Removed little bug when moving groups to another dn. It has worked but an error has shown.
Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
This commit is contained in:
parent
e9cdb7d16a
commit
5782108a0f
|
@ -28,9 +28,10 @@ $Id$
|
|||
*/
|
||||
class cache {
|
||||
function cache() {
|
||||
$this->config = &$_SESSION['config'];
|
||||
$this->ldap = &$_SESSION['ldap'];
|
||||
$this->config =& $_SESSION['config'];
|
||||
$this->ldap =& $_SESSION['ldap'];
|
||||
$this->time = 0;
|
||||
$this->attributes = array();
|
||||
}
|
||||
|
||||
var $ldapcache; // This variable contains the cache
|
||||
|
@ -43,6 +44,7 @@ class cache {
|
|||
* syntax of $attributes is array( scope1 => array ( attributes ), scope2 => array ( attributes ), ...)
|
||||
*/
|
||||
function add_cache($attributes) {
|
||||
$this->refresh_cache();
|
||||
// Check input variable
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
if (!is_array($attributes)) trigger_error(_('Argument of add_cache must be : array ( scope => array(attribute1(string), attribute2(string), ..), scope => ... ).'), E_USER_ERROR);
|
||||
|
@ -68,6 +70,7 @@ class cache {
|
|||
*
|
||||
*/
|
||||
function get_cache($attribute, $objectClass, $singlescope) {
|
||||
$this->refresh_cache();
|
||||
// Check input variables
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
|
||||
|
@ -82,6 +85,7 @@ class cache {
|
|||
if ($singlescope == '*') $scopes = $allowed_types;
|
||||
else $scopes = array ( $singlescope );
|
||||
foreach ($scopes as $scope) {
|
||||
if (isset($this->ldapcache[$scope])) {
|
||||
$DNs = array_keys($this->ldapcache[$scope]);
|
||||
foreach ($DNs as $dn) {
|
||||
if (isset($this->ldapcache[$scope][$dn][$attribute]) && in_array($objectClass, $this->ldapcache[$scope][$dn]['objectClass'])) {
|
||||
|
@ -94,6 +98,7 @@ class cache {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
@ -102,6 +107,7 @@ class cache {
|
|||
* $scope is the scope where to search
|
||||
*/
|
||||
function in_cache($value, $attribute, $singlescope) {
|
||||
$this->refresh_cache();
|
||||
// Check input variables
|
||||
$allowed_types = array ( 'user', 'group', 'host', '*' );
|
||||
if (!in_array($singlescope, $allowed_types)) trigger_error(sprintf(_('Invalid scope. Valid scopes are %s.'), implode(" ", $allowed_types)), E_USER_ERROR);
|
||||
|
@ -130,15 +136,20 @@ class cache {
|
|||
$this->refresh_cache();
|
||||
if ($singlescope == '*') $scopes = $allowed_types;
|
||||
else $scopes = array ( $singlescope );
|
||||
//print_r($this->ldapcache);
|
||||
foreach ($scopes as $scope) {
|
||||
if (isset($this->ldapcache[$scope])) {
|
||||
$DNs = array_keys($this->ldapcache[$scope]);
|
||||
foreach ($DNs as $dn) {
|
||||
if (is_array($this->ldapcache[$scope][$dn][$attribute])) {
|
||||
if (in_array($value, $this->ldapcache[$scope][$dn][$attribute])) {
|
||||
// Return value if value was found
|
||||
return $dn;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Return false if value wasn't found
|
||||
return false;
|
||||
}
|
||||
|
@ -210,19 +221,19 @@ class main {
|
|||
var $current_page;
|
||||
// This variable os set to the pagename of a subpage if it should be displayed
|
||||
var $subpage;
|
||||
// reference to base-array so we can read other classes in basearray
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
// Localized part of HTML-Header
|
||||
var $header;
|
||||
// Alias Name. This name is shown in the menu instead of main
|
||||
var $alias;
|
||||
|
||||
function main() {
|
||||
function main($base) {
|
||||
$this->current_page = 0;
|
||||
$this->subpage = '';
|
||||
/* Create a reference to basearray so we can read all other modules
|
||||
* php will avaois recousrion itself
|
||||
*/
|
||||
$this->base = &$baseobject;
|
||||
$this->header = &$_SESSION['header'];
|
||||
$this->base = $base;
|
||||
$this->alias = _('main');
|
||||
}
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
|
@ -231,24 +242,249 @@ class main {
|
|||
return array();
|
||||
}
|
||||
|
||||
/* This function will process transmitted data
|
||||
* and decides which page show next.
|
||||
*/
|
||||
function main_continue() {
|
||||
// Which data should be processed?
|
||||
if ($this->subpage=='') $this->subpage='attributes';
|
||||
$function = '$result = $this->base->module[$this->base->order[$this->current_page]]->process_'.$this->subpage.'($_POST);';
|
||||
eval ($function);
|
||||
if (is_string($return)) $this->subpage = $return;
|
||||
if (is_int($return)) {
|
||||
for ($i=0; $i<count($this->base->order); $i++ ) {
|
||||
if ($_POST['form_main_'.$this->base->order[$i]]) $this->current_page = $i;
|
||||
function display_html_attributes($post) {
|
||||
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
|
||||
eval($function);
|
||||
$modules = $_SESSION[$this->base]->check_attributes();
|
||||
if (count($modules)!=0) {
|
||||
$disabled = 'disabled';
|
||||
for ($i=0; $i<count($modules); $i++) StatusMessage('ERROR', _('Check module'), sprintf(_('Please set up all required attributes on %s page'), $_SESSION[$this->base]->module[$modules[$i]]->alias));
|
||||
}
|
||||
$this->subpage='attributes';
|
||||
else $disabled = '';
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Suffix') . "</td>\n";
|
||||
echo "<td><select name=\"form_main_suffix\">";
|
||||
// loop through all suffixes
|
||||
$function = '$suffix = $_SESSION[$_SESSION[$this->base]->config]->get_'.ucfirst($_SESSION[$this->base]->type).'Suffix();';
|
||||
eval($function);
|
||||
foreach ($_SESSION[$_SESSION[$this->base]->ldap]->search_units($suffix) as $suffix) {
|
||||
if ($_SESSION[$this->base]->dn) {
|
||||
if ($_SESSION[$this->base]->dn == $suffix) echo "<option selected>$suffix</option>\n";
|
||||
else echo "<option>$suffix</option>\n";
|
||||
}
|
||||
else echo "<option>$suffix</option>\n";
|
||||
}
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=461\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
// Show fieldset with list of all user profiles
|
||||
if (count($profilelist)!=0) {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Load profile") . "</td>\n";
|
||||
echo "<td><select name=\"form_main_selectLoadProfile\">";
|
||||
foreach ($profilelist as $profile) echo "<option>$profile</option>\n";
|
||||
echo "</select>\n";
|
||||
echo "<input name=\"form_main_loadProfile\" type=\"submit\" value=\"" . _('Load Profile') . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=421\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _("Save profile") . "</td>\n";
|
||||
echo "<td><input name=\"form_main_selectSaveProfile\" type=\"text\" size=\"30\" maxlength=\"50\">\n";
|
||||
echo "<input name=\"form_main_saveProfile\" type=\"submit\" value=\"" . _('Save profile') . "\" $disabled ></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=457\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
echo "<tr>\n";
|
||||
echo "<td><input name=\"form_main_create\" type=\"submit\" value=\"";
|
||||
if ($_SESSION[$this->base]->dn_orig!='') echo _('Modify Account');
|
||||
else echo _('Create Account');
|
||||
echo "\" $disabled ></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* This page will be shown if an account
|
||||
* has been saved
|
||||
*/
|
||||
function display_html_finish($post) {
|
||||
// Show success message
|
||||
if ($_SESSION[$this->base]->dn_orig=='') $kind = _('created');
|
||||
else $kind = _('modified');
|
||||
$text = sprintf(_('%s has been %s.'), ucfirst($_SESSION[$this->base]->type), $kind);
|
||||
StatusMessage('INFO', _('LDAP operation successful.'), $text);
|
||||
|
||||
// Show rest of page
|
||||
echo "<table border=0 width=\"100%\">\n";
|
||||
echo "<tr>\n";
|
||||
if ($_SESSION[$this->base]->dn_orig=='') {
|
||||
echo "<td><input name=\"form_main_createagain\" type=\"submit\" value=\"";
|
||||
echo sprintf(_('Create another %s'), $_SESSION[$this->base]->type);
|
||||
echo "\"></td>\n";
|
||||
}
|
||||
echo "<td><input name=\"form_main_outputpdf\" type=\"submit\" value=\"" . _('Create PDF file') . "\"></td>\n";
|
||||
echo "<td><input name=\"form_main_backmain\" type=\"submit\" value=\"";
|
||||
echo sprintf (_('Back to %s list'), $_SESSION[$this->base]->type);
|
||||
echo "\"></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_finish($post) {
|
||||
if ($post['form_main_createagain']) {
|
||||
// Reset objects
|
||||
$modules = array_keys($_SESSION[$this->base]->module);
|
||||
foreach ($modules as $module)
|
||||
if ($module!='main') unset($_SESSION[$this->base]->module[$module]);
|
||||
// Reset accountContainer
|
||||
$_SESSION[$this->base]->dn = '';
|
||||
$_SESSION[$this->base]->dn_orig = '';
|
||||
$_SESSION[$this->base]->attributes = array();
|
||||
$_SESSION[$this->base]->order = array();
|
||||
$this->current_page = 0;
|
||||
$this->subpage = '';
|
||||
// Add all required objects etc.
