temp" ] && {
					for item in $usrgrp_temp; do
						echo "ipset -D usr_grp_$item usr_$elem" >>$BATCH_DEREF_FILE
						echo "uci delete appuser_group.$item.member=$elem" >>$BATCH_DEREF_FILE
					done
				}
				echo "ipset -X usr_$elem 2>&1 >/dev/null |logger" >>$BATCH_DEREF_FILE
				DEREF_CONSOLE "$UCI_CONFIG" "DEL ipset:usr_$elem"
			done
			#user group is in another config, we need to do commit for it
			echo "uci commit appuser_group" >>$BATCH_DEREF_FILE
		}
		echo "cp /etc/passwd /etc/persistence/data/passwd" >>$BATCH_DEREF_FILE
		echo "cp /etc/persistence/data/group /etc/persistence/data/group_backup" >>$BATCH_DEREF_FILE
		echo "cp /etc/persistence/data/passwd /etc/persistence/data/passwd_backup" >>$BATCH_DEREF_FILE
		
		#end of dereference batch file
		BATCH_DEREF_TERM "$UCI_CONFIG"
		
		#prepare BATCH_DEREF_FILE if dereference is needed
		if [ "$need_deref" = "1" ] ;then
			DBG_PRINT "BATCH_DEREF_FILE is ready: $BATCH_DEREF_FILE"
			#Because the obj has been deleted by cgi temporarily, 
			#we must do a revert before user press confirm 'OK'
			uci revert $UCI_CONFIG
			lock -u $SCRIPT_LOCK
			exit $ERR_CODE
		else
			rm $BATCH_DEREF_FILE
			[ -n "$delobj" ] && {
				for elem in $delobj; do
					usrgrp_temp=`uci filter appuser_group member $elem`
					[ -n "$usrgrp_temp" ] && {
						for item in $usrgrp_temp; do
							ipset -D usr_grp_$item usr_$elem
							uci delete appuser_group.$item.member=$elem
						done
					}
					ipset -X usr_$elem 2>&1 >/dev/null |logger
				done
				#user group is in another config, we need to do commit for it
				uci commit appuser_group
			}
			cp /etc/passwd /etc/persistence/data/passwd
			cp /etc/persistence/data/group /etc/persistence/data/group_backup
			cp /etc/persistence/data/passwd /etc/persistence/data/passwd_backup
		fi
		check_restart_dhcpd
		uci commit $UCI_CONFIG
		
		if [ "$DHCP_RESTART" = "1" ];then
			/etc/init.d/dhcpd restart
		fi
	fi
	lock -u $SCRIPT_LOCK
	exit $ERR_CODE
}
