2006-01-01 16:30:05 +00:00
< ? php
/*
$Id $
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager ( http :// www . ldap - account - manager . org / )
2012-02-05 19:03:25 +00:00
Copyright ( C ) 2005 - 2012 Roland Gruber
2006-01-01 16:30:05 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
/**
* The account type for user accounts ( e . g . Unix , Samba and Kolab ) .
*
* @ package types
* @ author Roland Gruber
*/
/**
* The account type for user accounts ( e . g . Unix , Samba and Kolab ) .
2006-02-07 16:05:37 +00:00
*
* @ package types
2006-01-01 16:30:05 +00:00
*/
class user extends baseType {
2009-02-18 19:15:56 +00:00
/**
* Constructs a new user type object .
*/
public function __construct () {
parent :: __construct ();
$this -> LABEL_CREATE_ANOTHER_ACCOUNT = _ ( 'Create another user' );
$this -> LABEL_BACK_TO_ACCOUNT_LIST = _ ( 'Back to user list' );
}
2006-01-01 16:30:05 +00:00
/**
* Returns the alias name of this account type .
*
* @ return string alias name
*/
function getAlias () {
return _ ( " Users " );
}
/**
* Returns the description of this account type .
*
* @ return string description
*/
function getDescription () {
return _ ( " User accounts (e.g. Unix, Samba and Kolab) " );
}
/**
* Returns the class name for the list object .
*
* @ return string class name
*/
function getListClassName () {
return " lamUserList " ;
}
/**
* Returns the default attribute list for this account type .
*
* @ return string attribute list
*/
function getDefaultListAttributes () {
return " #uid;#givenName;#sn;#uidNumber;#gidNumber " ;
}
/**
* Returns a list of attributes which have a translated description .
* This is used for the head row in the list view .
*
* @ return array list of descriptions
*/
function getListAttributeDescriptions () {
return array (
" uid " => _ ( " User ID " ),
" uidnumber " => _ ( " UID number " ),
" gidnumber " => _ ( " GID number " ),
" cn " => _ ( " User name " ),
" host " => _ ( " Allowed hosts " ),
" givenname " => _ ( " First name " ),
" sn " => _ ( " Last name " ),
" homedirectory " => _ ( " Home directory " ),
" loginshell " => _ ( " Login shell " ),
2010-04-02 11:39:09 +00:00
" mail " => _ ( " Email " ),
2007-02-17 16:26:08 +00:00
" gecos " => _ ( " Description " ),
2011-04-18 18:27:53 +00:00
" jpegphoto " => _ ( 'Photo' ),
'shadowexpire' => _ ( 'Password expiration' ),
'sambakickofftime' => _ ( 'Account expiration date' )
2006-01-01 16:30:05 +00:00
);
}
2010-12-11 15:58:25 +00:00
/**
* Returns the the title text for the title bar on the new / edit page .
*
2012-04-07 16:40:34 +00:00
* @ param accountContainer $container account container
2010-12-11 15:58:25 +00:00
* @ return String title text
*/
2012-04-07 16:40:34 +00:00
public function getTitleBarTitle ( $container ) {
// get attributes
$personalAttributes = null ;
if ( $container -> getAccountModule ( 'inetOrgPerson' ) != null ) {
$personalAttributes = $container -> getAccountModule ( 'inetOrgPerson' ) -> getAttributes ();
}
$accountAttributes = null ;
if ( $container -> getAccountModule ( 'account' ) != null ) {
$accountAttributes = $container -> getAccountModule ( 'account' ) -> getAttributes ();
}
$sambaAttributes = null ;
if ( $container -> getAccountModule ( 'sambaSamAccount' ) != null ) {
$sambaAttributes = $container -> getAccountModule ( 'sambaSamAccount' ) -> getAttributes ();
}
$unixAttributes = null ;
if ( $container -> getAccountModule ( 'posixAccount' ) != null ) {
$unixAttributes = $container -> getAccountModule ( 'posixAccount' ) -> getAttributes ();
2010-12-11 15:58:25 +00:00
}
2012-11-11 11:35:45 +00:00
$mitKerberosAttributes = null ;
if ( $container -> getAccountModule ( 'mitKerberosStructural' ) != null ) {
$mitKerberosAttributes = $container -> getAccountModule ( 'mitKerberosStructural' ) -> getAttributes ();
}
elseif ( $container -> getAccountModule ( 'mitKerberos' ) != null ) {
$mitKerberosAttributes = $container -> getAccountModule ( 'mitKerberos' ) -> getAttributes ();
}
2010-12-11 15:58:25 +00:00
// check if first and last name can be shown
2012-04-07 16:40:34 +00:00
if (( $personalAttributes != null ) && isset ( $personalAttributes [ 'sn' ][ 0 ]) && isset ( $personalAttributes [ 'givenName' ][ 0 ])) {
return htmlspecialchars ( $personalAttributes [ 'givenName' ][ 0 ] . ' ' . $personalAttributes [ 'sn' ][ 0 ]);
2010-12-11 15:58:25 +00:00
}
// check if a display name is set
2012-04-07 16:40:34 +00:00
if (( $sambaAttributes != null ) && isset ( $sambaAttributes [ 'displayName' ][ 0 ])) {
return htmlspecialchars ( $sambaAttributes [ 'displayName' ][ 0 ]);
2010-12-11 15:58:25 +00:00
}
// check if a common name is set
2012-04-07 16:40:34 +00:00
if (( $personalAttributes != null ) && isset ( $personalAttributes [ 'cn' ][ 0 ])) {
return htmlspecialchars ( $personalAttributes [ 'cn' ][ 0 ]);
}
if (( $unixAttributes != null ) && isset ( $unixAttributes [ 'cn' ][ 0 ])) {
return htmlspecialchars ( $unixAttributes [ 'cn' ][ 0 ]);
2010-12-11 15:58:25 +00:00
}
// check if a user name is set
2012-04-07 16:40:34 +00:00
if (( $unixAttributes != null ) && isset ( $unixAttributes [ 'uid' ][ 0 ])) {
return htmlspecialchars ( $unixAttributes [ 'uid' ][ 0 ]);
}
if (( $personalAttributes != null ) && isset ( $personalAttributes [ 'uid' ][ 0 ])) {
return htmlspecialchars ( $personalAttributes [ 'uid' ][ 0 ]);
}
if (( $accountAttributes != null ) && isset ( $accountAttributes [ 'uid' ][ 0 ])) {
return htmlspecialchars ( $accountAttributes [ 'uid' ][ 0 ]);
}
2012-11-11 11:35:45 +00:00
if (( $mitKerberosAttributes != null ) && isset ( $mitKerberosAttributes [ 'krbPrincipalName' ][ 0 ])) {
return htmlspecialchars ( $mitKerberosAttributes [ 'krbPrincipalName' ][ 0 ]);
}
2012-04-07 16:40:34 +00:00
if ( $container -> isNewAccount ) {
return _ ( " New user " );
2010-12-11 15:58:25 +00:00
}
// fall back to default
2012-04-07 16:40:34 +00:00
return parent :: getTitleBarTitle ( $container );
2010-12-11 15:58:25 +00:00
}
/**
* Returns the the title text for the title bar on the new / edit page .