|
||||
$_SESSION[$this->base]->new_account();
|
||||
return 0;
|
||||
}
|
||||
if ($post['form_main_backmain']) {
|
||||
// Return to *-list
|
||||
// *** fixme unset accountContainer in session
|
||||
metaRefresh("../lists/list".$_SESSION[$this->base]->type."s.php");
|
||||
exit;
|
||||
}
|
||||
if ($post['form_main_outputpdf']) {
|
||||
// Create / display PDf-file
|
||||
$function = 'create'.ucfirst($_SESSION[$this->base]->type).'PDF(array($_SESSION[$this->base]));';
|
||||
eval($function);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// change dn
|
||||
if ($post['form_main_suffix']!='') $_SESSION[$this->base]->dn = $post['form_main_suffix'];
|
||||
// load profile
|
||||
if ($post['form_main_selectLoadProfile'] && $post['form_main_loadProfile']) {
|
||||
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
|
||||
$function = '$newattributes = load'.ucfirst($scope).'Profile($post[\'form_main_selectLoadProfile\']);';
|
||||
eval($function);
|
||||
// pass newattributes to each module
|
||||
$modules = array_keys($_SESSION[$this->base]->module);
|
||||
foreach ($modules as $module) $_SESSION[$this->base]->module[$module]->load_attributes($newattributes);
|
||||
return 0;
|
||||
}
|
||||
// save account
|
||||
if ($post['form_main_create']) {
|
||||
$success = $_SESSION[$this->base]->save_account();
|
||||
if (is_array($success)) return array($success);
|
||||
// return name of subpage
|
||||
return 'finish';
|
||||
}
|
||||
// save profile
|
||||
if ($post['form_main_saveProfile']) {
|
||||
if ($post['form_main_selectSaveProfile']=='') $errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
|
||||
else {
|
||||
$function = 'save'.ucfirst($scope).'Profile();';
|
||||
eval($function);
|
||||
if ($function) $errors[] = array('INFO', _('Save profile'), _('New profile created.'));
|
||||
else $errors[] = array('ERROR', _('Save profile'), _('Wrong profilename given.'));
|
||||
}
|
||||
if (is_array($errors)) return $errors;
|
||||
else return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function load_attributes($attr) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function save_attributes() {
|
||||
return array();
|
||||
}
|
||||
|
||||
// Dummy functions to make module compatible
|
||||
function get_attributes() {
|
||||
return array();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
class accountContainer {
|
||||
// Constructor
|
||||
function accountContainer($type, $base) {
|
||||
/* Set the type of account. Valid
|
||||
* types are: user, group, host
|
||||
*/
|
||||
// Check input variable
|
||||
if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
|
||||
// *** fixme use global variable to determine allowed types
|
||||
$allowed_types = array ( 'user', 'group', 'host' );
|
||||
if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR);
|
||||
$this->type = $type;
|
||||
$this->base = $base;
|
||||
// Name of variables in session
|
||||
$this->ldap = 'ldap';
|
||||
$this->config = 'config';
|
||||
$this->cache = 'cache';
|
||||
$this->header2 = 'header';
|
||||
$this->module['main'] = new main($this->base);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Array of all used attributes
|
||||
* Syntax is attribute => array ( objectClass => MUST or MAY, ...)
|
||||
*/
|
||||
var $attributes;
|
||||
/* This variale stores the type
|
||||
* of account. Current unix, group, host are supported
|
||||
*/
|
||||
var $type;
|
||||
var $ldap; // This is a reference to the ldap class in session
|
||||
var $config; // This is a reference to the config class in session
|
||||
// Localized part of HTML-Header
|
||||
var $header2;
|
||||
var $module; // This is an array with all module objects
|
||||
// DN of the account
|
||||
var $dn;
|
||||
var $dn_orig;
|
||||
// this are stores the module order
|
||||
var $order;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
|
||||
/* Get the type of account. Valid
|
||||
* types are: user, group, host
|
||||
*/
|
||||
function get_type() {
|
||||
return $this->type;
|
||||
}
|
||||
|
||||
/* This function asks $this->module['main']
|
||||
* what to do next
|
||||
*/
|
||||
function continue_main($post) {
|
||||
if ($this->module['main']->subpage=='') $this->module['main']->subpage='attributes';
|
||||
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->proccess_'.$this->module['main']->subpage.'($post);';
|
||||
eval ($function);
|
||||
if (is_string($result)) $this->module['main']->subpage = $result;
|
||||
if (is_int($result)) {
|
||||
for ($i=0; $i<count($this->order); $i++ ) {
|
||||
if ($post['form_main_'.$this->order[$i]]) $this->module['main']->current_page = $i;
|
||||
}
|
||||
$this->module['main']->subpage='attributes';
|
||||
}
|
||||
|
||||
// Write HTML-Code
|
||||
echo $this->header;
|
||||
echo $_SESSION[$this->header2];
|
||||
echo "<title>";
|
||||
echo _("Create new Account");
|
||||
echo "</title>\n";
|
||||
|
@ -266,17 +502,17 @@ class main {
|
|||
echo _('Please select page:');
|
||||
echo "</b></legend>\n";
|
||||
// Loop for module
|
||||
for ($i=0; $i<count($this->base->order); $i++ ) {
|
||||
if ($this->base->order[$i]==$this->base->order[$this->current_page]) {
|
||||
for ($i=0; $i<count($this->order); $i++ ) {
|
||||
if ($this->order[$i]==$this->order[$this->module['main']->current_page]) {
|
||||
// print disabled button
|
||||
echo "<input name=\"form_main_".$this->base->order[$i]."\" type=\"submit\" value=\"";
|
||||
echo $this->base->module[$this->base->order[$i]]->alias;
|
||||
echo " disabled\">\n<br>";
|
||||
echo "<input name=\"form_main_".$this->order[$i]."\" type=\"submit\" value=\"";
|
||||
echo $this->module[$this->order[$i]]->alias;
|
||||
echo "\" disabled>\n<br>";
|
||||
}
|
||||
else {
|
||||
// print normal button
|
||||
echo "<input name=\"form_main_".$this->base->order[$i]."\" type=\"submit\" value=\"";
|
||||
echo $this->base->module[$this->base->order[$i]]->alias;
|
||||
echo "<input name=\"form_main_".$this->order[$i]."\" type=\"submit\" value=\"";
|
||||
echo $this->module[$this->order[$i]]->alias;
|
||||
echo "\">\n<br>";
|
||||
}
|
||||
}
|
||||
|
@ -284,68 +520,13 @@ class main {
|
|||
echo "</fieldset></td></tr>\n";
|
||||
echo "</table></td>\n<td>";
|
||||
// display html-code from mdule
|
||||
$function = '$result = $this->base->module[$this->base->order[$this->current_page]]->display_html_'.$this->subpage.'($_POST);';
|
||||
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->display_html_'.$this->module['main']->subpage.'($post);';
|
||||
eval ($function);
|
||||
// Display rest of html-page
|
||||
echo "</td></tr></table>\n";
|
||||
echo "</form>\n";
|
||||
echo "</body>\n";
|
||||
echo "</html>\n";
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
class accountContainer {
|
||||
// Constructor
|
||||
function accountContainer($type) {
|
||||
/* Set the type of account. Valid
|
||||
* types are: user, group, host
|
||||
*/
|
||||
// Check input variable
|
||||
if (!is_string($type)) trigger_error(_('Argument of accountContainer must be string.'), E_USER_ERROR);
|
||||
// *** fixme use global variable to determine allowed types
|
||||
$allowed_types = array ( 'user', 'group', 'host' );
|
||||
if (!in_array($type, $allowed_types)) trigger_error(_('Account type not recognized.'), E_USER_ERROR);
|
||||
$this->type = $type;
|
||||
$this->lampath = &$_SESSION['lampath'];
|
||||
$this->ldap = &$_SESSION['ldap'];
|
||||
$this->cache = &$_SESSION['cache'];
|
||||
$this->module['main'] = new main($this);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Array of all used attributes
|
||||
* Syntax is attribute => array ( objectClass => MUST or MAY, ...)
|
||||
*/
|
||||
var $attributes;
|
||||
/* This variale stores the type
|
||||
* of account. Current unix, group, host are supported
|
||||
*/
|
||||
var $type;
|
||||
var $lampath; // reference to lampath from Session
|
||||
var $ldap; // This is a reference to the ldap class in session
|
||||
var $module; // This is an array with all module objects
|
||||
// DN of the account
|
||||
var $dn;
|
||||
var $dn_orig;
|
||||
// this are stores the module order
|
||||
var $order;
|
||||
|
||||
/* Get the type of account. Valid
|
||||
* types are: user, group, host
|
||||
*/
|
||||
function get_type() {
|
||||
return $this->type;
|
||||
}
|
||||
|
||||
/* This function asks $this->module['main']
|
||||
* what to do next
|
||||
*/
|
||||
function continue_main() {
|
||||
$this->module['main']->main_continue();
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -354,15 +535,15 @@ class accountContainer {
|
|||
function add_attributes($objectClass) {
|
||||
// loop through every existing objectlass and select current objectClass
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($this->ldap->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($this->ldap->objectClasses[$i], "NAME '$objectClass'")) $line = $i;
|
||||
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$objectClass'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
if ($line==-1) trigger_error (sprintf(_("objectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING);
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->ldap->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MUST (')+6);
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -375,8 +556,8 @@ class accountContainer {
|
|||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->ldap->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MAY (')+5);
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -389,24 +570,25 @@ class accountContainer {
|
|||
}
|
||||
|
||||
// Get attributes of subclasses
|
||||
while (strpos($this->ldap->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'SUP ')+4);
|
||||
while (strpos($_SESSION[$this->ldap]->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'SUP ')+4);
|
||||
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
|
||||
// Add account type to object
|
||||
for ($i=0; $i<count($this->ldap->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($this->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
if ($line==-1) trigger_error (sprintf(_("objectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING);
|
||||
|
||||
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->ldap->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MUST (')+6);
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
$may = explode(" $ ", $string);
|
||||
$must = explode(" $ ", $string);
|
||||
// Ad must
|
||||
foreach ($must as $attribute) {
|
||||
if (!isset($this->attributes[$attribute])) $this->attributes[$attribute][$objectClass] = 'MUST';
|
||||
|
@ -415,14 +597,14 @@ class accountContainer {
|
|||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->ldap->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MAY (')+5);
|
||||
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
$must = explode(" $ ", $string);
|
||||
$may = explode(" $ ", $string);
|
||||
// Ad may
|
||||
foreach ($must as $attribute) {
|
||||
foreach ($may as $attribute) {
|
||||
if (!isset($this->attributes[$attribute])) $this->attributes[$attribute][$objectClass] = 'MAY';
|
||||
else $this->attributes[$attribute][$objectClass] = 'MAY';
|
||||
}
|
||||
|
@ -449,6 +631,28 @@ class accountContainer {
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* This function checks if all MUST-attribtues are set.
