LDAPAccountManager/lam/templates/account/edit.php

138 lines
4.1 KiB
PHP
Raw Normal View History

2003-09-12 11:27:57 +00:00
<?php
/*
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
2006-03-03 17:30:35 +00:00
Copyright (C) 2003 - 2006 Tilo Lutz
2019-05-20 16:06:07 +00:00
2005 - 2019 Roland Gruber
2003-09-12 11:27:57 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
LDAP Account Manager displays table for creating or modifying accounts in LDAP
*/
/**
* Displays the account detail page.
*
* @package modules
* @author Tilo Lutz
* @author Roland Gruber
*/
2006-03-26 17:51:25 +00:00
/** security functions */
2018-12-23 16:39:44 +00:00
include_once(__DIR__ . "/../../lib/security.inc");
/** configuration options */
2018-12-23 16:39:44 +00:00
include_once(__DIR__ . '/../../lib/config.inc');
/** functions to load and save profiles */
2018-12-23 16:39:44 +00:00
include_once(__DIR__ . '/../../lib/profiles.inc');
/** Return error-message */
2018-12-23 16:39:44 +00:00
include_once(__DIR__ . '/../../lib/status.inc');
/** Return a pdf-file */
2018-12-23 16:39:44 +00:00
include_once(__DIR__ . '/../../lib/pdf.inc');
/** module functions */
2018-12-23 16:39:44 +00:00
include_once(__DIR__ . '/../../lib/modules.inc');
// Start session
2006-03-26 17:51:25 +00:00
startSecureSession();
2017-02-11 16:11:37 +00:00
enforceUserIsLoggedIn();
2020-02-24 19:08:28 +00:00
// Redirect to startpage if user is not logged in
2014-10-25 19:17:53 +00:00
if (!isLoggedIn()) {
metaRefresh("../login.php");
exit;
}
// Set correct language, codepages, ....
setlanguage();
2003-09-12 11:27:57 +00:00
2019-05-23 20:09:05 +00:00
$sessionAccountPrefix = 'editContainer';
if (isset($_GET['editKey'])) {
$sessionKey = htmlspecialchars($_GET['editKey']);
}
else {
$sessionKey = $sessionAccountPrefix . (new \DateTime(null, getTimeZone()))->getTimestamp() . getRandomNumber();
}
2019-05-30 15:19:45 +00:00
// cleanup account containers in session
$cleanupCandidates = array();
foreach ($_SESSION as $key => $value) {
if (strpos($key, $sessionAccountPrefix) === 0) {
$cleanupCandidates[] = $key;
}
$candidateCount = sizeof($cleanupCandidates);
if ($candidateCount > 100) {
$numToDelete = $candidateCount - 100;
natsort($cleanupCandidates);
for ($i = 0; $i < $numToDelete; $i++) {
$toDelete = array_shift($cleanupCandidates);
unset($_SESSION[$toDelete]);
}
}
}
2016-12-24 14:39:02 +00:00
$typeManager = new LAM\TYPES\TypeManager();
2005-08-29 21:43:57 +00:00
//load account
2005-11-06 10:34:33 +00:00
if (isset($_GET['DN'])) {
2016-12-24 14:39:02 +00:00
$type = $typeManager->getConfiguredType($_GET['type']);
2007-12-28 16:08:04 +00:00
$DN = str_replace("\\'", '', $_GET['DN']);
2016-12-24 14:39:02 +00:00
if ($type->isHidden()) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type->getId());
die();
}
2013-11-04 16:32:10 +00:00
if ($_GET['DN'] == $DN) {
if (substr($DN, 0, 1) === "'") {
$DN = substr($DN, 1);
}
if (substr($DN, -1, 1) === "'") {
$DN = substr($DN, 0, -1);
}
}
2016-12-24 14:39:02 +00:00
$suffix = strtolower($type->getSuffix());
2014-09-30 17:19:05 +00:00
$DNlower = strtolower($DN);
if (strpos($DNlower, $suffix) !== (strlen($DNlower) - strlen($suffix))) {
2016-12-24 14:39:02 +00:00
logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type->getId() . ' outside suffix ' . $suffix);
die();
}
2019-05-23 20:09:05 +00:00
$_SESSION[$sessionKey] = new accountContainer($type, $sessionKey);
$result = $_SESSION[$sessionKey]->load_account($DN);
2006-09-16 13:26:18 +00:00
if (sizeof($result) > 0) {
2018-12-23 16:39:44 +00:00
include __DIR__ . '/../../lib/adminHeader.inc';
2017-09-17 09:25:11 +00:00
foreach ($result as $message) {
call_user_func_array("StatusMessage", $message);
2006-09-16 13:26:18 +00:00
}
2018-12-23 16:39:44 +00:00
include __DIR__ . '/../../lib/adminFooter.inc';
2006-09-16 13:26:18 +00:00
die();
}
2005-08-29 21:43:57 +00:00
}
// new account
2019-05-23 20:09:05 +00:00
elseif (empty($_POST)) {
2016-12-24 14:39:02 +00:00
$type = $typeManager->getConfiguredType($_GET['type']);
if ($type->isHidden()) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type->getId());
die();
}
2016-12-24 14:39:02 +00:00
elseif (!checkIfNewEntriesAreAllowed($type->getId())) {
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type->getId());
die();
}
2019-05-23 20:09:05 +00:00
$_SESSION[$sessionKey] = new accountContainer($type, $sessionKey);
$_SESSION[$sessionKey]->new_account();
2005-08-29 21:43:57 +00:00
}
2005-08-29 21:43:57 +00:00
// show account page
2019-05-23 20:09:05 +00:00
$_SESSION[$sessionKey]->continue_main();
2003-09-12 11:27:57 +00:00
?>