*
2012-04-07 16:40:34 +00:00
* @ param accountContainer $container account container
2010-12-11 15:58:25 +00:00
* @ return String title text
*/
2012-04-07 16:40:34 +00:00
public function getTitleBarSubtitle ( $container ) {
$personalAttributes = null ;
if ( $container -> getAccountModule ( 'inetOrgPerson' ) != null ) {
$personalAttributes = $container -> getAccountModule ( 'inetOrgPerson' ) -> getAttributes ();
}
if ( $personalAttributes == null ) {
2012-04-09 13:20:24 +00:00
return $this -> buildAccountStatusIcon ( $container );
2010-12-11 15:58:25 +00:00
}
2012-04-09 13:20:24 +00:00
$subtitle = $this -> buildAccountStatusIcon ( $container );
2010-12-11 15:58:25 +00:00
$spacer = ' ' ;
// check if an email address can be shown
2012-04-07 16:40:34 +00:00
if ( isset ( $personalAttributes [ 'mail' ][ 0 ])) {
$subtitle .= '<a href="mailto:' . htmlspecialchars ( $personalAttributes [ 'mail' ][ 0 ]) . '">' . htmlspecialchars ( $personalAttributes [ 'mail' ][ 0 ]) . '</a>' . $spacer ;
2010-12-11 15:58:25 +00:00
}
// check if an telephone number can be shown
2012-04-07 16:40:34 +00:00
if ( isset ( $personalAttributes [ 'telephoneNumber' ][ 0 ])) {
$subtitle .= _ ( 'Telephone number' ) . ' ' . htmlspecialchars ( $personalAttributes [ 'telephoneNumber' ][ 0 ]) . $spacer ;
2010-12-11 15:58:25 +00:00
}
// check if an mobile number can be shown
2012-04-07 16:40:34 +00:00
if ( isset ( $personalAttributes [ 'mobile' ][ 0 ])) {
$subtitle .= _ ( 'Mobile number' ) . ' ' . htmlspecialchars ( $personalAttributes [ 'mobile' ][ 0 ]);
2010-12-11 15:58:25 +00:00
}
if ( $subtitle == '' ) {
return null ;
}
return $subtitle ;
}
2012-04-07 16:40:34 +00:00
/**
* Builds the HTML code for the icon that shows the account status ( locked / unlocked ) .
*
2012-04-09 13:20:24 +00:00
* @ param accountContainer $container account container
2012-04-07 16:40:34 +00:00
* @ return String HTML code for icon
*/
2012-04-09 13:20:24 +00:00
private function buildAccountStatusIcon ( $container ) {
// check if there are account parts that can be locked
2012-04-09 18:07:57 +00:00
$unixAvailable = ( $container -> getAccountModule ( 'posixAccount' ) != null ) && $container -> getAccountModule ( 'posixAccount' ) -> isLockable ();
2012-04-09 13:20:24 +00:00
$sambaAvailable = (( $container -> getAccountModule ( 'sambaSamAccount' ) != null ) && $container -> getAccountModule ( 'sambaSamAccount' ) -> isExtensionEnabled ());
$ppolicyAvailable = ( $container -> getAccountModule ( 'ppolicyUser' ) != null );
if ( ! $unixAvailable && ! $sambaAvailable && ! $ppolicyAvailable ) {
2012-04-07 16:40:34 +00:00
return '' ;
}
2012-04-09 13:20:24 +00:00
// get locking status
$unixLocked = false ;
if ( $unixAvailable && $container -> getAccountModule ( 'posixAccount' ) -> isLocked ()) {
$unixLocked = true ;
}
$sambaLocked = false ;
if ( $sambaAvailable && $container -> getAccountModule ( 'sambaSamAccount' ) -> isDeactivated ()) {
$sambaLocked = true ;
}
$ppolicyLocked = false ;
if ( $ppolicyAvailable && $container -> getAccountModule ( 'ppolicyUser' ) -> isLocked ()) {
$ppolicyLocked = true ;
}
$partiallyLocked = $unixLocked || $sambaLocked || $ppolicyLocked ;
$fullyLocked = ( $unixAvailable || $sambaAvailable || $ppolicyAvailable )
&& ( ! $unixAvailable || $unixLocked )
&& ( ! $sambaAvailable || $sambaLocked )
&& ( ! $ppolicyAvailable || $ppolicyLocked );
// build tooltip
$icon = 'unlocked.png' ;
if ( $fullyLocked ) {
$icon = 'lock.png' ;
}
elseif ( $partiallyLocked ) {
$icon = 'partiallyLocked.png' ;
}