|
||||
* If not it will return an array with all modules
|
||||
* which have to be set first
|
||||
*/
|
||||
function check_attributes() {
|
||||
$return = array();
|
||||
// get named list of attributes
|
||||
$attributes = array_keys($this->attributes);
|
||||
for ($i=0; $i<count($attributes); $i++) {
|
||||
$singleattribute = array_keys ($this->attributes[$attributes[$i]]);
|
||||
for ($j=0; $j<count($singleattribute); $j++) {
|
||||
// found attribute which must be set
|
||||
if ($this->attributes[$attributes[$i]][$singleattribute[$j]]=='MUST') {
|
||||
// Check if attribute is set
|
||||
if ($this->module[$singleattribute[$j]]->attributes[$attributes[$i]]=='')
|
||||
if (!in_array($singleattribute[$j], $return)) $return[] = $singleattribute[$j];
|
||||
}
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
/* This function adds an objectClass class (module) to accountContainer
|
||||
*/
|
||||
function add_objectClass($objectClass) {
|
||||
|
@ -460,9 +664,8 @@ class accountContainer {
|
|||
if ($line==-1) trigger_error (_("objectClass $objectClass required but not defined in ldap."), E_USER_WARNING);
|
||||
else {
|
||||
// Add module if it exists
|
||||
if (file_exists($this->lampath."/lib/modules/".$objectClass.".inc") == 'file') {
|
||||
include_once ($this->lampath."/lib/modules/".$objectClass.".inc");
|
||||
$this->module[$objectClass] = new $objectClass($this);
|
||||
if (class_exists($objectClass)) {
|
||||
$this->module[$objectClass] = new $objectClass($this->base);
|
||||
}
|
||||
else trigger_error (_("objectClass $objectClass required but no module found."), E_USER_WARNING);
|
||||
}
|
||||
|
@ -474,8 +677,8 @@ class accountContainer {
|
|||
*/
|
||||
function load_account($dn) {
|
||||
$search = substr($dn, 0, strpos($dn, ','));
|
||||
$result = ldap_search($this->ldap->server(), $dn, $search);
|
||||
$entry = ldap_first_entry($this->ldap->server(), $result);
|
||||
$result = ldap_search($_SESSION[$this->ldap]->server(), $dn, $search);
|
||||
$entry = ldap_first_entry($_SESSION[$this->ldap]->server(), $result);
|
||||
$this->dn = substr($dn, strpos($dn, ',')+1);
|
||||
$this->dn_orig = $dn;
|
||||
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
|
@ -492,19 +695,21 @@ class accountContainer {
|
|||
// loop until all modules are in order.
|
||||
// We don't want to loop forever
|
||||
$remain = count($module) * count($module);
|
||||
$order = array();
|
||||
while ( (count($module) != count($modulelist)) && ($remain!=0) ) {
|
||||
$remain--;
|
||||
foreach ($module as $moduleitem) {
|
||||
$required = $this->module[$moduleitem]->dependencies;
|
||||
$required = $this->module[$moduleitem]->dependencies();
|
||||
$everything_found = true;
|
||||
if (is_array($required))
|
||||
if (is_array($required)) {
|
||||
foreach ($required as $requireditem)
|
||||
if (!in_array($reuquireditem, $modulelist)) $everthing_found = false;
|
||||
if ($everything_found) $modulelist[] = $moduleitem;
|
||||
}
|
||||
if ($everything_found && !in_array($moduleitem, $order) ) $order[] = $moduleitem;
|
||||
}
|
||||
}
|
||||
// Write Module-Order in variable
|
||||
$this->order = $modulelist;
|
||||
$this->order = $order;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -512,34 +717,131 @@ class accountContainer {
|
|||
* for a new account
|
||||
*/
|
||||
function new_account() {
|
||||
$modulelist = array();
|
||||
$modulelist = array('posixAccount', 'shadowAccount');
|
||||
// *** fixme add modules from config which should be used but not yet in loaded account
|
||||
$module = array_keys ($this->module);
|
||||
foreach ($modulelist as $objectClass) $this->add_objectClass($objectClass);
|
||||
|
||||
$module = array_keys ($this->module);
|
||||
// loop until all modules are in order.
|
||||
// We don't want to loop forever
|
||||
$remain = count($module) * count($module);
|
||||
$order = array();
|
||||
while ( (count($module) != count($modulelist)) && ($remain!=0) ) {
|
||||
$remain--;
|
||||
foreach ($module as $moduleitem) {
|
||||
$required = $this->module[$moduleitem]->dependencies;
|
||||
$required = $this->module[$moduleitem]->dependencies();
|
||||
$everything_found = true;
|
||||
if (is_array($required))
|
||||
if (is_array($required)) {
|
||||
foreach ($required as $requireditem)
|
||||
if (!in_array($reuquireditem, $modulelist)) $everthing_found = false;
|
||||
if ($everything_found) $modulelist[] = $moduleitem;
|
||||
}
|
||||
if ($everything_found && !in_array($moduleitem, $order) ) $order[] = $moduleitem;
|
||||
}
|
||||
}
|
||||
// Write Module-Order in variable
|
||||
$this->order = $modulelist;
|
||||
$this->order = $order;
|
||||
// *** fixme load*Profile must return array in the same way ldap_get_attributes does.
|
||||
$function = '$newattributes = load'.ucfirst($this->type).'Profile(\'default\');';
|
||||
eval($function);
|
||||
// pass newattributes to each module
|
||||
//foreach ($module as $module2)
|
||||
// $this->module[$module2]->load_attributes($newattributes);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* This function will load an account.
|
||||
* $dn is the dn of the account which should be loaded
|
||||
*/
|
||||
function save_account() {
|
||||
$module = array_keys ($this->module);
|
||||
$attributes = array();
|
||||
// load attributes
|
||||
foreach ($module as $singlemodule) {
|
||||
// load changes
|
||||
$temp = $this->module[$singlemodule]->save_attributes();
|
||||
// merge changes
|
||||
$DNs = array_keys($temp);
|
||||
$attributes = array_merge_recursive($temp, $attributes);
|
||||
for ($i=0; $i<count($DNs); $i++) {
|
||||
$ops = array_keys($temp[$DNs[$i]]);
|
||||
for ($j=0; $j<count($ops); $j++) {
|
||||
$attrs = array_keys($temp[$DNs[$i]][$ops[$j]]);
|
||||
for ($k=0; $k<count($attrs); $k++)
|
||||
$attributes[$DNs[$i]][$ops[$j]][$attrs[$k]] = array_unique($attributes[$DNs[$i]][$ops[$j]][$attrs[$k]]);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Complete dn with uid or cn=
|
||||
if ($this->type=='group') $search = 'cn';
|
||||
else $search = 'uid';
|
||||
$added = false;
|
||||
foreach ($attributes as $DN) {
|
||||
if (isset($DN['modify'][$search][0]) && !$added) {
|
||||
$attributes[$search.'='.$DN['modify'][$search][0].','.$this->dn] = $attributes[$this->dn];
|
||||
unset ($attributes[$this->dn]);
|
||||
$this->dn = $search.'='.$DN['modify'][$search][0].','.$this->dn;
|
||||
$added = true;
|
||||
}
|
||||
if (isset($DN['add'][$search][0]) && !$added) {
|
||||
$attributes[$search.'='.$DN['add'][$search][0].','.$this->dn] = $attributes[$this->dn];
|
||||
unset ($attributes[$this->dn]);
|
||||
$this->dn = $search.'='.$DN['add'][$search][0].','.$this->dn;
|
||||
$added = true;
|
||||
}
|
||||
if (isset($DN['notchanged'][$search][0]) && !$added) {
|
||||
$attributes[$search.'='.$DN['notchanged'][$search][0].','.$this->dn] = $attributes[$this->dn];
|
||||
unset ($attributes[$this->dn]);
|
||||
$this->dn = $search.'='.$DN['notchanged'][$search][0].','.$this->dn;
|
||||
$added = true;
|
||||
}
|
||||
}
|
||||
// Add old dn if dn hasn't changed
|
||||
if (!$added) {
|
||||
$attributes[$this->dn_orig] = $attributes[$this->dn];
|
||||
unset ($attributes[$this->dn]);
|
||||
$this->dn = $this->dn_orig;
|
||||
}
|
||||
// Add new DN
|
||||
if ($this->dn != $this->dn_orig) {
|
||||
// move existing DN
|
||||
if ($this->dn_orig!='') {
|
||||
// merge attributes together
|
||||
$attr = array_merge_recursive($attributes[$this->dn]['add'], $attributes[$this->dn]['notchanged'], $attributes[$this->dn]['modify']);
|
||||
$success = @ldap_add($_SESSION[$this->ldap]->server(), $this->dn, $attr);
|
||||
if ($success) {
|
||||
$success = @ldap_delete($_SESSION[$this->ldap]->server(), $this->dn_orig);
|
||||
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to delete dn: %s.'), $this->dn_orig));
|
||||
}
|
||||
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to create dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $this->dn));
|
||||
}
|
||||
// create complete new dn
|
||||
else {
|
||||
$attr = array_merge_recursive($attributes[$this->dn]['add'], $attributes[$this->dn]['notchanged'], $attributes[$this->dn]['modify']);
|
||||
$success = @ldap_add($_SESSION[$this->ldap]->server(), $this->dn, $attributes[$this->dn]['add']);
|
||||
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to create dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $this->dn));
|
||||
}
|
||||
unset($attributes[$this->dn]);
|
||||
}
|
||||
$DNs = array_keys($attributes);
|
||||
for ($i=0; $i<count($DNs); $i++) {
|
||||
// modify attributes
|
||||
if (isset($attributes[$DNs[$i]]['modify'])) {
|
||||
$success = @ldap_mod_replace($_SESSION[$this->ldap]->server(), $DNs[$i], $attributes[$DNs[$i]]['modify']);
|
||||
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to modify attribtues from dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $DNs[$i]));
|
||||
}
|
||||
// add attributes
|
||||
if (isset($attributes[$DNs[$i]]['add'])) {
|
||||
$success = @ldap_mod_add($_SESSION[$this->ldap]->server(), $DNs[$i], $attributes[$DNs[$i]]['add']);
|
||||
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to add attribtues to dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $DNs[$i]));
|
||||
}
|
||||
// removce attributes
|
||||
if (isset($attributes[$DNs[$i]]['remove'])) {
|
||||
$success = @ldap_mod_del($_SESSION[$this->ldap]->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
|
||||
if (!$success) return array('ERROR', 'LDAP', sprintf(_('Was unable to remove attribtues from dn: %s. This is possible a bug. Please check your ldap logs and send a bug report if it is a possible bug.'), $DNs[$i]));
|
||||
}
|
||||
}
|
||||
// *** fixme Add lamdaemon.pl
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -629,7 +931,7 @@ function getshells() {
|
|||
|
||||
|
||||
/* This function will replace umlates with ascci-chars
|
||||
* fixme
|
||||
* fixme ***
|
||||
* In order to map all non-ascii characters this function should be changed
|
||||
*/
|
||||
function replace_umlaut($text) {
|
||||
|
