LDAPAccountManager/lam/templates/misc/ajax.php

<?php
namespace LAM\AJAX;
use \LAM\TOOLS\IMPORT_EXPORT\Importer;
use \LAM\TOOLS\IMPORT_EXPORT\Exporter;
/*

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2011 - 2018  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**
* Manages all AJAX requests.
*
* @author Roland Gruber
* @package tools
*/

/** security functions */
include_once("../../lib/security.inc");
/** LDIF import */
include_once("../../lib/import.inc");

// start session
if (isset($_GET['selfservice'])) {
	// self service uses a different session name
	session_name('SELFSERVICE');
}

// return standard JSON response if session expired
if (startSecureSession(false, true) === false) {
	echo json_encode(array(
		'sessionExpired' => "true"
	));
	die();
}

setlanguage();

$ajax = new Ajax();
$ajax->handleRequest();

/**
 * Manages all AJAX requests.
 */
class Ajax {

	/**
	 * Manages an AJAX request.
	 */
	public function handleRequest() {
		$this->setHeader();
		// check token
		validateSecurityToken();

		if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
			enforceUserIsLoggedIn();
			if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {
				if (!isset($_SESSION['account'])) die();
				$module = $_SESSION['account']->getAccountModule($_GET['module']);
				$module->handleAjaxRequest();
			}
			else {
				$module = new $_GET['module']($_GET['scope']);
				$module->handleAjaxRequest();
			}
		}
		if (!isset($_GET['function'])) {
			die();
		}
		$function = $_GET['function'];
		if (!isset($_POST['jsonInput'])) {
			die();
		}

		$jsonInput = $_POST['jsonInput'];
		if ($function == 'passwordStrengthCheck') {
			$this->checkPasswordStrength($jsonInput);
		}
		enforceUserIsLoggedIn();
		if ($function == 'passwordChange') {
			$this->managePasswordChange($jsonInput);
		}
		elseif ($function === 'import') {
			include_once('../../lib/import.inc');
			$importer = new Importer();
			ob_start();
			$jsonOut = $importer->doImport();
			ob_end_clean();
			echo $jsonOut;
		}
		elseif ($function === 'export') {
			include_once('../../lib/export.inc');
			$attributes = $_POST['attributes'];
			$baseDn = $_POST['baseDn'];
			$ending = $_POST['ending'];
			$filter = $_POST['filter'];
			$format = $_POST['format'];
			$includeSystem = ($_POST['includeSystem'] === 'true');
			$saveAsFile = ($_POST['saveAsFile'] === 'true');
			$searchScope = $_POST['searchScope'];
			$exporter = new Exporter($baseDn, $searchScope, $filter, $attributes, $includeSystem, $saveAsFile, $format, $ending);
			ob_start();
			$jsonOut = $exporter->doExport();
			ob_end_clean();
			echo $jsonOut;
		}
		elseif ($function === 'upload') {
			include_once('../../lib/upload.inc');
			$typeManager = new \LAM\TYPES\TypeManager();
			$uploader = new \LAM\UPLOAD\Uploader($typeManager->getConfiguredType($_GET['typeId']));
			ob_start();
			$jsonOut = $uploader->doUpload();
			ob_end_clean();
			echo $jsonOut;
		}
	}

	/**
	 * Sets JSON HTTP header.
	 */
	private static function setHeader() {
		if (!headers_sent()) {
			header('Content-Type: application/json; charset=utf-8');
		}
	}

	/**
	 * Manages a password change request on the edit account page.
	 *
	 * @param array $input input parameters
	 */
	private static function managePasswordChange($input) {
		$return = $_SESSION['account']->setNewPassword($input);
		echo json_encode($return);
	}

	/**
	 * Checks if a password is accepted by LAM's password policy.
	 *
	 * @param array $input input parameters
	 */
	private function checkPasswordStrength($input) {
		$password = $input['password'];
		$result = checkPasswordStrength($password, null, null);
		echo json_encode(array("result" => $result));
	}

}


?>
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`<?php`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`namespace LAM\AJAX;`
import tool 2018-08-31 18:59:05 +00:00			`use \LAM\TOOLS\IMPORT_EXPORT\Importer;`
export 2018-09-23 18:12:27 +00:00			`use \LAM\TOOLS\IMPORT_EXPORT\Exporter;`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`/*`

			`This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)`
fix for file upload 2018-03-04 08:37:32 +00:00			`Copyright (C) 2011 - 2018 Roland Gruber`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00
			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`

			`*/`

			`/**`
			`* Manages all AJAX requests.`
			`*`
			`* @author Roland Gruber`
			`* @package tools`
			`*/`

