LDAPAccountManager/lam/templates/account/edit.php

<?php
/*

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Tilo Lutz
                2005 - 2019  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA


  LDAP Account Manager displays table for creating or modifying accounts in LDAP
*/

/**
* Displays the account detail page.
*
* @package modules
* @author Tilo Lutz
* @author Roland Gruber
*/

/** security functions */
include_once(__DIR__ . "/../../lib/security.inc");
/** configuration options */
include_once(__DIR__ . '/../../lib/config.inc');
/** functions to load and save profiles */
include_once(__DIR__ . '/../../lib/profiles.inc');
/** Return error-message */
include_once(__DIR__ . '/../../lib/status.inc');
/** Return a pdf-file */
include_once(__DIR__ . '/../../lib/pdf.inc');
/** module functions */
include_once(__DIR__ . '/../../lib/modules.inc');

// Start session
startSecureSession();
enforceUserIsLoggedIn();

// Redirect to startpage if user is not logged in
if (!isLoggedIn()) {
	metaRefresh("../login.php");
	exit;
	}

// Set correct language, codepages, ....
setlanguage();

$sessionAccountPrefix = 'editContainer';
if (isset($_GET['editKey'])) {
	$sessionKey = htmlspecialchars($_GET['editKey']);
}
else {
	$sessionKey = $sessionAccountPrefix . (new \DateTime(null, getTimeZone()))->getTimestamp() . getRandomNumber();
}

// cleanup account containers in session
$cleanupCandidates = array();
foreach ($_SESSION as $key => $value) {
	if (strpos($key, $sessionAccountPrefix) === 0) {
		$cleanupCandidates[] = $key;
	}
	$candidateCount = sizeof($cleanupCandidates);
	if ($candidateCount > 100) {
		$numToDelete = $candidateCount - 100;
		natsort($cleanupCandidates);
		for ($i = 0; $i < $numToDelete; $i++) {
			$toDelete = array_shift($cleanupCandidates);
			unset($_SESSION[$toDelete]);
		}
	}
}

$typeManager = new LAM\TYPES\TypeManager();
//load account
if (isset($_GET['DN'])) {
	$type = $typeManager->getConfiguredType($_GET['type']);
	$DN = str_replace("\\'", '', $_GET['DN']);
	if ($type->isHidden()) {
		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type->getId());
		die();
	}
	if ($_GET['DN'] == $DN) {
		if (substr($DN, 0, 1) === "'") {
			$DN = substr($DN, 1);
		}
		if (substr($DN, -1, 1) === "'") {
			$DN = substr($DN, 0, -1);
		}
	}
	$suffix = strtolower($type->getSuffix());
	$DNlower = strtolower($DN);
	if (strpos($DNlower, $suffix) !== (strlen($DNlower) - strlen($suffix))) {
		logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type->getId() . ' outside suffix ' . $suffix);
		die();
	}
	$_SESSION[$sessionKey] = new accountContainer($type, $sessionKey);
	$result = $_SESSION[$sessionKey]->load_account($DN);
	if (sizeof($result) > 0) {
		include __DIR__ . '/../../lib/adminHeader.inc';
		foreach ($result as $message) {
			call_user_func_array("StatusMessage", $message);
		}
		include __DIR__ . '/../../lib/adminFooter.inc';
		die();
	}
}
// new account
elseif (empty($_POST)) {
	$type = $typeManager->getConfiguredType($_GET['type']);
	if ($type->isHidden()) {
		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type->getId());
		die();
	}
	elseif (!checkIfNewEntriesAreAllowed($type->getId())) {
		logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type->getId());
		die();
	}
	$_SESSION[$sessionKey] = new accountContainer($type, $sessionKey);
	$_SESSION[$sessionKey]->new_account();
}

// show account page
$_SESSION[$sessionKey]->continue_main();