@ -2933,7 +3235,7 @@ function modifygroup($values,$values_old, $uselamdaemon=true) {
|
|||
for ($i=0; $i<count($attr_rem_keys); $i++) { // Remove attributes which should be deleted from array
|
||||
if (isset($attr_old[$attr_rem_keys[$i]][0])) unset($attr_old[$attr_rem_keys[$i]]);
|
||||
}
|
||||
$attr_keys = array_keys($attr);
|
||||
$attr_keys = @array_keys($attr);
|
||||
for ($i=0; $i<count($attr_keys); $i++) { // Add attributes which have changed
|
||||
$attr_old[$attr_keys[$i]][0] = $attr[$attr_keys[$i]];
|
||||
}
|
||||
|
|
|
@ -46,35 +46,29 @@ $Id$
|
|||
|
||||
class inetOrgPerson {
|
||||
// Constructor
|
||||
function inetOrgPerson(&$baseobject) {
|
||||
function inetOrgPerson($base) {
|
||||
/* Return an error if posixAccount should be created without
|
||||
* base container
|
||||
*/
|
||||
if (!$baseobject) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
// Check if $baseobject is an array
|
||||
if (!is_object($baseobject)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// posixAccount is only a valid objectClass for user and host
|
||||
if ($baseobject->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
|
||||
/* Create a reference to basearray so we can read all other modules
|
||||
* php will avaois recousrion itself
|
||||
*/
|
||||
$this->base = &$baseobject;
|
||||
// Add attributes which should be cached
|
||||
//$_SESSION['cache']->add_cache(array ('user' => array('cn', 'uid'), 'host' => array('cn', 'uid') ));
|
||||
if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
|
||||
|
||||
// Add account type to object
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($this->base->ldap->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i;
|
||||
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'inetOrgPerson'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
$baseobject->add_attributes ('inetOrgPerson');
|
||||
$_SESSION[$this->base]->add_attributes ('inetOrgPerson');
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -85,8 +79,8 @@ class inetOrgPerson {
|
|||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -96,12 +90,12 @@ class inetOrgPerson {
|
|||
}
|
||||
}
|
||||
// Get attributes of subclasses
|
||||
while (strpos($this->base->ldap->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'SUP ')+4);
|
||||
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
|
||||
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
|
||||
// Add account type to object
|
||||
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($this->base->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
// *** fixme, fix error message
|
||||
|
@ -109,8 +103,8 @@ class inetOrgPerson {
|
|||
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -121,8 +115,8 @@ class inetOrgPerson {
|
|||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -133,7 +127,12 @@ class inetOrgPerson {
|
|||
}
|
||||
}
|
||||
$this->orig = $this->attributes ;
|
||||
$this->attributes['objectClass'][0] = 'inetOrgPerson';
|
||||
if (isset($this->attributes['userPassword'])) unset($this->attributes['userPassword']);
|
||||
$this->alias = _('inetOrgPerson');
|
||||
// Add attributes which should be cached
|
||||
$_SESSION[$_SESSION[$this->base]->cache]->add_cache(array ('user' => array('uid'), 'host' => array('uid')));
|
||||
|
||||
}
|
||||
|
||||
// Variables
|
||||
|
@ -160,24 +159,21 @@ class inetOrgPerson {
|
|||
* new password will be stored encrypted
|
||||
*/
|
||||
function userPassword($newpassword=false) {
|
||||
if (is_string($newpassword)) {
|
||||
// Write new password
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
// Read existing password if set
|
||||
if (!$newpassword) {
|
||||
if ($this->attributes['userPassword'][0]!='') {
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
|
||||
$password = str_replace(chr(00), '', $password);
|
||||
return $password;
|
||||
}
|
||||
else return '';
|
||||
}
|
||||
// Write new password
|
||||
else {
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
|
@ -188,59 +184,61 @@ class inetOrgPerson {
|
|||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes() {
|
||||
function proccess_attributes($post) {
|
||||
// Load attributes
|
||||
if (($this->attributes['uid'] != $_POST['form_inetOrgPerson_uid']) && ereg('[A-Z]$', $_POST['form_inetOrgPerson_uid']))
|
||||
if (($this->attributes['uid'][0] != $post['form_inetOrgPerson_uid']) && ereg('[A-Z]$', $post['form_inetOrgPerson_uid']))
|
||||
$errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
|
||||
$this->attributes['uid'] = $_POST['form_inetOrgPerson_uid'];
|
||||
$this->attributes['cn'] &= $this->attributes['uid'];
|
||||
$this->attributes['description'] = $_POST['form_inetOrgPerson_description'];
|
||||
$this->attributes['sn'] = $_POST['form_inetOrgPerson_sn'];
|
||||
$this->attributes['givenName'] = $_POST['form_inetOrgPerson_givenName'];
|
||||
$this->attributes['title'] = $_POST['form_inetOrgPerson_title'];
|
||||
$this->attributes['mail'] = $_POST['form_inetOrgPerson_mail'];
|
||||
$this->attributes['telephoneNumber'] = $_POST['form_inetOrgPerson_telephoneNumber'];
|
||||
$this->attributes['mobileTelephoneNumber'] = $_POST['form_inetOrgPerson_mobileTelephoneNumber'];
|
||||
$this->attributes['facsimileTelephoneNumber'] = $_POST['form_inetOrgPerson_facsimileTelephoneNumber'];
|
||||
$this->attributes['street'] = $_POST['form_inetOrgPerson_street'];
|
||||
$this->attributes['postalCode'] = $_POST['form_inetOrgPerson_postalCode'];
|
||||
$this->attributes['postalAddress'] = $_POST['form_inetOrgPerson_postalAddress'];
|
||||
$this->attributes['employeeType'] = $_POST['form_inetOrgPerson_employeeType'];
|
||||
$this->attributes['uid'][0] = $post['form_inetOrgPerson_uid'];
|
||||
$this->attributes['cn'][0] &= $this->attributes['uid'][0];
|
||||
$this->attributes['description'][0] = $post['form_inetOrgPerson_description'];
|
||||
$this->attributes['sn'][0] = $post['form_inetOrgPerson_sn'];
|
||||
$this->attributes['givenName'][0] = $post['form_inetOrgPerson_givenName'];
|
||||
$this->attributes['title'][0] = $post['form_inetOrgPerson_title'];
|
||||
$this->attributes['mail'][0] = $post['form_inetOrgPerson_mail'];
|
||||
$this->attributes['telephoneNumber'][0] = $post['form_inetOrgPerson_telephoneNumber'];
|
||||
$this->attributes['mobileTelephoneNumber'][0] = $post['form_inetOrgPerson_mobileTelephoneNumber'];
|
||||
$this->attributes['facsimileTelephoneNumber'][0] = $post['form_inetOrgPerson_facsimileTelephoneNumber'];
|
||||
$this->attributes['street'][0] = $post['form_inetOrgPerson_street'];
|
||||
$this->attributes['postalCode'][0] = $post['form_inetOrgPerson_postalCode'];
|
||||
$this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress'];
|
||||
$this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType'];
|
||||
|
||||
if ($_POST['form_inetOrgPerson_userPassword_no']) $this->userPassword_no=true;
|
||||
if ($post['form_inetOrgPerson_userPassword_no']) $this->userPassword_no=true;
|
||||
else $this->userPassword_no=false;
|
||||
if ($_POST['form_inetOrgPerson_userPassword_lock']) $this->userPassword_lock=true;
|
||||
if ($post['form_inetOrgPerson_userPassword_lock']) $this->userPassword_lock=true;
|
||||
else $this->userPassword_lock=false;
|
||||
if (isset($_POST['form_inetOrgPerson_userPassword'])) {
|
||||
if ($_POST['form_inetOrgPerson_userPassword'] != $_POST['form_inetOrgPerson_userPassword2']) {
|
||||
if (isset($post['form_inetOrgPerson_userPassword'])) {
|
||||
if ($post['form_inetOrgPerson_userPassword'] != $post['form_inetOrgPerson_userPassword2']) {
|
||||
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
|
||||
unset ($_POST['form_inetOrgPerson_userPassword2']);
|
||||
unset ($post['form_inetOrgPerson_userPassword2']);
|
||||
}
|
||||
else $this->userPassword($_POST['form_inetOrgPerson_userPassword']);
|
||||
else $this->userPassword($post['form_inetOrgPerson_userPassword']);
|
||||
}
|
||||
if ($_POST['form_inetOrgPerson_genpass']) $this->userPassword(genpasswd());
|
||||
if ($post['form_inetOrgPerson_genpass']) $this->userPassword(genpasswd());
|
||||
|
||||
// Check if givenname is valid
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['givenName'][0])) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
|
||||
// Check if surname is valid
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
|
||||
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $this->attributes['sn'][0])) $errors[] = array('ERROR', _('Surname'), _('Surname contains invalid characters'));
|
||||
// Check if Username contains only valid characters
|
||||
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*$', $this->attributes['uid']))
|
||||
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])+$', $this->attributes['uid'][0]))
|
||||
$errors[] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
|
||||
// Create automatic useraccount with number if original user already exists
|
||||
// Reset name to original name if new name is in use
|
||||
// Set username back to original name if new username is in use
|
||||
if ($this->base->cache->in_cache($this->attributes['uid'],'uid', '*')!=$this->orig['uid'] && ($this->orig['uid']!='')) $this->attributes['uid'] = $this->orig['uid'];
|
||||
if ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['uid'][0],'uid', '*')!=false && ($this->orig['uid'][0]!='')) {
|
||||
$this->attributes['uid'][0] = $this->orig['uid'][0];
|
||||
}
|
||||
// Change uid to a new uid until a free uid is found
|
||||
while ($this->base->cache->in_cache($this->attributes['uid'], 'uid', '*')) {
|
||||
else while ($_SESSION[$_SESSION[$this->base]->cache]->in_cache($this->attributes['uid'][0], 'uid', '*')) {
|
||||
// get last character of username
|
||||
$lastchar = substr($this->attributes['uid'], strlen($this->attributes['uid'])-1, 1);
|
||||
$lastchar = substr($this->attributes['uid'][0], strlen($this->attributes['uid'][0])-1, 1);
|
||||
// Last character is no number
|
||||
if ( !ereg('^([0-9])+$', $lastchar))
|
||||
/* Last character is no number. Therefore we only have to
|
||||
* add "2" to it.