$statusTable = '<table border=0>' ;
// Unix
if ( $unixAvailable ) {
$unixIcon = 'unlocked.png' ;
if ( $unixLocked ) {
$unixIcon = 'lock.png' ;
}
$statusTable .= '<tr><td>' . _ ( 'Unix' ) . ' </td><td><img height=16 width=16 src="../../graphics/' . $unixIcon . '"></td></tr>' ;
}
// Samba
if ( $sambaAvailable ) {
$sambaIcon = 'unlocked.png' ;
if ( $sambaLocked ) {
$sambaIcon = 'lock.png' ;
}
2012-04-19 16:53:12 +00:00
$statusTable .= '<tr><td>' . _ ( 'Samba 3' ) . ' </td><td><img height=16 width=16 src="../../graphics/' . $sambaIcon . '"></td></tr>' ;
2012-04-09 13:20:24 +00:00
}
// PPolicy
if ( $ppolicyAvailable ) {
$ppolicyIcon = 'unlocked.png' ;
if ( $ppolicyLocked ) {
$ppolicyIcon = 'lock.png' ;
}
$statusTable .= '<tr><td>' . _ ( 'Password policy' ) . ' </td><td><img height=16 width=16 src="../../graphics/' . $ppolicyIcon . '"></td></tr>' ;
}
$statusTable .= '</table>' ;
$tipContent = $statusTable ;
2012-05-27 19:20:32 +00:00
if ( checkIfWriteAccessIsAllowed ()) {
$tipContent .= '<br><img alt="hint" src="../../graphics/light.png"> ' ;
$tipContent .= _ ( 'Please click to lock/unlock this account.' );
}
2012-04-09 13:20:24 +00:00
$tooltip = " ' " . $tipContent . " ', TITLE, ' " . _ ( 'Account status' ) . " ' " ;
$dialogDiv = $this -> buildAccountStatusDialogDiv ( $unixAvailable , $unixLocked , $sambaAvailable , $sambaLocked , $ppolicyAvailable , $ppolicyLocked );
2012-05-27 19:20:32 +00:00
$onClick = '' ;
if ( checkIfWriteAccessIsAllowed ()) {
$onClick = 'onclick="showConfirmationDialog(\'' . _ ( 'Change account status' ) . '\', \'' . _ ( 'Ok' ) . '\', \'' . _ ( 'Cancel' ) . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"' ;
}
2012-04-09 13:20:24 +00:00
return $dialogDiv . '<a href="#"><img id="lam_accountStatus" alt="status" ' . $onClick . ' onmouseout="UnTip()" onmouseover="Tip(' . $tooltip . ')" height=16 width=16 src="../../graphics/' . $icon . '"></a> ' ;
}
/**
* Builds the dialog to ( un ) lock parts of an account .
*
* @ param boolean $unixAvailable Unix part is active
* @ param boolean $unixLocked Unix part is locked
* @ param boolean $sambaAvailable Samba part is active
* @ param boolean $sambaLocked Samba part is locked
* @ param boolean $ppolicyAvailable PPolicy part is active
* @ param boolean $ppolicyLocked PPolicy part is locked
*/
private function buildAccountStatusDialogDiv ( $unixAvailable , $unixLocked , $sambaAvailable , $sambaLocked , $ppolicyAvailable , $ppolicyLocked ) {
$partiallyLocked = $unixLocked || $sambaLocked || $ppolicyLocked ;
$fullyLocked = ( $unixAvailable || $sambaAvailable || $ppolicyAvailable )
&& ( ! $unixAvailable || $unixLocked )
&& ( ! $sambaAvailable || $sambaLocked )
&& ( ! $ppolicyAvailable || $ppolicyLocked );
2013-01-12 18:29:18 +00:00
$container = new htmlTable ();
2012-04-09 13:20:24 +00:00
// show radio buttons for lock/unlock
2012-07-22 17:45:58 +00:00
$radioDisabled = true ;
2013-01-12 18:29:18 +00:00
$selectedRadio = 'lock' ;
2012-04-09 13:20:24 +00:00
$onchange = '' ;
if ( $partiallyLocked && ! $fullyLocked ) {
2012-07-22 17:45:58 +00:00
$radioDisabled = false ;
2013-01-12 18:29:18 +00:00
$onchange = 'if (jQuery(\'#lam_accountStatusAction0:checked\').val()) {' .
2012-04-09 13:20:24 +00:00
'jQuery(\'#lam_accountStatusDialogLockDiv\').removeClass(\'hidden\');' .
'jQuery(\'#lam_accountStatusDialogUnlockDiv\').addClass(\'hidden\');' .
'}' .
'else {' .
'jQuery(\'#lam_accountStatusDialogLockDiv\').addClass(\'hidden\');' .
'jQuery(\'#lam_accountStatusDialogUnlockDiv\').removeClass(\'hidden\');' .
