2003-09-12 11:27:57 +00:00
|
|
|
<?php
|
|
|
|
/*
|
|
|
|
$Id$
|
|
|
|
|
2009-10-27 18:47:12 +00:00
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
2006-03-03 17:30:35 +00:00
|
|
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
2014-08-12 18:24:59 +00:00
|
|
|
2005 - 2014 Roland Gruber
|
2003-09-12 11:27:57 +00:00
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
|
|
|
|
LDAP Account Manager displays table for creating or modifying accounts in LDAP
|
|
|
|
*/
|
|
|
|
|
2005-03-05 12:48:36 +00:00
|
|
|
/**
|
|
|
|
* Displays the account detail page.
|
|
|
|
*
|
|
|
|
* @package modules
|
|
|
|
* @author Tilo Lutz
|
2013-01-01 20:46:28 +00:00
|
|
|
* @author Roland Gruber
|
2005-03-05 12:48:36 +00:00
|
|
|
*/
|
|
|
|
|
2006-03-26 17:51:25 +00:00
|
|
|
/** security functions */
|
|
|
|
include_once("../../lib/security.inc");
|
2005-03-05 12:48:36 +00:00
|
|
|
/** configuration options */
|
|
|
|
include_once('../../lib/config.inc');
|
|
|
|
/** functions to load and save profiles */
|
|
|
|
include_once('../../lib/profiles.inc');
|
|
|
|
/** Return error-message */
|
|
|
|
include_once('../../lib/status.inc');
|
|
|
|
/** Return a pdf-file */
|
|
|
|
include_once('../../lib/pdf.inc');
|
|
|
|
/** module functions */
|
|
|
|
include_once('../../lib/modules.inc');
|
|
|
|
|
|
|
|
// Start session
|
2006-03-26 17:51:25 +00:00
|
|
|
startSecureSession();
|
2005-03-05 12:48:36 +00:00
|
|
|
|
|
|
|
// Redirect to startpage if user is not loged in
|
2008-05-15 17:32:59 +00:00
|
|
|
if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
|
2005-03-05 12:48:36 +00:00
|
|
|
metaRefresh("../login.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set correct language, codepages, ....
|
|
|
|
setlanguage();
|
2003-09-12 11:27:57 +00:00
|
|
|
|
2005-08-29 21:43:57 +00:00
|
|
|
//load account
|
2005-11-06 10:34:33 +00:00
|
|
|
if (isset($_GET['DN'])) {
|
2007-12-28 16:08:04 +00:00
|
|
|
$DN = str_replace("\\'", '', $_GET['DN']);
|
|
|
|
$type = str_replace("\\'", '', $_GET['type']);
|
2004-02-10 19:59:41 +00:00
|
|
|
if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
|
2013-01-01 20:46:28 +00:00
|
|
|
if (isAccountTypeHidden($type)) {
|
|
|
|
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
|
|
|
|
die();
|
|
|
|
}
|
2013-11-04 16:32:10 +00:00
|
|
|
if ($_GET['DN'] == $DN) {
|
|
|
|
if (substr($DN, 0, 1) === "'") {
|
|
|
|
$DN = substr($DN, 1);
|
|
|
|
}
|
|
|
|
if (substr($DN, -1, 1) === "'") {
|
|
|
|
$DN = substr($DN, 0, -1);
|
|
|
|
}
|
|
|
|
}
|
2014-09-30 17:19:05 +00:00
|
|
|
$suffix = strtolower($_SESSION['config']->get_Suffix($type));
|
|
|
|
$DNlower = strtolower($DN);
|
|
|
|
if (strpos($DNlower, $suffix) !== (strlen($DNlower) - strlen($suffix))) {
|
2014-08-12 18:24:59 +00:00
|
|
|
logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type . ' outside suffix ' . $suffix);
|
|
|
|
die();
|
|
|
|
}
|
2004-02-10 19:59:41 +00:00
|
|
|
$_SESSION['account'] = new accountContainer($type, 'account');
|
2006-09-16 13:26:18 +00:00
|
|
|
$result = $_SESSION['account']->load_account($DN);
|
|
|
|
if (sizeof($result) > 0) {
|
2010-01-13 19:26:25 +00:00
|
|
|
include '../main_header.php';
|
2006-09-16 13:26:18 +00:00
|
|
|
for ($i=0; $i<sizeof($result); $i++) {
|
|
|
|
call_user_func_array("StatusMessage", $result[$i]);
|
|
|
|
}
|
2010-08-21 09:43:52 +00:00
|
|
|
include '../main_footer.php';
|
2006-09-16 13:26:18 +00:00
|
|
|
die();
|
|
|
|
}
|
2005-08-29 21:43:57 +00:00
|
|
|
}
|
|
|
|
// new account
|
2003-12-30 15:36:30 +00:00
|
|
|
else if (count($_POST)==0) {
|
2008-01-08 18:28:43 +00:00
|
|
|
$type = str_replace("\\'", '', $_GET['type']);
|
2004-02-10 19:59:41 +00:00
|
|
|
if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
|
2013-01-01 20:46:28 +00:00
|
|
|
if (isAccountTypeHidden($type)) {
|
|
|
|
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
|
|
|
|
die();
|
|
|
|
}
|
2013-05-01 12:36:17 +00:00
|
|
|
elseif (!checkIfNewEntriesAreAllowed($type)) {
|
|
|
|
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
|
|
|
|
die();
|
|
|
|
}
|
2004-02-10 19:59:41 +00:00
|
|
|
$_SESSION['account'] = new accountContainer($type, 'account');
|
2003-12-30 15:36:30 +00:00
|
|
|
$_SESSION['account']->new_account();
|
2005-08-29 21:43:57 +00:00
|
|
|
}
|
2005-09-01 15:20:15 +00:00
|
|
|
|
|
|
|
// remove double slashes if magic quotes are on
|
|
|
|
if (get_magic_quotes_gpc() == 1) {
|
|
|
|
$postKeys = array_keys($_POST);
|
|
|
|
for ($i = 0; $i < sizeof($postKeys); $i++) {
|
|
|
|
if (is_string($_POST[$postKeys[$i]])) $_POST[$postKeys[$i]] = stripslashes($_POST[$postKeys[$i]]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-08-29 21:43:57 +00:00
|
|
|
// show account page
|
2006-08-14 17:29:45 +00:00
|
|
|
$_SESSION['account']->continue_main();
|
2003-09-12 11:27:57 +00:00
|
|
|
|
|
|
|
?>
|