|
||||
*/
|
||||
$this->attributes['uid'] = $this->attributes['uid'] . '2';
|
||||
$this->attributes['uid'][0] = $this->attributes['uid'][0] . '2';
|
||||
else {
|
||||
/* Last character is a number -> we have to increase the number until we've
|
||||
* found a groupname with trailing number which is not in use.
|
||||
|
@ -248,34 +246,34 @@ class inetOrgPerson {
|
|||
* $i will show us were we have to split groupname so we get a part
|
||||
* with the groupname and a part with the trailing number
|
||||
*/
|
||||
$i=strlen($this->attributes['uid'])-1;
|
||||
$i=strlen($this->attributes['uid'][0])-1;
|
||||
$mark = false;
|
||||
// Set $i to the last character which is a number in $account_new->general_username
|
||||
while (!$mark) {
|
||||
if (ereg('^([0-9])+$',substr($this->attributes['uid'], $i, strlen($this->attributes['uid'])-$i))) $i--;
|
||||
if (ereg('^([0-9])+$',substr($this->attributes['uid'][0], $i, strlen($this->attributes['uid'][0])-$i))) $i--;
|
||||
else $mark=true;
|
||||
}
|
||||
// increase last number with one
|
||||
$firstchars = substr($this->attributes['uid'], 0, $i+1);
|
||||
$lastchars = substr($this->attributes['uid'], $i+1, strlen($this->attributes['uid'])-$i);
|
||||
$firstchars = substr($this->attributes['uid'][0], 0, $i+1);
|
||||
$lastchars = substr($this->attributes['uid'][0], $i+1, strlen($this->attributes['uid'][0])-$i);
|
||||
// Put username together
|
||||
$this->attributes['uid'] = $firstchars . (intval($lastchars)+1);
|
||||
$this->attributes['uid'][0] = $firstchars . (intval($lastchars)+1);
|
||||
}
|
||||
}
|
||||
// Show warning if lam has changed username
|
||||
if ($this->attributes['uid'] != $_POST['form_inetOrgPerson_uid']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
|
||||
if ($this->attributes['uid'][0] != $post['form_inetOrgPerson_uid']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
|
||||
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword()))
|
||||
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
|
||||
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
|
||||
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['telephoneNumber'][0])) $errors[] = array('ERROR', _('Telephone number'), _('Please enter a valid telephone number!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['mobileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Mobile number'), _('Please enter a valid mobile number!'));
|
||||
if ( !ereg('^(\+)*([0-9]|[ ]|[.]|[(]|[)]|[/]|[-])*$', $this->attributes['facsimileTelephoneNumber'][0])) $errors[] = array('ERROR', _('Fax number'), _('Please enter a valid fax number!'));
|
||||
if ( !ereg('^(([0-9]|[A-Z]|[a-z]|[.]|[-]|[_])+[@]([0-9]|[A-Z]|[a-z]|[-])+([.]([0-9]|[A-Z]|[a-z]|[-])+)*)*$', $this->attributes['mail'][0])) $errors[] = array('ERROR', _('eMail address'), _('Please enter a valid eMail address!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['street'][0])) $errors[] = array('ERROR', _('Street'), _('Please enter a valid street name!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['postalAddress'][0])) $errors[] = array('ERROR', _('Postal address'), _('Please enter a valid postal address!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[-]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['title'][0])) $errors[] = array('ERROR', _('Title'), _('Please enter a valid title!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $this->attributes['employeeType'][0])) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
|
||||
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $this->attributes['personal_postalCode'][0])) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
|
||||
// Return error-messages
|
||||
if (is_array($errors)) return $errors;
|
||||
return 0;
|
||||
|
@ -294,14 +292,15 @@ class inetOrgPerson {
|
|||
for ($i=0; $i<count($attr); $i++)
|
||||
if (isset($attr[$i])) unset($attr[$i]);
|
||||
foreach ($attributes as $attribute) {
|
||||
if (isset($this->attributes[$attribute])) {
|
||||
if (isset($this->orig[$attribute])) {
|
||||
$this->orig[$attribute] = $attr[$attribute];
|
||||
// decode as unicode
|
||||
$this->attributes[$attribute] = $attr[$attribute];
|
||||
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
|
||||
for ($i=0; $i<count($this->orig[$attribute]); $i++) $this->orig[$attribute][$i] = utf8_decode ($this->orig[$attribute][$i]);
|
||||
}
|
||||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->orig = $this->attributes;
|
||||
$this->orig['objectClass'][0] = 'inetOrgPerson';
|
||||
$this->attributes = $this->orig;
|
||||
$this->userPassword(''); // Remove old password so it won't displayed as hash
|
||||
return 0;
|
||||
}
|
||||
|
@ -316,59 +315,80 @@ class inetOrgPerson {
|
|||
* remove are attributes which have to be removed from ldap entry
|
||||
*/
|
||||
function save_attributes() {
|
||||
// Get list off all attributes
|
||||
$attributes = $this->orig;
|
||||
// Remove attributes which are not as easy to set
|
||||
unset ($attributes['userPassword']);
|
||||
// Get list of all "easy" attributes
|
||||
$attr_names = array_keys($attributes);
|
||||
foreach ($attr_names as $attr_name) {
|
||||
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])==0) $return[$this->base['dn']]['add'][$attr_name] = $this->attributes[$attr_name];
|
||||
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])!=0) {
|
||||
// We have to check every single attribute
|
||||
$attr_names = array_keys($this->attributes);
|
||||
// Get attributes which should be added
|
||||
$attributes = array_delete($this->orig[$attr_name], $this->attributes[$attr_name]);
|
||||
// Encode as unicode
|
||||
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
|
||||
if (count($attributes)!=0) $return[$this->base['dn']]['add'][$attr_name] = $attributes;
|
||||
// Get attributes which should be removed
|
||||
$attributes = array_delete($this->attributes[$attr_name], $this->orig[$attr_name]);
|
||||
// Encode as unicode
|
||||
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
|
||||
if (count($attributes)!=0) $return[$this->base['dn']]['remove'][$attr_name] = $attributes;
|
||||
for ($i=0; $i<count($attr_names); $i++) {
|
||||
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->attributes[$attr_names[$i]])) {
|
||||
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
|
||||
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
|
||||
}
|
||||
if (count($this->attributes[$attr_name])==0 && count($this->orig[$attr_name])!=0) $return[$this->base['dn']]['remove'][$attr_name] = $this->orig[$attr_name];
|
||||
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
|
||||
}
|
||||
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->orig[$attr_names[$i]])) {
|
||||
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
|
||||
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
|
||||
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
|
||||
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
}
|
||||
}
|
||||
// create modify wuth add and remove
|
||||
if (is_array($toadd)) {
|
||||
$attributes = array_keys($toadd);
|
||||
for ($i=0; $i<count($attributes); $i++) {
|
||||
if (isset($torem[$attributes[$i]])) {
|
||||
// found modify entry
|
||||
// Add unchanged attributes
|
||||
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
|
||||
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
|
||||
// unset attributes
|
||||
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
|
||||
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
|
||||
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
|
||||
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
|
||||
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
|
||||
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
|
||||
|
||||
// Set unix password
|
||||
if (count($this->orig['userPassword'])==0) {
|
||||
// New user or no old password set
|
||||
if ($this->userPassword_no) {
|
||||
$return[$this->base['dn']]['add']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
|
||||
$return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
|
||||
}
|
||||
else $return[$this->base['dn']]['add']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
|
||||
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
|
||||
}
|
||||
else {
|
||||
if ($this->userPassword()!='' || $this->userPassword_no) {
|
||||
// Write new password
|
||||
$return[$this->base['dn']]['remove']['userPassword'] = utf8_encode($this->orig['userPassword']);
|
||||
if ($this->userPassword_no) $return[$this->base['dn']]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
|
||||
else $return[$this->base['dn']]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
|
||||
if ($this->userPassword_no) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = pwd_hash ('', !$this->userPassword_lock);
|
||||
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode(pwd_hash ($this->userPassword(), !$this->userPassword_lock));
|
||||
}
|
||||
else { // No new password but old password
|
||||
// (un)lock password
|
||||
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'])) {
|
||||
if ($this->userPassword_lock == pwd_is_enabled($this->orig['userPassword'][0])) {
|
||||
// Split old password hash in {CRYPT} and password-hash
|
||||
$i = 0;
|
||||
while ($this->orig['userPassword']{$i} != '}') $i++;
|
||||
$passwd = substr($this->orig['userPassword'], $i+1 );
|
||||
$crypt = substr($this->orig['userPassword'], 0, $i+1 );
|
||||
while ($this->orig['userPassword'][0]{$i} != '}') $i++;
|
||||
$passwd = substr($this->orig['userPassword'][0], $i+1 );
|
||||
$crypt = substr($this->orig['userPassword'][0], 0, $i+1 );
|
||||
// remove trailing ! from password hash
|
||||
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
|
||||
// Write new password
|
||||
$return[$this->base['dn']]['remove']['userPassword'] = utf8_encode($this->orig['userPassword']);
|
||||
if ($this->userPassword_lock) $return[$this->base['dn']]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd");
|
||||
else $return[$this->base['dn']]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd");
|
||||
if ($this->userPassword_lock) $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt!$passwd");
|
||||
else $return[$_SESSION[$this->base]->dn]['modify']['userPassword'][0] = utf8_encode("$crypt$passwd");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -389,7 +409,7 @@ class inetOrgPerson {
|
|||
* to show a page with all attributes.