2013-01-12 18:29:18 +00:00
'};' ;
2012-04-09 13:20:24 +00:00
}
if ( $fullyLocked ) {
2013-01-12 18:29:18 +00:00
$selectedRadio = 'unlock' ;
2012-04-09 13:20:24 +00:00
}
2012-07-22 17:45:58 +00:00
if ( ! $radioDisabled ) {
2013-01-12 18:29:18 +00:00
$radio = new htmlRadio ( 'lam_accountStatusAction' , array ( _ ( 'Lock' ) => 'lock' , _ ( 'Unlock' ) => 'unlock' ), $selectedRadio );
$radio -> setOnchangeEvent ( $onchange );
$container -> addElement ( $radio , true );
2012-07-22 17:45:58 +00:00
}
else {
2013-01-12 18:29:18 +00:00
$radio = new htmlRadio ( 'lam_accountStatusActionDisabled' , array ( _ ( 'Lock' ) => 'lock' , _ ( 'Unlock' ) => 'unlock' ), $selectedRadio );
$radio -> setIsEnabled ( false );
$container -> addElement ( $radio , true );
$container -> addElement ( new htmlHiddenInput ( 'lam_accountStatusAction' , $selectedRadio ), true );
2012-07-22 17:45:58 +00:00
}
2013-01-12 18:29:18 +00:00
$container -> addElement ( new htmlHiddenInput ( 'lam_accountStatusResult' , 'cancel' ), true );
2012-04-09 13:20:24 +00:00
// locking part
if ( ! $fullyLocked ) {
2013-01-12 18:29:18 +00:00
$lockContent = new htmlTable ();
2012-04-09 13:20:24 +00:00
if ( $unixAvailable && ! $unixLocked ) {
2013-01-12 18:29:18 +00:00
$lockContent -> addElement ( new htmlImage ( '../../graphics/tux.png' ));
$lockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusLockUnix' , true , _ ( 'Unix' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
if ( $sambaAvailable && ! $sambaLocked ) {
2013-01-12 18:29:18 +00:00
$lockContent -> addElement ( new htmlImage ( '../../graphics/samba.png' ));
$lockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusLockSamba' , true , _ ( 'Samba 3' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
if ( $ppolicyAvailable && ! $ppolicyLocked ) {
2013-01-12 18:29:18 +00:00
$lockContent -> addElement ( new htmlImage ( '../../graphics/security.png' ));
$lockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusLockPPolicy' , true , _ ( 'PPolicy' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
if ( $unixAvailable ) {
2013-01-12 18:29:18 +00:00
$lockContent -> addElement ( new htmlImage ( '../../graphics/groupBig.png' ));
$lockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusRemoveUnixGroups' , true , _ ( 'Remove from all Unix groups' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
2012-04-23 17:52:19 +00:00
if ( $unixAvailable && posixAccount :: areGroupOfNamesActive ()) { // check unixAvailable because Unix module removes group memberships
2013-01-12 18:29:18 +00:00
$lockContent -> addElement ( new htmlImage ( '../../graphics/groupBig.png' ));
$lockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusRemoveGONGroups' , true , _ ( 'Remove from all group of (unique) names' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
2013-01-12 18:29:18 +00:00
$lockDiv = new htmlDiv ( 'lam_accountStatusDialogLockDiv' , $lockContent );
$container -> addElement ( $lockDiv , true );
2012-04-09 13:20:24 +00:00
}
// unlocking part
if ( $partiallyLocked ) {
2013-01-12 18:29:18 +00:00
$unlockContent = new htmlTable ();
2012-04-09 13:20:24 +00:00
if ( $unixAvailable && $unixLocked ) {
2013-01-12 18:29:18 +00:00
$unlockContent -> addElement ( new htmlImage ( '../../graphics/tux.png' ));
$unlockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusUnlockUnix' , true , _ ( 'Unix' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
if ( $sambaAvailable && $sambaLocked ) {
2013-01-12 18:29:18 +00:00
$unlockContent -> addElement ( new htmlImage ( '../../graphics/samba.png' ));
$unlockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusUnlockSamba' , true , _ ( 'Samba 3' ), null , false ), true );
2012-04-09 13:20:24 +00:00
}
if ( $ppolicyAvailable && $ppolicyLocked ) {
2013-01-12 18:29:18 +00:00
$unlockContent -> addElement ( new htmlImage ( '../../graphics/security.png' ));
$unlockContent -> addElement ( new htmlTableExtendedInputCheckbox ( 'lam_accountStatusUnlockPPolicy' , true , _ ( 'PPolicy' ), null , false ), true );
}
$unlockDiv = new htmlDiv ( 'lam_accountStatusDialogUnlockDiv' , $unlockContent );
if ( ! $fullyLocked ) {
$unlockDiv -> setCSSClasses ( array ( 'hidden' ));
2012-04-09 13:20:24 +00:00
}
2013-01-12 18:29:18 +00:00
$container -> addElement ( $unlockDiv , true );
2012-04-09 13:20:24 +00:00
}
2013-01-12 18:29:18 +00:00
$div = new htmlDiv ( 'lam_accountStatusDialog' , $container );
$div -> setCSSClasses ( array ( 'hidden' ));
$tabindex = 999 ;
ob_start ();
parseHtml ( null , $div , array (), false , $tabindex , 'user' );
$output = ob_get_contents ();
ob_clean ();
return $output ;
2012-04-07 16:40:34 +00:00
}
2010-12-11 15:58:25 +00:00
2012-04-09 13:20:24 +00:00
/**
* This function is called after the edit page is processed and before the page content is generated .
* This can be used to run custom handlers after each page processing .