?>
Added separate hosts page 2003-09-12 11:27:57 +00:00			`<?php`
			`/*`

new homepage 2009-10-27 18:47:12 +00:00			`This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)`
Copyright updates 2006-03-03 17:30:35 +00:00			`Copyright (C) 2003 - 2006 Tilo Lutz`
removed parallel editing check 2019-05-20 16:06:07 +00:00			`2005 - 2019 Roland Gruber`
Added separate hosts page 2003-09-12 11:27:57 +00:00
			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`


			`LDAP Account Manager displays table for creating or modifying accounts in LDAP`
			`*/`

moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`/**`
			`* Displays the account detail page.`
			`*`
			`* @package modules`
			`* @author Tilo Lutz`
allow to hide account types additional LDAP filter for account types 2013-01-01 20:46:28 +00:00			`* @author Roland Gruber`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`*/`

added basic security checks 2006-03-26 17:51:25 +00:00			`/** security functions */`
refactoring 2018-12-23 16:39:44 +00:00			`include_once(__DIR__ . "/../../lib/security.inc");`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`/** configuration options */`
refactoring 2018-12-23 16:39:44 +00:00			`include_once(__DIR__ . '/../../lib/config.inc');`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`/** functions to load and save profiles */`
refactoring 2018-12-23 16:39:44 +00:00			`include_once(__DIR__ . '/../../lib/profiles.inc');`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`/** Return error-message */`
refactoring 2018-12-23 16:39:44 +00:00			`include_once(__DIR__ . '/../../lib/status.inc');`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`/** Return a pdf-file */`
refactoring 2018-12-23 16:39:44 +00:00			`include_once(__DIR__ . '/../../lib/pdf.inc');`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`/** module functions */`
refactoring 2018-12-23 16:39:44 +00:00			`include_once(__DIR__ . '/../../lib/modules.inc');`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00
			`// Start session`
added basic security checks 2006-03-26 17:51:25 +00:00			`startSecureSession();`
check if user is logged in 2017-02-11 16:11:37 +00:00			`enforceUserIsLoggedIn();`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00
typos 2020-02-24 19:08:28 +00:00			`// Redirect to startpage if user is not logged in`
added isLoggedIn() 2014-10-25 19:17:53 +00:00			`if (!isLoggedIn()) {`
moved contents of include.inc to edit.php 2005-03-05 12:48:36 +00:00			`metaRefresh("../login.php");`
			`exit;`
			`}`

			`// Set correct language, codepages, ....`
			`setlanguage();`
Added separate hosts page 2003-09-12 11:27:57 +00:00
use random session key 2019-05-23 20:09:05 +00:00			`$sessionAccountPrefix = 'editContainer';`
			`if (isset($_GET['editKey'])) {`
			`$sessionKey = htmlspecialchars($_GET['editKey']);`
			`}`
			`else {`
			`$sessionKey = $sessionAccountPrefix . (new \DateTime(null, getTimeZone()))->getTimestamp() . getRandomNumber();`
			`}`

cleanup old containers 2019-05-30 15:19:45 +00:00			`// cleanup account containers in session`
			`$cleanupCandidates = array();`
			`foreach ($_SESSION as $key => $value) {`
			`if (strpos($key, $sessionAccountPrefix) === 0) {`
			`$cleanupCandidates[] = $key;`
			`}`
			`$candidateCount = sizeof($cleanupCandidates);`
			`if ($candidateCount > 100) {`
			`$numToDelete = $candidateCount - 100;`
			`natsort($cleanupCandidates);`
			`for ($i = 0; $i < $numToDelete; $i++) {`
			`$toDelete = array_shift($cleanupCandidates);`
			`unset($_SESSION[$toDelete]);`
			`}`
			`}`
			`}`