|
||||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes() {
|
||||
function display_html_attributes($post) {
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n<tr>\n";
|
||||
echo '<td>' . _('Username') . "*</td>\n";
|
||||
|
@ -409,7 +429,7 @@ class inetOrgPerson {
|
|||
echo "<tr>\n";
|
||||
echo "<td>" . _('Repeat password') . "</td>\n";
|
||||
echo "<td><input name=\"form_inetOrgPerson_userPassword2\" type=\"password\" size=\"20\" maxlength=\"20\" value=\"";
|
||||
if (isset($_POST['form_inetOrgPerson_userPassword2'])) echo $_POST['form_posixAccount_userPassword2'];
|
||||
if ($post['form_inetOrgPerson_userPassword2']!='') echo $post['form_posixAccount_userPassword2'];
|
||||
else echo $this->userPassword();
|
||||
echo "\"></td>\n";
|
||||
echo "<td></td>\n";
|
||||
|
@ -423,8 +443,8 @@ class inetOrgPerson {
|
|||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Lock password') . "</td>\n";
|
||||
echo "<td><input name=\"form_inetOrgPerson_userPassword_no\" type=\"checkbox\"";
|
||||
if ($this->userPassword_no) echo " checked ";
|
||||
echo "<td><input name=\"form_inetOrgPerson_userPassword_lock\" type=\"checkbox\"";
|
||||
if ($this->userPassword_lock) echo " checked ";
|
||||
echo "></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
|
|
@ -54,37 +54,33 @@ $Id$
|
|||
*/
|
||||
class posixAccount {
|
||||
// Constructor
|
||||
function posixAccount(&$baseobject) {
|
||||
function posixAccount($base) {
|
||||
/* Return an error if posixAccount should be created without
|
||||
* base container
|
||||
*/
|
||||
if (!$baseobject) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
// Check if $baseobject is an array
|
||||
if (!is_object($baseobject)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');'), E_USER_ERROR);
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// posixAccount is only a valid objectClass for user and host
|
||||
if (!($baseobject->get_type() == 'user' || $baseobject->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING);
|
||||
/* Create a reference to basearray so we can read all other modules
|
||||
* php will avaois recousrion itself
|
||||
*/
|
||||
$this->base = &$baseobject;
|
||||
if (!($_SESSION[$this->base]->get_type() == 'user' || $_SESSION[$this->base]->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING);
|
||||
/* Check if ldap conatiner is in array and set type
|
||||
* users are using inetOrgPerson-, hosts account-container
|
||||
*/
|
||||
if (!isset($this->base->module['inetOrgPerson']) && $this->base->type=='user') $this->base->add_objectClass('inetOrgPerson');
|
||||
if (!isset($this->base->module['account']) && $this->base->type=='host') $this->base->add_objectClass('account');
|
||||
if (!isset($_SESSION[$this->base]->module['inetOrgPerson']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('inetOrgPerson');
|
||||
if (!isset($_SESSION[$this->base]->module['account']) && $_SESSION[$this->base]->type=='host') $_SESSION[$this->base]->add_objectClass('account');
|
||||
// Add account type to object
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($this->base->ldap->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
|
||||
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'posixAccount'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
$baseobject->add_attributes ('posixAccount');
|
||||
$_SESSION[$this->base]->add_attributes ('posixAccount');
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -95,8 +91,8 @@ class posixAccount {
|
|||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -106,12 +102,12 @@ class posixAccount {
|
|||
}
|
||||
}
|
||||
// Get attributes of subclasses
|
||||
while (strpos($this->base->ldap->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'SUP ')+4);
|
||||
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
|
||||
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
|
||||
// Add account type to object
|
||||
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($this->base->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
// *** fixme, fix error message
|
||||
|
@ -119,8 +115,8 @@ class posixAccount {
|
|||
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -131,8 +127,8 @@ class posixAccount {
|
|||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
|
@ -144,7 +140,7 @@ class posixAccount {
|
|||
}
|
||||
$this->alias = _('posixAccount');
|
||||
// Add attributes which should be cached
|
||||
$_SESSION['cache']->add_cache(array ('user' => array('cn', 'uid', 'uidNumber'), 'host' => array('cn', 'uid', 'uidNumber'), 'group' => array('cn', 'memberUid')));
|
||||
$_SESSION[$_SESSION[$this->base]->cache]->add_cache(array ('user' => array('cn', 'uid', 'uidNumber'), 'host' => array('cn', 'uid', 'uidNumber'), 'group' => array('cn', 'memberUid')));
|
||||
/* Check if at least one group does exist in ldap
|
||||
*/
|
||||
$groups = findgroups(); // list of all groupnames
|
||||
|
@ -152,19 +148,20 @@ class posixAccount {
|
|||
|
||||
// Make references to attributes which already esists in ldap
|
||||
$newattributes = array_keys($this->attributes);
|
||||
$module = array_keys($this->base->module);
|
||||
$module = array_keys($_SESSION[$this->base]->module);
|
||||
// fixme *** do we have to unset module posixAccuont itself
|
||||
for ($i=0; $i<count($module); $i++) {
|
||||
foreach ($newattributes as $attribute)
|
||||
if (isset($this->base->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] = &$this->base->module[$module[$i]]->attributes[$attribute];
|
||||
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
|
||||
}
|
||||
$this->orig = $this->attributes ;
|
||||
$this->attributes['objectClass'][0] = 'posixAccount';
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of posixAccount
|
||||
var $alias;
|
||||
// reference to base-array so we can read other classes in basearray
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
|
||||
// This variable contains all inetOrgPerson attributes
|
||||
|
@ -182,48 +179,48 @@ class posixAccount {
|
|||
/* This function returns a list with all required modules
|
||||
*/
|
||||
function dependencies() {
|
||||
if ($this->base['type']=='user') return array('inetOrgPerson');
|
||||
if ($this->base['type']=='host') return array('account');
|
||||
if ($_SESSION[$this->base]->type=='user') return array('inetOrgPerson');
|
||||
if ($_SESSION[$this->base]->type=='host') return array('account');
|
||||
// return error if unsupported type is used
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes() {
|
||||
function proccess_attributes($post) {
|
||||
// Load attributes
|
||||
$this->attributes['uidNumber'] = $_POST['form_posixAccount_uidNumber'];
|
||||
$this->attributes['gidNumber'] = getgrnam($_POST['form_posixAccount_gidNumber']);
|
||||
$this->attributes['homeDirectory'] = $_POST['form_posixAccount_homeDirectory'];
|
||||
$this->attributes['loginShell'] = $_POST['form_posixAccount_loginShell'];
|
||||
$this->attributes['gecos'] = $_POST['form_posixAccount_gecos'];
|
||||
$this->attributes['uidNumber'][0] = $post['form_posixAccount_uidNumber'];
|
||||
$this->attributes['gidNumber'][0] = getgrnam($post['form_posixAccount_gidNumber']);
|
||||
$this->attributes['homeDirectory'][0] = $post['form_posixAccount_homeDirectory'];
|
||||
$this->attributes['loginShell'][0] = $post['form_posixAccount_loginShell'];
|
||||
$this->attributes['gecos'][0] = $post['form_posixAccount_gecos'];
|
||||
|
||||
// Check if UID is valid. If none value was entered, the next useable value will be inserted
|
||||
// load min and may uidNumber
|
||||
if ($this->base['type']=='user') {
|
||||
$minID = intval($_SESSION['config']->get_minUID());
|
||||
$maxID = intval($_SESSION['config']->get_maxUID());
|
||||
if ($_SESSION[$this->base]['type']=='user') {
|
||||
$minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minUID());
|
||||
$maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxUID());
|
||||
}
|
||||
else {
|
||||
$minID = intval($_SESSION['config']->get_minMachine());
|
||||
$maxID = intval($_SESSION['config']->get_maxMachine());
|
||||
$minID = intval($_SESSION[$_SESSION[$this->base]->config]->get_minMachine());
|
||||
$maxID = intval($_SESSION[$_SESSION[$this->base]->config]->get_maxMachine());
|
||||
}
|
||||
$dn_uids = $this->base->cache->get_cache('uidNumber', 'posixAccount', '*');
|
||||
$dn_uids = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixAccount', '*');
|
||||
// get_cache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
|
||||
foreach ($dn_uids as $uid) $uids[] = $uid[0];
|
||||
if(is_array($uids)) sort ($uids, SORT_NUMERIC);
|
||||
if ($this->attributes['uidNumber']=='') {
|
||||
if ($this->attributes['uidNumber'][0]=='') {
|
||||
// No id-number given
|
||||
if ($this->orig['uidNumber']=='') {
|
||||
if ($this->orig['uidNumber'][0]=='') {
|
||||
// new account -> we have to find a free id-number
|
||||
if (count($uids)!=0) {
|
||||
// There are some uids
|
||||
// Store highest id-number
|
||||
$id = $uids[count($uids)-1];
|
||||
// Return minimum allowed id-number if all found id-numbers are too low
|
||||
if ($id < $minID) $this->attributes['uidNumber'] = $minID;
|
||||
if ($id < $minID) $this->attributes['uidNumber'][0] = $minID;
|
||||
// Return higesht used id-number + 1 if it's still in valid range
|
||||
if ($id < $maxID) $this->attributes['uidNumber'] = $id+1;
|
||||
if ($id < $maxID) $this->attributes['uidNumber'][0] = $id+1;
|
||||
/* If this function is still running we have to fid a free id-number between
|
||||
* the used id-numbers
|
||||
*/
|
||||
|
@ -232,53 +229,53 @@ class posixAccount {
|
|||
if ($i>$maxID)
|
||||
$errors[] = array('ERROR', _('ID-Number'), _('No free ID-Number!'));
|
||||
else {
|
||||
$this->attributes['uidNumber'] = $i;
|
||||
$this->attributes['uidNumber'][0] = $i;
|
||||
$errors[] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
|
||||
}
|
||||
}
|
||||
else $this->attributes['uidNumber'] = $minID;
|
||||
else $this->attributes['uidNumber'][0] = $minID;
|
||||
// return minimum allowed id-number if no id-numbers are found
|
||||
}
|