*
* @ param accountContainer $container account container
*/
public function runEditPagePostAction ( $container ) {
// check if account status should be changed
if ( isset ( $_POST [ 'lam_accountStatusResult' ]) && ( $_POST [ 'lam_accountStatusResult' ] == 'ok' )) {
// lock account
if ( $_POST [ 'lam_accountStatusAction' ] == 'lock' ) {
// Unix
if ( isset ( $_POST [ 'lam_accountStatusLockUnix' ]) && ( $_POST [ 'lam_accountStatusLockUnix' ] == 'on' )) {
$container -> getAccountModule ( 'posixAccount' ) -> lock ();
}
// Samba
if ( isset ( $_POST [ 'lam_accountStatusLockSamba' ]) && ( $_POST [ 'lam_accountStatusLockSamba' ] == 'on' )) {
$container -> getAccountModule ( 'sambaSamAccount' ) -> deactivate ();
}
// PPolicy
if ( isset ( $_POST [ 'lam_accountStatusLockPPolicy' ]) && ( $_POST [ 'lam_accountStatusLockPPolicy' ] == 'on' )) {
$container -> getAccountModule ( 'ppolicyUser' ) -> lock ();
}
// remove Unix groups
if ( isset ( $_POST [ 'lam_accountStatusRemoveUnixGroups' ]) && ( $_POST [ 'lam_accountStatusRemoveUnixGroups' ] == 'on' )) {
$container -> getAccountModule ( 'posixAccount' ) -> removeFromUnixGroups ();
}
// remove group of names memberships
if ( isset ( $_POST [ 'lam_accountStatusRemoveGONGroups' ]) && ( $_POST [ 'lam_accountStatusRemoveGONGroups' ] == 'on' )) {
$container -> getAccountModule ( 'posixAccount' ) -> removeFromGONGroups ();
}
}
// unlock account
elseif ( $_POST [ 'lam_accountStatusAction' ] == 'unlock' ) {
// Unix
if ( isset ( $_POST [ 'lam_accountStatusUnlockUnix' ]) && ( $_POST [ 'lam_accountStatusUnlockUnix' ] == 'on' )) {
$container -> getAccountModule ( 'posixAccount' ) -> unlock ();
}
// Samba
if ( isset ( $_POST [ 'lam_accountStatusUnlockSamba' ]) && ( $_POST [ 'lam_accountStatusUnlockSamba' ] == 'on' )) {
$container -> getAccountModule ( 'sambaSamAccount' ) -> activate ();
}
// PPolicy
if ( isset ( $_POST [ 'lam_accountStatusUnlockPPolicy' ]) && ( $_POST [ 'lam_accountStatusUnlockPPolicy' ] == 'on' )) {
$container -> getAccountModule ( 'ppolicyUser' ) -> unlock ();
}
}
}
}
2006-01-01 16:30:05 +00:00
}
/**
* Generates the list view .
*
* @ package lists
* @ author Roland Gruber
*
*/
class lamUserList extends lamList {
/** Controls if GID number is translated to group name */
2007-10-13 17:28:37 +00:00
private $trans_primary = false ;
2012-04-06 13:12:43 +00:00
/** Controls if the account status is shown */
private $showAccountStatus = false ;
2006-01-01 16:30:05 +00:00
/** translates GID to group name */
2007-10-13 17:28:37 +00:00
private $trans_primary_hash = array ();
2006-01-01 16:30:05 +00:00
2012-04-06 13:12:43 +00:00
/** ID for config option to translate primary group GIDs to group names */
2007-11-11 14:01:16 +00:00
const TRANS_PRIMARY_OPTION_NAME = " LU_TP " ;
2012-04-06 13:12:43 +00:00
/** ID for config option to show account status */
const ACCOUNT_STATUS_OPTION_NAME = " LU_AS " ;
/** virtual attribute name for account status column */
const ATTR_ACCOUNT_STATUS = 'lam_virtual_account_status' ;
2006-01-01 16:30:05 +00:00
/**
* Constructor
*
* @ param string $type account type
* @ return lamList list object
*/
2007-12-28 16:08:56 +00:00
public function __construct ( $type ) {
parent :: __construct ( $type );
2006-01-01 16:30:05 +00:00
$this -> labels = array (
2012-02-09 17:08:39 +00:00
'nav' => _ ( " User count: %s " ),
2006-01-01 16:30:05 +00:00
'error_noneFound' => _ ( " No users found! " ),
'newEntry' => _ ( " New user " ),
2012-02-05 19:03:25 +00:00
'deleteEntry' => _ ( " Delete selected users " ));
2006-01-01 16:30:05 +00:00
}
2007-06-01 17:25:07 +00:00
/**
* Sets some internal parameters .
*/
2007-11-11 14:01:16 +00:00
protected function listGetParams () {
2007-06-01 17:25:07 +00:00
parent :: listGetParams ();
2006-01-01 16:30:05 +00:00
// generate hash table for group translation
2007-06-01 17:25:07 +00:00
if ( $this -> trans_primary == " on " && ! $this -> refresh && ( sizeof ( $this -> trans_primary_hash ) == 0 )) {
$this -> refreshPrimaryGroupTranslation ();
}
}
/**
* Rereads the entries from LDAP .
*/
2007-11-11 14:01:16 +00:00
protected function listRefreshData () {
2007-06-01 17:25:07 +00:00
parent :: listRefreshData ();
if ( $this -> trans_primary == " on " ) {
$this -> refreshPrimaryGroupTranslation ();
2006-01-01 16:30:05 +00:00
}
2012-04-06 13:12:43 +00:00
if ( $this -> showAccountStatus ) {
$this -> injectAccountStatusAttribute ();
}
2006-01-01 16:30:05 +00:00
}
2007-06-01 17:25:07 +00:00
/**
* Refreshes the GID to group name cache .
