2011-05-15 18:26:28 +00:00
|
|
|
<?php
|
2017-09-16 20:16:35 +00:00
|
|
|
namespace LAM\AJAX;
|
2011-05-15 18:26:28 +00:00
|
|
|
/*
|
|
|
|
|
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
2018-03-04 08:37:32 +00:00
|
|
|
Copyright (C) 2011 - 2018 Roland Gruber
|
2011-05-15 18:26:28 +00:00
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
2016-01-16 19:17:19 +00:00
|
|
|
|
2011-05-15 18:26:28 +00:00
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
2016-01-16 19:17:19 +00:00
|
|
|
|
2011-05-15 18:26:28 +00:00
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Manages all AJAX requests.
|
|
|
|
*
|
|
|
|
* @author Roland Gruber
|
|
|
|
* @package tools
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** security functions */
|
|
|
|
include_once("../../lib/security.inc");
|
|
|
|
|
|
|
|
// start session
|
2012-11-25 17:01:44 +00:00
|
|
|
if (isset($_GET['selfservice'])) {
|
|
|
|
// self service uses a different session name
|
|
|
|
session_name('SELFSERVICE');
|
|
|
|
}
|
2013-02-28 19:04:27 +00:00
|
|
|
|
|
|
|
// return standard JSON response if session expired
|
2014-05-25 17:29:19 +00:00
|
|
|
if (startSecureSession(false, true) === false) {
|
2013-02-28 19:04:27 +00:00
|
|
|
echo json_encode(array(
|
|
|
|
'sessionExpired' => "true"
|
|
|
|
));
|
|
|
|
die();
|
|
|
|
}
|
2011-05-15 18:26:28 +00:00
|
|
|
|
2011-05-15 19:42:52 +00:00
|
|
|
setlanguage();
|
|
|
|
|
2017-09-16 20:16:35 +00:00
|
|
|
$ajax = new Ajax();
|
|
|
|
$ajax->handleRequest();
|
2011-05-15 18:26:28 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Manages all AJAX requests.
|
|
|
|
*/
|
2017-09-16 20:16:35 +00:00
|
|
|
class Ajax {
|
2016-01-16 19:17:19 +00:00
|
|
|
|
2011-05-15 18:26:28 +00:00
|
|
|
/**
|
|
|
|
* Manages an AJAX request.
|
|
|
|
*/
|
2017-09-16 20:16:35 +00:00
|
|
|
public function handleRequest() {
|
|
|
|
$this->setHeader();
|
2015-05-14 09:18:45 +00:00
|
|
|
// check token
|
|
|
|
validateSecurityToken(false);
|
2016-01-16 19:17:19 +00:00
|
|
|
|
2012-02-25 18:39:52 +00:00
|
|
|
if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
|
2017-02-11 16:11:37 +00:00
|
|
|
enforceUserIsLoggedIn();
|
2012-02-25 18:39:52 +00:00
|
|
|
if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {
|
|
|
|
if (!isset($_SESSION['account'])) die();
|
|
|
|
$module = $_SESSION['account']->getAccountModule($_GET['module']);
|
|
|
|
$module->handleAjaxRequest();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$module = new $_GET['module']($_GET['scope']);
|
|
|
|
$module->handleAjaxRequest();
|
|
|
|
}
|
|
|
|
}
|
2011-05-15 18:26:28 +00:00
|
|
|
if (!isset($_GET['function'])) {
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
$function = $_GET['function'];
|
|
|
|
if (!isset($_POST['jsonInput'])) {
|
|
|
|
die();
|
|
|
|
}
|
2015-05-14 09:18:45 +00:00
|
|
|
|
2011-05-15 18:26:28 +00:00
|
|
|
$jsonInput = $_POST['jsonInput'];
|
2017-02-11 16:11:37 +00:00
|
|
|
if ($function == 'passwordStrengthCheck') {
|
2017-09-16 20:16:35 +00:00
|
|
|
$this->checkPasswordStrength($jsonInput);
|
2017-02-11 16:11:37 +00:00
|
|
|
}
|
|
|
|
enforceUserIsLoggedIn();
|
2011-05-15 18:26:28 +00:00
|
|
|
if ($function == 'passwordChange') {
|
2017-09-16 20:16:35 +00:00
|
|
|
$this->managePasswordChange($jsonInput);
|
2011-05-15 18:26:28 +00:00
|
|
|
}
|
2016-12-07 20:18:06 +00:00
|
|
|
elseif ($function == 'upload') {
|
|
|
|
include_once('../../lib/upload.inc');
|
2017-01-07 17:23:04 +00:00
|
|
|
$typeManager = new \LAM\TYPES\TypeManager();
|
2017-09-17 07:21:37 +00:00
|
|
|
$uploader = new \LAM\UPLOAD\Uploader($typeManager->getConfiguredType($_GET['typeId']));
|
2016-12-07 20:18:06 +00:00
|
|
|
ob_start();
|
|
|
|
$jsonOut = $uploader->doUpload();
|
|
|
|
ob_end_clean();
|
|
|
|
echo $jsonOut;
|
|
|
|
}
|
2011-05-15 18:26:28 +00:00
|
|
|
}
|
|
|
|
|
2016-01-16 19:17:19 +00:00
|
|
|
/**
|
|
|
|
* Sets JSON HTTP header.
|
|
|
|
*/
|
2016-01-16 19:19:48 +00:00
|
|
|
private static function setHeader() {
|
2016-01-16 19:17:19 +00:00
|
|
|
if (!headers_sent()) {
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-05-15 18:26:28 +00:00
|
|
|
/**
|
|
|
|
* Manages a password change request on the edit account page.
|
|
|
|
*
|
|
|
|
* @param array $input input parameters
|
|
|
|
*/
|
2017-09-16 20:16:35 +00:00
|
|
|
private static function managePasswordChange($input) {
|
2011-05-15 18:26:28 +00:00
|
|
|
$return = $_SESSION['account']->setNewPassword($input);
|
|
|
|
echo json_encode($return);
|
|
|
|
}
|
2016-01-16 19:17:19 +00:00
|
|
|
|
2014-05-25 17:29:19 +00:00
|
|
|
/**
|
|
|
|
* Checks if a password is accepted by LAM's password policy.
|
|
|
|
*
|
|
|
|
* @param array $input input parameters
|
|
|
|
*/
|
2017-09-16 20:16:35 +00:00
|
|
|
private function checkPasswordStrength($input) {
|
2014-05-25 17:29:19 +00:00
|
|
|
$password = $input['password'];
|
|
|
|
$result = checkPasswordStrength($password, null, null);
|
|
|
|
echo json_encode(array("result" => $result));
|
|
|
|
}
|
2016-01-16 19:17:19 +00:00
|
|
|
|
2011-05-15 18:26:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|