||||
else $this->attributes['uidNumber'] = $this->orig['uidNumber'];
|
||||
else $this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
|
||||
// old account -> return id-number which has been used
|
||||
}
|
||||
else {
|
||||
// Check manual ID
|
||||
// id-number is out of valid range
|
||||
if ( $this->attributes['uidNumber'] < $minID || $this->attributes['uidNumber'] > $maxID) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
|
||||
if ( ($this->attributes['uidNumber'][0]!=$post['form_posixAccount_uidNumber']) && ($this->attributes['uidNumber'][0] < $minID || $this->attributes['uidNumber'][0] > $maxID)) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
|
||||
// $uids is allways an array but not if no entries were found
|
||||
if (is_array($uids)) {
|
||||
// id-number is in use and account is a new account
|
||||
if ((in_array($this->attributes['uidNumber'], $uids)) && $this->orig['uidNumber']=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
|
||||
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
|
||||
// id-number is in use, account is existing account and id-number is not used by itself
|
||||
if ((in_array($this->attributes['uidNumber'], $uids)) && $this->orig['uidNumber']!='' && ($this->orig['uidNumber'] != $this->attributes['uidNumber']) ) {
|
||||
if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]!='' && ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0]) ) {
|
||||
$errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
|
||||
$this->attributes['uidNumber'] = $this->orig['uidNumber'];
|
||||
$this->attributes['uidNumber'][0] = $this->orig['uidNumber'][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check if Homedir is valid
|
||||
$this->attributes['homeDirectory'] = str_replace('$group', getgrnam($this->attributes['gidNumber']), $this->attributes['homeDirectory']);
|
||||
if ($this->attributes['uid'] != '')
|
||||
$this->attributes['homeDirectory'] = str_replace('$user', $this->attributes['uid'], $this->attributes['homeDirectory']);
|
||||
if ($this->attributes['homeDirectory'] != $_POST['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
|
||||
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $this->attributes['homeDirectory'] ))
|
||||
$this->attributes['homeDirectory'][0] = str_replace('$group', getgrnam($this->attributes['gidNumber'][0]), $this->attributes['homeDirectory'][0]);
|
||||
if ($this->attributes['uid'][0] != '')
|
||||
$this->attributes['homeDirectory'][0] = str_replace('$user', $this->attributes['uid'][0], $this->attributes['homeDirectory'][0]);
|
||||
if ($this->attributes['homeDirectory'][0] != $post['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
|
||||
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $this->attributes['homeDirectory'][0] ))
|
||||
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
|
||||
// Return error-messages
|
||||
if (is_array($errors)) return $errors;
|
||||
// Go to additional group page when no error did ocour and button was pressed
|
||||
if ($_POST['form_posixAccount_addgroup']) return 'group';
|
||||
if ($post['form_posixAccount_addgroup']) return 'group';
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function process_groups() {
|
||||
function proccess_group($post) {
|
||||
do { // X-Or, only one if() can be true
|
||||
if (isset($_POST['form_posixAccount_addgroups']) && isset($_POST['form_posixAccount_addgroups_button'])) { // Add groups to list
|
||||
if (isset($post['form_posixAccount_addgroups']) && isset($post['form_posixAccount_addgroups_button'])) { // Add groups to list
|
||||
// Add new group
|
||||
$this->groups = @array_merge($this->groups, $_POST['form_posixAccount_addgroups']);
|
||||
$this->groups = @array_merge($this->groups, $post['form_posixAccount_addgroups']);
|
||||
// remove doubles
|
||||
$this->groups = @array_flip($this->groups);
|
||||
array_unique($this->groups);
|
||||
|
@ -287,13 +284,13 @@ class posixAccount {
|
|||
sort($this->groups);
|
||||
break;
|
||||
}
|
||||
if (isset($_POST['form_posixAccount_removegroups']) && isset($_POST['form_posixAccount_removegroups_button'])) { // remove groups from list
|
||||
$this->groups = array_delete($_POST['form_posixAccount_removegroups'], $this->groups);
|
||||
if (isset($post['form_posixAccount_removegroups']) && isset($post['form_posixAccount_removegroups_button'])) { // remove groups from list
|
||||
$this->groups = array_delete($post['form_posixAccount_removegroups'], $this->groups);
|
||||
break;
|
||||
}
|
||||
} while(0);
|
||||
if (isset($_POST['form_posixAccount_addgroups_button']) || isset($_POST['form_posixAccount_removegroups_button'])) return 'group';
|
||||
if ($_POST['form_posixAccount_toattributes']) return 'attributes';
|
||||
if (isset($post['form_posixAccount_addgroups_button']) || isset($post['form_posixAccount_removegroups_button'])) return 'group';
|
||||
if ($post['form_posixAccount_toattributes']) return 'attributes';
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -319,8 +316,9 @@ class posixAccount {
|
|||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->orig = $this->attributes;
|
||||
$this->attributes['objectClass'][0] = 'posixAccount';
|
||||
// get all additional groupmemberships
|
||||
$dn_groups = $this->base->cache->get_cache('memberUid', 'posixGroup', 'group');
|
||||
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
|
||||
$DNs = array_keys($dn_groups);
|
||||
foreach ($DNs as $DN) {
|
||||
if (in_array($attr['uid'], $dn_groups[$DN]))
|
||||
|
@ -341,27 +339,52 @@ class posixAccount {
|
|||
* modify are attributes which have to been modified in ldap entry
|
||||
*/
|
||||
function save_attributes() {
|
||||
// Get list off all attributes
|
||||
$attributes = $this->orig;
|
||||
// Get list of all "easy" attributes
|
||||
$attr_names = array_keys($attributes);
|
||||
foreach ($attr_names as $attr_name) {
|
||||
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])==0) $return[$this->base['dn']]['add'][$attr_name] = $this->attributes[$attr_name];
|
||||
if (count($this->attributes[$attr_name])!=0 && count($this->orig[$attr_name])!=0) {
|
||||
// We have to check every single attribute
|
||||
$attr_names = array_keys($this->attributes);
|
||||
// Get attributes which should be added
|
||||
$attributes = array_delete($this->orig[$attr_name], $this->attributes[$attr_name]);
|
||||
// Encode as unicode
|
||||
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
|
||||
if (count($attributes)!=0) $return[$this->base['dn']]['add'][$attr_name] = $attributes;
|
||||
// Get attributes which should be removed
|
||||
$attributes = array_delete($this->attributes[$attr_name], $this->orig[$attr_name]);
|
||||
// Encode as unicode
|
||||
for ($i=0; $i<count($attributes); $i++) $attributes[$i] = utf8_encode ($attributes[$i]);
|
||||
if (count($attributes)!=0) $return[$this->base['dn']]['remove'][$attr_name] = $attributes;
|
||||
for ($i=0; $i<count($attr_names); $i++) {
|
||||
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->attributes[$attr_names[$i]])) {
|
||||
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
|
||||
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
|
||||
}
|
||||
if (count($this->attributes[$attr_name])==0 && count($this->orig[$attr_name])!=0) $return[$this->base['dn']]['remove'][$attr_name] = $this->orig[$attr_name];
|
||||
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
|
||||
}
|
||||
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->orig[$attr_names[$i]])) {
|
||||
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
|
||||
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
|
||||
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
|
||||
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
}
|
||||
}
|
||||
// create modify wuth add and remove
|
||||
if (is_array($toadd)) {
|
||||
$attributes = array_keys($toadd);
|
||||
for ($i=0; $i<count($attributes); $i++) {
|
||||
if (isset($torem[$attributes[$i]])) {
|
||||
// found modify entry
|
||||
// Add unchanged attributes
|
||||
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
|
||||
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
|
||||
// unset attributes
|
||||
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
|
||||
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
|
||||
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
|
||||
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
|
||||
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
|
||||
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
|
||||
|
||||
// Remove primary group from additional groups
|
||||
for ($i=0; $i<count($this->groups); $i++) {
|
||||
|
@ -375,7 +398,7 @@ class posixAccount {
|
|||
//There are some old groups.
|
||||
$add = array_delete($this->groups_orig, $this->groups);
|
||||
$remove = array_delete($this->groups, $this->groups_orig);
|
||||
$dn_cns = $this->base->cache->get_cache('cn', 'posixGroup', 'group');
|
||||
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
|
||||
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
|
||||
$DNs = array_keys($dn_cns);
|
||||
foreach ($DNs as $DN) {
|
||||
|
@ -387,7 +410,7 @@ class posixAccount {
|
|||
}
|
||||
else {
|
||||
// Add user to every group
|
||||
$dn_cns = $this->base->cache->get_cache('cn', 'posixGroup', 'group');
|
||||
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
|
||||
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
|
||||
$DNs = array_keys($dn_cns);
|
||||
foreach ($DNs as $DN) {
|
||||
|
@ -398,7 +421,7 @@ class posixAccount {
|
|||
else {
|
||||
if (is_array($this->groups_orig)) {
|
||||
//There are some old groups which have to be removed
|
||||
$dn_cns = $this->base->cache->get_cache('cn', 'posixGroup', 'group');
|
||||
$dn_cns = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('cn', 'posixGroup', 'group');
|
||||
// get_cache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
|
||||
$DNs = array_keys($dn_cns);
|
||||
foreach ($DNs as $DN) {
|
||||
|
@ -422,13 +445,12 @@ class posixAccount {
|
|||
* to show a page with all attributes.