*/
2007-11-11 14:01:16 +00:00
protected function refreshPrimaryGroupTranslation () {
2007-06-01 17:25:07 +00:00
$this -> trans_primary_hash = array ();
$grp_suffix = $_SESSION [ 'config' ] -> get_Suffix ( 'group' );
$filter = " objectClass=posixGroup " ;
$attrs = array ( " cn " , " gidNumber " );
2010-02-06 11:52:48 +00:00
$entries = searchLDAPByAttribute ( null , null , 'posixGroup' , $attrs , array ( 'group' ));
for ( $i = 0 ; $i < sizeof ( $entries ); $i ++ ) {
$this -> trans_primary_hash [ $entries [ $i ][ 'gidnumber' ][ 0 ]] = $entries [ $i ][ 'cn' ][ 0 ];
}
2007-06-01 17:25:07 +00:00
}
2006-01-01 16:30:05 +00:00
/**
2007-02-17 16:26:08 +00:00
* Prints the content of a cell in the account list for a given LDAP entry and attribute .
*
* @ param array $entry LDAP attributes
* @ param string $attribute attribute name
*/
2007-11-11 14:01:16 +00:00
protected function listPrintTableCellContent ( & $entry , & $attribute ) {
2007-02-17 16:26:08 +00:00
// check if there is something to display at all
2012-04-06 13:12:43 +00:00
if (( $attribute != self :: ATTR_ACCOUNT_STATUS ) && ( ! isset ( $entry [ $attribute ]) || ! is_array ( $entry [ $attribute ]) || ( sizeof ( $entry [ $attribute ]) < 1 ))) {
return ;
}
2007-02-17 16:26:08 +00:00
// translate GID to group name
if (( $attribute == " gidnumber " ) && ( $this -> trans_primary == " on " )) {
if ( isset ( $this -> trans_primary_hash [ $entry [ $attribute ][ 0 ]])) {
echo $this -> trans_primary_hash [ $entry [ $attribute ][ 0 ]];
2006-01-01 16:30:05 +00:00
}
else {
2007-02-17 16:26:08 +00:00
parent :: listPrintTableCellContent ( $entry , $attribute );
2006-01-01 16:30:05 +00:00
}
2007-02-17 16:26:08 +00:00
}
// show user photos
elseif ( $attribute == " jpegphoto " ) {
if ( sizeof ( $entry [ $attribute ][ 0 ]) < 100 ) {
// looks like we have read broken binary data, reread photo
2010-02-06 11:52:48 +00:00
$result = @ ldap_read ( $_SESSION [ 'ldap' ] -> server (), escapeDN ( $entry [ 'dn' ]), $attribute . " =* " , array ( $attribute ), 0 , 0 , 0 , LDAP_DEREF_NEVER );
2007-02-17 16:26:08 +00:00
if ( $result ) {
$tempEntry = @ ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
2007-02-18 18:35:25 +00:00
if ( $tempEntry ) {
$binData = ldap_get_values_len ( $_SESSION [ 'ldap' ] -> server (), $tempEntry , $attribute );
$entry [ $attribute ] = $binData ;
}
2006-01-01 16:30:05 +00:00
}
}
2010-01-02 13:49:56 +00:00
$imgNumber = $_SESSION [ 'ldap' ] -> new_rand ();
$jpeg_filename = 'jpg' . $imgNumber . '.jpg' ;
2010-04-01 18:12:07 +00:00
$outjpeg = @ fopen ( dirname ( __FILE__ ) . '/../../tmp/' . $jpeg_filename , " wb " );
2007-02-17 16:26:08 +00:00
fwrite ( $outjpeg , $entry [ $attribute ][ 0 ]);
fclose ( $outjpeg );
$photoFile = '../../tmp/' . $jpeg_filename ;
2010-01-01 23:26:57 +00:00
$imgSize = getimagesize ( $photoFile );
$minSize = 64 ;
if ( $imgSize [ 0 ] < 64 ) {
$minSize = $imgSize [ 0 ];
}
$imgTitle = _ ( 'Click to switch between thumbnail and original size.' );
2010-01-02 13:49:56 +00:00
echo " <img id= \" img $imgNumber\ " title = \ " $imgTitle\ " height = $minSize src = \ " " . $photoFile . " \" alt= \" " . _ ( 'Photo' ) . " \" > " ;
echo '<script type="text/javascript">' ;
echo " addResizeHandler(document.getElementById( \" img $imgNumber\ " ), $minSize , " . $imgSize[1] . " ) " ;
echo '</script>' ;
2007-02-17 16:26:08 +00:00
}
2008-01-26 13:01:36 +00:00
elseif (( $attribute == 'mail' ) || ( $attribute == 'rfc822Mailbox' )) {
if ( isset ( $entry [ $attribute ][ 0 ]) && ( $entry [ $attribute ][ 0 ] != '' )) {
for ( $i = 0 ; $i < sizeof ( $entry [ $attribute ]); $i ++ ) {
if ( $i > 0 ) {
echo " , " ;
}
echo " <a href= \" mailto: " . $entry [ $attribute ][ $i ] . " \" > " . $entry [ $attribute ][ $i ] . " </a> \n " ;
}
}
}
2011-04-25 17:47:17 +00:00
// expire dates
elseif ( $attribute == 'shadowexpire' ) {
if ( isset ( $entry [ $attribute ][ 0 ]) && ( $entry [ $attribute ][ 0 ] != '' )) {
echo date ( 'd. m. Y' , $entry [ $attribute ][ 0 ] * 24 * 3600 );
}
}
elseif ( $attribute == 'sambakickofftime' ) {
if ( isset ( $entry [ $attribute ][ 0 ]) && ( $entry [ $attribute ][ 0 ] != '' )) {
if ( $entry [ $attribute ][ 0 ] > 2147483648 ) {
echo " ∞ " ;
}
else {
$date = getdate ( $entry [ $attribute ][ 0 ]);
echo $date [ 'mday' ] . " . " . $date [ 'mon' ] . " . " . $date [ 'year' ];
}
}
}
2012-04-06 13:12:43 +00:00
// account status
elseif ( $attribute == self :: ATTR_ACCOUNT_STATUS ) {
$this -> printAccountStatus ( $entry );
}
2007-02-17 16:26:08 +00:00
// print all other attributes
else {
parent :: listPrintTableCellContent ( $entry , $attribute );
2006-01-01 16:30:05 +00:00
}
}
2007-02-17 16:26:08 +00:00
2007-11-05 18:15:26 +00:00
/**
* Returns a list of lamListTool objects to display next to the edit / delete buttons .
