| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | namespace LAM\AJAX; | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | /* | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) | 
					
						
							| 
									
										
										
										
											2018-03-04 08:37:32 +00:00
										 |  |  |   Copyright (C) 2011 - 2018  Roland Gruber | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |   This program is free software; you can redistribute it and/or modify | 
					
						
							|  |  |  |   it under the terms of the GNU General Public License as published by | 
					
						
							|  |  |  |   the Free Software Foundation; either version 2 of the License, or | 
					
						
							|  |  |  |   (at your option) any later version. | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  |   This program is distributed in the hope that it will be useful, | 
					
						
							|  |  |  |   but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							|  |  |  |   GNU General Public License for more details. | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  |   You should have received a copy of the GNU General Public License | 
					
						
							|  |  |  |   along with this program; if not, write to the Free Software | 
					
						
							|  |  |  |   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  | * Manages all AJAX requests. | 
					
						
							|  |  |  | * | 
					
						
							|  |  |  | * @author Roland Gruber | 
					
						
							|  |  |  | * @package tools | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** security functions */ | 
					
						
							|  |  |  | include_once("../../lib/security.inc"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // start session
 | 
					
						
							| 
									
										
										
										
											2012-11-25 17:01:44 +00:00
										 |  |  | if (isset($_GET['selfservice'])) { | 
					
						
							|  |  |  | 	// self service uses a different session name
 | 
					
						
							|  |  |  | 	session_name('SELFSERVICE'); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2013-02-28 19:04:27 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | // return standard JSON response if session expired
 | 
					
						
							| 
									
										
										
										
											2014-05-25 17:29:19 +00:00
										 |  |  | if (startSecureSession(false, true) === false) { | 
					
						
							| 
									
										
										
										
											2013-02-28 19:04:27 +00:00
										 |  |  | 	echo json_encode(array( | 
					
						
							|  |  |  | 		'sessionExpired' => "true" | 
					
						
							|  |  |  | 	)); | 
					
						
							|  |  |  | 	die(); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 19:42:52 +00:00
										 |  |  | setlanguage(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | $ajax = new Ajax(); | 
					
						
							|  |  |  | $ajax->handleRequest(); | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * Manages all AJAX requests. | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | class Ajax { | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 	/** | 
					
						
							|  |  |  | 	 * Manages an AJAX request. | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | 	public function handleRequest() { | 
					
						
							|  |  |  | 		$this->setHeader(); | 
					
						
							| 
									
										
										
										
											2015-05-14 09:18:45 +00:00
										 |  |  | 		// check token
 | 
					
						
							| 
									
										
										
										
											2018-03-14 19:06:09 +00:00
										 |  |  | 		validateSecurityToken(); | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-02-25 18:39:52 +00:00
										 |  |  | 		if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) { | 
					
						
							| 
									
										
										
										
											2017-02-11 16:11:37 +00:00
										 |  |  | 			enforceUserIsLoggedIn(); | 
					
						
							| 
									
										
										
										
											2012-02-25 18:39:52 +00:00
										 |  |  | 			if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) { | 
					
						
							|  |  |  | 				if (!isset($_SESSION['account'])) die(); | 
					
						
							|  |  |  | 				$module = $_SESSION['account']->getAccountModule($_GET['module']); | 
					
						
							|  |  |  | 				$module->handleAjaxRequest(); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			else { | 
					
						
							|  |  |  | 				$module = new $_GET['module']($_GET['scope']); | 
					
						
							|  |  |  | 				$module->handleAjaxRequest(); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 		if (!isset($_GET['function'])) { | 
					
						
							|  |  |  | 			die(); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		$function = $_GET['function']; | 
					
						
							|  |  |  | 		if (!isset($_POST['jsonInput'])) { | 
					
						
							|  |  |  | 			die(); | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2015-05-14 09:18:45 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 		$jsonInput = $_POST['jsonInput']; | 
					
						
							| 
									
										
										
										
											2017-02-11 16:11:37 +00:00
										 |  |  | 		if ($function == 'passwordStrengthCheck') { | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | 			$this->checkPasswordStrength($jsonInput); | 
					
						
							| 
									
										
										
										
											2017-02-11 16:11:37 +00:00
										 |  |  | 		} | 
					
						
							|  |  |  | 		enforceUserIsLoggedIn(); | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 		if ($function == 'passwordChange') { | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | 			$this->managePasswordChange($jsonInput); | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-12-07 20:18:06 +00:00
										 |  |  | 		elseif ($function == 'upload') { | 
					
						
							|  |  |  | 			include_once('../../lib/upload.inc'); | 
					
						
							| 
									
										
										
										
											2017-01-07 17:23:04 +00:00
										 |  |  | 			$typeManager = new \LAM\TYPES\TypeManager(); | 
					
						
							| 
									
										
										
										
											2017-09-17 07:21:37 +00:00
										 |  |  | 			$uploader = new \LAM\UPLOAD\Uploader($typeManager->getConfiguredType($_GET['typeId'])); | 
					
						
							| 
									
										
										
										
											2016-12-07 20:18:06 +00:00
										 |  |  | 			ob_start(); | 
					
						
							|  |  |  | 			$jsonOut = $uploader->doUpload(); | 
					
						
							|  |  |  | 			ob_end_clean(); | 
					
						
							|  |  |  | 			echo $jsonOut; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 	/** | 
					
						
							|  |  |  | 	 * Sets JSON HTTP header. | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2016-01-16 19:19:48 +00:00
										 |  |  | 	private static function setHeader() { | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 		if (!headers_sent()) { | 
					
						
							|  |  |  | 			header('Content-Type: application/json; charset=utf-8'); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 	/** | 
					
						
							|  |  |  | 	 * Manages a password change request on the edit account page. | 
					
						
							|  |  |  | 	 * | 
					
						
							|  |  |  | 	 * @param array $input input parameters | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | 	private static function managePasswordChange($input) { | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | 		$return = $_SESSION['account']->setNewPassword($input); | 
					
						
							|  |  |  | 		echo json_encode($return); | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-05-25 17:29:19 +00:00
										 |  |  | 	/** | 
					
						
							|  |  |  | 	 * Checks if a password is accepted by LAM's password policy. | 
					
						
							|  |  |  | 	 * | 
					
						
							|  |  |  | 	 * @param array $input input parameters | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2017-09-16 20:16:35 +00:00
										 |  |  | 	private function checkPasswordStrength($input) { | 
					
						
							| 
									
										
										
										
											2014-05-25 17:29:19 +00:00
										 |  |  | 		$password = $input['password']; | 
					
						
							|  |  |  | 		$result = checkPasswordStrength($password, null, null); | 
					
						
							|  |  |  | 		echo json_encode(array("result" => $result)); | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2016-01-16 19:17:19 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-15 18:26:28 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ?>
 |