			`/** security functions */`
			`include_once("../../lib/security.inc");`
import full entries 2018-09-01 11:36:04 +00:00			`/** LDIF import */`
			`include_once("../../lib/import.inc");`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00
			`// start session`
fix for self service 2012-11-25 17:01:44 +00:00			`if (isset($_GET['selfservice'])) {`
			`// self service uses a different session name`
			`session_name('SELFSERVICE');`
			`}`
better session timeout support for AJAX requests 2013-02-28 19:04:27 +00:00
			`// return standard JSON response if session expired`
added graphical hint if password does not match policy 2014-05-25 17:29:19 +00:00			`if (startSecureSession(false, true) === false) {`
better session timeout support for AJAX requests 2013-02-28 19:04:27 +00:00			`echo json_encode(array(`
			`'sessionExpired' => "true"`
			`));`
			`die();`
			`}`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00
fixed translation 2011-05-15 19:42:52 +00:00			`setlanguage();`

use proper namespace and class 2017-09-16 20:16:35 +00:00			`$ajax = new Ajax();`
			`$ajax->handleRequest();`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00
			`/**`
			`* Manages all AJAX requests.`
			`*/`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`class Ajax {`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`/**`
			`* Manages an AJAX request.`
			`*/`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`public function handleRequest() {`
			`$this->setHeader();`
added CSRF protection 2015-05-14 09:18:45 +00:00			`// check token`
changed CSRF token handling from GET to POST 2018-03-14 19:06:09 +00:00			`validateSecurityToken();`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00
allow modules to react on AJAX requests 2012-02-25 18:39:52 +00:00			`if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {`
check if user is logged in 2017-02-11 16:11:37 +00:00			`enforceUserIsLoggedIn();`
allow modules to react on AJAX requests 2012-02-25 18:39:52 +00:00			`if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {`
			`if (!isset($_SESSION['account'])) die();`
			`$module = $_SESSION['account']->getAccountModule($_GET['module']);`
			`$module->handleAjaxRequest();`
			`}`
			`else {`
			`$module = new $_GET['module']($_GET['scope']);`
			`$module->handleAjaxRequest();`
			`}`
			`}`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`if (!isset($_GET['function'])) {`
			`die();`
			`}`
			`$function = $_GET['function'];`
			`if (!isset($_POST['jsonInput'])) {`
			`die();`
			`}`
added CSRF protection 2015-05-14 09:18:45 +00:00
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`$jsonInput = $_POST['jsonInput'];`
check if user is logged in 2017-02-11 16:11:37 +00:00			`if ($function == 'passwordStrengthCheck') {`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`$this->checkPasswordStrength($jsonInput);`
check if user is logged in 2017-02-11 16:11:37 +00:00			`}`
			`enforceUserIsLoggedIn();`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`if ($function == 'passwordChange') {`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`$this->managePasswordChange($jsonInput);`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`}`
import tool 2018-08-31 18:59:05 +00:00			`elseif ($function === 'import') {`
			`include_once('../../lib/import.inc');`
			`$importer = new Importer();`
			`ob_start();`
			`$jsonOut = $importer->doImport();`
			`ob_end_clean();`
			`echo $jsonOut;`
			`}`
export 2018-09-23 18:12:27 +00:00			`elseif ($function === 'export') {`
			`include_once('../../lib/export.inc');`
			`$attributes = $_POST['attributes'];`
			`$baseDn = $_POST['baseDn'];`
			`$ending = $_POST['ending'];`
			`$filter = $_POST['filter'];`
			`$format = $_POST['format'];`
			`$includeSystem = ($_POST['includeSystem'] === 'true');`
			`$saveAsFile = ($_POST['saveAsFile'] === 'true');`
			`$searchScope = $_POST['searchScope'];`
			`$exporter = new Exporter($baseDn, $searchScope, $filter, $attributes, $includeSystem, $saveAsFile, $format, $ending);`
			`ob_start();`
			`$jsonOut = $exporter->doExport();`
			`ob_end_clean();`
			`echo $jsonOut;`
			`}`
import tool 2018-08-31 18:59:05 +00:00			`elseif ($function === 'upload') {`
Ajax file upload 2016-12-07 20:18:06 +00:00			`include_once('../../lib/upload.inc');`
new type API for upload 2017-01-07 17:23:04 +00:00			`$typeManager = new \LAM\TYPES\TypeManager();`
new remote API 2017-09-17 07:21:37 +00:00			`$uploader = new \LAM\UPLOAD\Uploader($typeManager->getConfiguredType($_GET['typeId']));`
Ajax file upload 2016-12-07 20:18:06 +00:00			`ob_start();`
			`$jsonOut = $uploader->doUpload();`
			`ob_end_clean();`
			`echo $jsonOut;`
			`}`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`}`

set correct content type for JSON requests 2016-01-16 19:17:19 +00:00			`/**`
			`* Sets JSON HTTP header.`
			`*/`
set correct content type for JSON requests 2016-01-16 19:19:48 +00:00			`private static function setHeader() {`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00			`if (!headers_sent()) {`
			`header('Content-Type: application/json; charset=utf-8');`
			`}`
			`}`

use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`/**`
			`* Manages a password change request on the edit account page.`
			`*`
			`* @param array $input input parameters`
			`*/`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`private static function managePasswordChange($input) {`
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`$return = $_SESSION['account']->setNewPassword($input);`
			`echo json_encode($return);`
			`}`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00
added graphical hint if password does not match policy 2014-05-25 17:29:19 +00:00			`/**`
			`* Checks if a password is accepted by LAM's password policy.`
			`*`
			`* @param array $input input parameters`
			`*/`
use proper namespace and class 2017-09-16 20:16:35 +00:00			`private function checkPasswordStrength($input) {`
added graphical hint if password does not match policy 2014-05-25 17:29:19 +00:00			`$password = $input['password'];`
			`$result = checkPasswordStrength($password, null, null);`
			`echo json_encode(array("result" => $result));`
			`}`
set correct content type for JSON requests 2016-01-16 19:17:19 +00:00
use AJAX for password change dialog 2011-05-15 18:26:28 +00:00			`}`


			`?>`