*
* @ return lamListTool [] tools
*/
protected function getAdditionalTools () {
2008-01-08 17:49:50 +00:00
if ( isLAMProVersion () && checkIfPasswordChangeIsAllowed ()) {
2007-11-05 18:15:26 +00:00
$passwordTool = new lamListTool ( _ ( 'Change password' ), 'key.png' , 'changePassword.php' );
return array ( $passwordTool );
}
2008-01-08 17:49:50 +00:00
return array ();
2007-11-05 18:15:26 +00:00
}
2006-01-01 16:30:05 +00:00
2007-11-11 14:01:16 +00:00
/**
* Returns a list of possible configuration options .
*
* @ return array list of lamListOption objects
*/
protected function listGetAllConfigOptions () {
2007-12-09 10:45:04 +00:00
$options = parent :: listGetAllConfigOptions ();
$options [] = new lamBooleanListOption ( _ ( 'Translate GID number to group name' ), self :: TRANS_PRIMARY_OPTION_NAME );
2012-04-06 13:12:43 +00:00
$options [] = new lamBooleanListOption ( _ ( 'Show account status' ), self :: ACCOUNT_STATUS_OPTION_NAME );
2007-12-09 10:45:04 +00:00
return $options ;
2007-11-11 14:01:16 +00:00
}
/**
* Called when the configuration options changed .
*/
protected function listConfigurationChanged () {
2007-12-09 10:45:04 +00:00
parent :: listConfigurationChanged ();
2007-11-11 14:01:16 +00:00
$tpOption = $this -> listGetConfigOptionByID ( self :: TRANS_PRIMARY_OPTION_NAME );
$this -> trans_primary = $tpOption -> isSelected ();
2012-04-06 13:12:43 +00:00
$asOption = $this -> listGetConfigOptionByID ( self :: ACCOUNT_STATUS_OPTION_NAME );
2012-04-19 17:18:14 +00:00
// if account status was activated, reload LDAP data
$asOptionOldValue = $this -> showAccountStatus ;
2012-04-06 13:12:43 +00:00
$this -> showAccountStatus = $asOption -> isSelected ();
2012-04-19 17:18:14 +00:00
if ( $this -> showAccountStatus && ! $asOptionOldValue ) {
$this -> listRefreshData ();
}
2012-04-06 13:12:43 +00:00
}
/**
* Returns an hash array containing with all attributes to be shown and their descriptions .
* < br > Format : array ( attribute => description )
* < br >
* < br > The user list may display an additional account status column
*
* @ return array attribute list
*/
protected function listGetAttributeDescriptionList () {
$list = parent :: listGetAttributeDescriptionList ();
if ( $this -> showAccountStatus ) {
$list [ self :: ATTR_ACCOUNT_STATUS ] = _ ( 'Account status' );
}
return $list ;
}
/**
* Returns if the given attribute can be filtered .
* If filtering is not possible then no filter box will be displayed .
* < br >
* < br > The user list allows no filtering for account status .
*
* @ param String $attr attribute name
* @ return boolean filtering possible
*/
protected function canBeFiltered ( $attr ) {
if ( $attr == self :: ATTR_ACCOUNT_STATUS ) {
return false ;
}
elseif ( strtolower ( $attr ) == 'jpegphoto' ) {
return false ;
}
return true ;
}
/**
* Returns a list of additional LDAP attributes that should be read .
* This can be used to show additional data even if the user selected other attributes to show in the list .
* < br >
* < br > The user list reads pwdAccountLockedTime , sambaAcctFlags and userPassword
*
* @ return array additional attribute names
*/
protected function getAdditionalLDAPAttributesToRead () {
$attrs = parent :: getAdditionalLDAPAttributesToRead ();
if ( $this -> showAccountStatus ) {
$attrs [] = 'pwdAccountLockedTime' ;
$attrs [] = 'sambaAcctFlags' ;
$attrs [] = 'userPassword' ;
$attrs [] = 'objectClass' ;
}
return $attrs ;
}
/**
* Injects values for the virtual account status attribute to make it sortable .
*/
private function injectAccountStatusAttribute () {
for ( $i = 0 ; $i < sizeof ( $this -> entries ); $i ++ ) {
$status = 0 ;
if ( ! $this -> isUnixLocked ( $this -> entries [ $i ])) {
$status ++ ;
}
if ( ! $this -> isSambaLocked ( $this -> entries [ $i ])) {
$status ++ ;
}
if ( ! $this -> isPPolicyLocked ( $this -> entries [ $i ])) {
$status ++ ;
}
$this -> entries [ $i ][ self :: ATTR_ACCOUNT_STATUS ][ 0 ] = $status ;
}
}
/**
* Prints the account status .