new type API 2016-12-24 14:39:02 +00:00			`$typeManager = new LAM\TYPES\TypeManager();`
fixed problem with quotes in DN 2005-08-29 21:43:57 +00:00			`//load account`
fixed some PHP notices 2005-11-06 10:34:33 +00:00			`if (isset($_GET['DN'])) {`
new type API 2016-12-24 14:39:02 +00:00			`$type = $typeManager->getConfiguredType($_GET['type']);`
fixed escape sequences 2007-12-28 16:08:04 +00:00			`$DN = str_replace("\\'", '', $_GET['DN']);`
new type API 2016-12-24 14:39:02 +00:00			`if ($type->isHidden()) {`
			`logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type->getId());`
allow to hide account types additional LDAP filter for account types 2013-01-01 20:46:28 +00:00			`die();`
			`}`
handle quotes in DN 2013-11-04 16:32:10 +00:00			`if ($_GET['DN'] == $DN) {`
			`if (substr($DN, 0, 1) === "'") {`
			`$DN = substr($DN, 1);`
			`}`
			`if (substr($DN, -1, 1) === "'") {`
			`$DN = substr($DN, 0, -1);`
			`}`
			`}`
new type API 2016-12-24 14:39:02 +00:00			`$suffix = strtolower($type->getSuffix());`
fixed problem with DN check 2014-09-30 17:19:05 +00:00			`$DNlower = strtolower($DN);`
			`if (strpos($DNlower, $suffix) !== (strlen($DNlower) - strlen($suffix))) {`
new type API 2016-12-24 14:39:02 +00:00			`logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type->getId() . ' outside suffix ' . $suffix);`
added check if object is in correct suffix 2014-08-12 18:24:59 +00:00			`die();`
			`}`
use random session key 2019-05-23 20:09:05 +00:00			`$_SESSION[$sessionKey] = new accountContainer($type, $sessionKey);`
			`$result = $_SESSION[$sessionKey]->load_account($DN);`
better error handling 2006-09-16 13:26:18 +00:00			`if (sizeof($result) > 0) {`
refactoring 2018-12-23 16:39:44 +00:00			`include __DIR__ . '/../../lib/adminHeader.inc';`
use foreach 2017-09-17 09:25:11 +00:00			`foreach ($result as $message) {`
			`call_user_func_array("StatusMessage", $message);`
better error handling 2006-09-16 13:26:18 +00:00			`}`
refactoring 2018-12-23 16:39:44 +00:00			`include __DIR__ . '/../../lib/adminFooter.inc';`
better error handling 2006-09-16 13:26:18 +00:00			`die();`
			`}`
fixed problem with quotes in DN 2005-08-29 21:43:57 +00:00			`}`
			`// new account`
use random session key 2019-05-23 20:09:05 +00:00			`elseif (empty($_POST)) {`
new type API 2016-12-24 14:39:02 +00:00			`$type = $typeManager->getConfiguredType($_GET['type']);`
			`if ($type->isHidden()) {`
			`logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type->getId());`
allow to hide account types additional LDAP filter for account types 2013-01-01 20:46:28 +00:00			`die();`
			`}`
new type API 2016-12-24 14:39:02 +00:00			`elseif (!checkIfNewEntriesAreAllowed($type->getId())) {`
			`logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type->getId());`
allow to hide buttons to create/delete accounts 2013-05-01 12:36:17 +00:00			`die();`
			`}`
use random session key 2019-05-23 20:09:05 +00:00			`$_SESSION[$sessionKey] = new accountContainer($type, $sessionKey);`
			`$_SESSION[$sessionKey]->new_account();`
fixed problem with quotes in DN 2005-08-29 21:43:57 +00:00			`}`
changed subpage handling; fixed another magic_quotes_gpc bug 2005-09-01 15:20:15 +00:00
fixed problem with quotes in DN 2005-08-29 21:43:57 +00:00			`// show account page`
use random session key 2019-05-23 20:09:05 +00:00			`$_SESSION[$sessionKey]->continue_main();`
Added separate hosts page 2003-09-12 11:27:57 +00:00
			`?>`