*
* @ param array $attrs LDAP attributes
*/
private function printAccountStatus ( & $attrs ) {
// check status
2012-04-07 16:40:34 +00:00
$unixAvailable = self :: isUnixAvailable ( $attrs );
$unixLocked = self :: isUnixLocked ( $attrs );
$sambaAvailable = self :: isSambaAvailable ( $attrs );
$sambaLocked = self :: isSambaLocked ( $attrs );
$ppolicyAvailable = self :: isPPolicyAvailable ( $attrs );
$ppolicyLocked = self :: isPPolicyLocked ( $attrs );
2012-04-06 13:12:43 +00:00
$partiallyLocked = $unixLocked || $sambaLocked || $ppolicyLocked ;
$fullyLocked = ( $unixAvailable || $sambaAvailable || $ppolicyAvailable )
&& ( ! $unixAvailable || $unixLocked )
&& ( ! $sambaAvailable || $sambaLocked )
&& ( ! $ppolicyAvailable || $ppolicyLocked );
$icon = 'unlocked.png' ;
if ( $fullyLocked ) {
$icon = 'lock.png' ;
}
elseif ( $partiallyLocked ) {
$icon = 'partiallyLocked.png' ;
}
// print icon and detail tooltips
if ( $unixAvailable || $sambaAvailable || $ppolicyAvailable ) {
$tipContent = '<table border=0>' ;
// Unix
if ( $unixAvailable ) {
$unixIcon = 'unlocked.png' ;
if ( $unixLocked ) {
$unixIcon = 'lock.png' ;
}
$tipContent .= '<tr><td>' . _ ( 'Unix' ) . ' </td><td><img height=16 width=16 src="../../graphics/' . $unixIcon . '"></td></tr>' ;
}
// Samba
if ( $sambaAvailable ) {
$sambaIcon = 'unlocked.png' ;
if ( $sambaLocked ) {
$sambaIcon = 'lock.png' ;
}
2012-04-19 16:53:12 +00:00
$tipContent .= '<tr><td>' . _ ( 'Samba 3' ) . ' </td><td><img height=16 width=16 src="../../graphics/' . $sambaIcon . '"></td></tr>' ;
2012-04-06 13:12:43 +00:00
}
// PPolicy
if ( $ppolicyAvailable ) {
$ppolicyIcon = 'unlocked.png' ;
if ( $ppolicyLocked ) {
$ppolicyIcon = 'lock.png' ;
}
$tipContent .= '<tr><td>' . _ ( 'Password policy' ) . ' </td><td><img height=16 width=16 src="../../graphics/' . $ppolicyIcon . '"></td></tr>' ;
}
$tipContent .= '</table>' ;
$tooltip = " ' " . $tipContent . " ', TITLE, ' " . _ ( 'Account status' ) . " ' " ;
echo '<img alt="status" onmouseout="UnTip()" onmouseover="Tip(' . $tooltip . ')" height=16 width=16 src="../../graphics/' . $icon . '">' ;
}
else {
echo '<img alt="status" height=16 width=16 src="../../graphics/' . $icon . '">' ;
}
}
/**
* Returns if the Unix part exists .
*
* @ param array $attrs LDAP attributes
* @ return boolean Unix part exists
*/
2012-05-27 20:27:13 +00:00
public static function isUnixAvailable ( & $attrs ) {
2012-04-06 13:12:43 +00:00
return ( isset ( $attrs [ 'objectclass' ]) && in_array_ignore_case ( 'posixAccount' , $attrs [ 'objectclass' ]));
}
/**
* Returns if the Unix part is locked .
*
* @ param array $attrs LDAP attributes
* @ return boolean Unix part locked
*/
2012-05-27 20:27:13 +00:00
public static function isUnixLocked ( & $attrs ) {
2012-04-06 13:12:43 +00:00
return ( isset ( $attrs [ 'userpassword' ][ 0 ]) && ! pwd_is_enabled ( $attrs [ 'userpassword' ][ 0 ]));
}
/**
* Returns if the Samba part exists .
*
* @ param array $attrs LDAP attributes
* @ return boolean Samba part exists
*/
2012-05-27 20:27:13 +00:00
public static function isSambaAvailable ( & $attrs ) {
2012-04-06 13:12:43 +00:00
return ( isset ( $attrs [ 'objectclass' ]) && in_array_ignore_case ( 'sambaSamAccount' , $attrs [ 'objectclass' ]));
}
/**
* Returns if the Samba part is locked .
*
* @ param array $attrs LDAP attributes
* @ return boolean Samba part is locked
*/
2012-05-27 20:27:13 +00:00
public static function isSambaLocked ( & $attrs ) {
2012-04-06 13:12:43 +00:00
return ( isset ( $attrs [ 'sambaacctflags' ][ 0 ]) && strpos ( $attrs [ 'sambaacctflags' ][ 0 ], " D " ));
}
/**
* Returns if the PPolicy part exists .
*
* @ param array $attrs LDAP attributes
* @ return boolean PPolicy part exists
*/
2012-05-27 20:27:13 +00:00
public static function isPPolicyAvailable ( & $attrs ) {
2012-04-06 13:12:43 +00:00
return in_array ( 'ppolicyUser' , $_SESSION [ 'config' ] -> get_AccountModules ( 'user' ));
}
/**
* Returns if the PPolicy part is locked .
*
* @ param array $attrs LDAP attributes
* @ return boolean PPolicy part is locked
*/
2012-05-27 20:27:13 +00:00
public static function isPPolicyLocked ( & $attrs ) {
2012-04-06 13:12:43 +00:00
return ( isset ( $attrs [ 'pwdaccountlockedtime' ][ 0 ]) && ( $attrs [ 'pwdaccountlockedtime' ][ 0 ] != '' ));
2007-11-11 14:01:16 +00:00
}
2010-01-01 23:26:57 +00:00
2006-01-01 16:30:05 +00:00
}
?>