|
||||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes() {
|
||||
function display_html_attributes($post) {
|
||||
$groups = findgroups(); // list of all groupnames
|
||||
$shelllist = getshells(); // list of all valid shells
|
||||
|
||||
echo "<table border=0 width=\"100%\">\n<tr>\n";
|
||||
echo "<td>" . _('UID number') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixAccout_uidNumber\" type=\"text\" size=\"6\" maxlength=\"6\" value=\"".$this->attributes['uidNumber']."\"></td>\n";
|
||||
echo "<td>" . _('UID number') ."</td>\n";
|
||||
echo "<td><input name=\"form_posixAccount_uidNumber\" type=\"text\" size=\"6\" maxlength=\"6\" value=\"".$this->attributes['uidNumber'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=401\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
|
@ -436,12 +458,12 @@ class posixAccount {
|
|||
echo "<td><select name=\"form_posixAccount_group\">";
|
||||
// loop trough existing groups
|
||||
foreach ($groups as $group)
|
||||
if (getgrnam($this->attributes['gidNumber']) == $group) echo "<option selected> $group </option>\n";
|
||||
if (getgrnam($this->attributes['gidNumber'][0]) == $group) echo "<option selected> $group </option>\n";
|
||||
else echo "<option> $group </option>\n";
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=406\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
if ($this->base['type']=='user') {
|
||||
if ($_SESSION[$this->base]->type=='user') {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Additional groups') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixAccount_addgroup\" type=\"submit\" value=\"" . _('Edit groups') . "\"></td>\n";
|
||||
|
@ -449,23 +471,23 @@ class posixAccount {
|
|||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Home directory') . "*</td>\n";
|
||||
echo "<td><input name=\"form_posixAccount_homeDirectory\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['homeDirectory']."\"></td>\n";
|
||||
echo "<td><input name=\"form_posixAccount_homeDirectory\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['homeDirectory'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=403\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Gecos') . "</td>\n";
|
||||
echo "<td><input name=\"form_posixAccount_gecos\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['gecos']."\"></td>\n";
|
||||
echo "<td><input name=\"form_posixAccount_gecos\" type=\"text\" size=\"30\" maxlength=\"255\" value=\"".$this->attributes['gecos'][0]."\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=404\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
if ($this->base['type']=='user') {
|
||||
if ($_SESSION[$this->base]->type=='user') {
|
||||
if (count($shelllist)!=0) {
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Login shell') . "*</td>\n";
|
||||
echo "<td><select name=\"form_posixAccount_loginShell\">";
|
||||
// loop through shells
|
||||
foreach ($shelllist as $shell)
|
||||
if ($this->attributes['loginShell']==trim($shell)) echo "<option selected> $shell </option>\n";
|
||||
if ($this->attributes['loginShell'][0]==trim($shell)) echo "<option selected> $shell </option>\n";
|
||||
else echo "<option> $shell </option>\n";
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=405\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
|
@ -476,9 +498,9 @@ class posixAccount {
|
|||
return 0;
|
||||
}
|
||||
|
||||
function display_html_group() {
|
||||
function display_html_group($post) {
|
||||
// load list with all groups
|
||||
$dn_groups = $this->base->cache->get_cache('uidNumber', 'posixGroup', 'group');
|
||||
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('uidNumber', 'posixGroup', 'group');
|
||||
foreach ($dn_groups as $group) $groups[] = $group[0];
|
||||
// sort groups
|
||||
sort($groups, SORT_STRING);
|
||||
|
|
|
@ -0,0 +1,348 @@
|
|||
<?php
|
||||
/*
|
||||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
Copyright (C) 2003 Tilo Lutz
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
/* Session variables which are used:
|
||||
* $_SESSION['cacheAttributes']: This variable contains a list of attributes and their scope which should be cached
|
||||
*
|
||||
* Coockie variables which are used:
|
||||
* $_COOKIE["IV"], $_COOKIE["Key"]: Needed to en/decrypt passwords.
|
||||
*
|
||||
* Variables in basearray which are no objects:
|
||||
* type: Type of account. Can be user, group, host
|
||||
* attributes: List of all attributes, how to get them and are theiy required or optional
|
||||
* dn: current DN without uid= or cn=
|
||||
* dn_orig: old DN if account was loaded with uid= or cn=
|
||||
|
||||
* External functions which are used
|
||||
* account.inc: findgroups, incache, get_cache, array_delete, getshells
|
||||
* ldap.inc: pwd_is_enabled, pwd_hash
|
||||
*/
|
||||
|
||||
/* This class contains all shadowAccount LDAP attributes
|
||||
* and funtioncs required to deal with shadowAccount
|
||||
* shadowAccount can only be created when it should be added
|
||||
* to an array.
|
||||
* basearray is the same array shadowAccount should be added
|
||||
* to. If basearray is not given the constructor tries to
|
||||
* create an array with shadowAccount and all other required
|
||||
* objects.
|
||||
* Example: $user[] = new shadowAccount($user);
|
||||
*
|
||||
* In container array the following things have to exist:
|
||||
* account or inetOrgPerson object
|
||||
* type: 'user' or 'host'
|
||||
* 'attributes': this is a list of arrays with all ldap attributes wich are allowed for this account
|
||||
*/
|
||||
class shadowAccount {
|
||||
// Constructor
|
||||
function shadowAccount($base) {
|
||||
/* Return an error if shadowAccount should be created without
|
||||
* base container
|
||||
*/
|
||||
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
|
||||
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'shadowAccount\');'), E_USER_ERROR);
|
||||
$this->base = $base;
|
||||
// shadowAccount is only a valid objectClass for user and host
|
||||
if (!($_SESSION[$this->base]->get_type() == 'user')) trigger_error(_('shadowAccount can only be used for users.'), E_USER_WARNING);
|
||||
/* Check if ldap conatiner is in array and set type
|
||||
* users are using inetOrgPerson-, hosts account-container
|
||||
*/
|
||||
if (!isset($_SESSION[$this->base]->module['inetOrgPerson'])) $_SESSION[$this->base]->add_objectClass('inetOrgPerson');
|
||||
// Add account type to object
|
||||
$line=-1;
|
||||
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'shadowAccount'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'shadowAccount'), E_USER_WARNING);
|
||||
// Add Array with all attributes and type
|
||||
$_SESSION[$this->base]->add_attributes ('shadowAccount');
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
// Ad must
|
||||
foreach (explode(" $ ", $string) as $attribute) {
|
||||
$this->attributes[$attribute] = '';
|
||||
}
|
||||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
// Ad may
|
||||
foreach (explode(" $ ", $string) as $attribute) {
|
||||
$this->attributes[$attribute] = '';
|
||||
}
|
||||
}
|
||||
// Get attributes of subclasses
|
||||
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
|
||||
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
|
||||
// Add account type to object
|
||||
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
|
||||
}
|
||||
// Return error if objectClass isn't found
|
||||
// *** fixme, fix error message
|
||||
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
|
||||
|
||||
// create array with must-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
// Ad must
|
||||
foreach (explode(" $ ", $string) as $attribute) {
|
||||
$this->attributes[$attribute] = '';
|
||||
}
|
||||
}
|
||||
// create array with may-attributes
|
||||
// Get startposition in string
|
||||
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
|
||||
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
|
||||
// Now we have a string with all must-attributes
|
||||
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
|
||||
$string = trim($string);
|
||||
// Ad may
|
||||
foreach (explode(" $ ", $string) as $attribute) {
|
||||
$this->attributes[$attribute] = '';
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->alias = _('shadowAccount');
|
||||
// Make references to attributes which already esists in ldap
|
||||
$newattributes = array_keys($this->attributes);
|
||||
$module = array_keys($_SESSION[$this->base]->module);
|
||||
// fixme *** do we have to unset module shadowAccount itself
|
||||
for ($i=0; $i<count($module); $i++) {
|
||||
foreach ($newattributes as $attribute)
|
||||
if (isset($_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute])) $this->attributes[$attribute] =& $_SESSION[$this->base]->module[$module[$i]]->attributes[$attribute];
|
||||
}
|
||||
$this->orig = $this->attributes ;
|
||||
$this->attributes['objectClass'][0] = 'shadowAccount';
|
||||
}
|
||||
|
||||
// Variables
|
||||
// Alias Name. This name is shown in the menu instead of shadowAccount
|
||||
var $alias;
|
||||
// name of accountContainer so we can read other classes in accuontArray
|
||||
var $base;
|
||||
|
||||
// This variable contains all inetOrgPerson attributes
|
||||
var $attributes;
|
||||
/* If an account was loaded all attributes are kept in this array
|
||||
* to compare it with new changed attributes
|
||||
*/
|
||||
var $orig;
|
||||
|
||||
/* This function returns a list with all required modules
|
||||
*/
|
||||
function dependencies() {
|
||||
return array('inetOrgPerson');
|
||||
}
|
||||
|
||||
/* Write variables into object and do some regexp checks
|
||||
*/
|
||||
function proccess_attributes($post) {
|
||||
// Load attributes
|
||||
$this->attributes['shadowMin'][0] = $post['form_shadowAccount_shadowMin'];
|
||||
$this->attributes['shadowMax'][0] = $post['form_shadowAccount_shadowMax'];
|
||||
$this->attributes['shadowWarning'][0] = $post['form_shadowAccount_shadowWarning'];
|
||||
$this->attributes['shadowInactive'][0] = $post['form_shadowAccount_shadowInactive'];
|
||||
$this->attributes['shadowWarning'][0] = mtime(10, 0, 0, $post['form_shadowAccount_shadowExpire_mon'],
|
||||
$post['form_shadowAccount_shadowExpire_day'], $post['form_shadowAccount_shadowExpire_yea']);
|
||||
|
||||
if ( !ereg('^([0-9])*$', $this->attributes['shadowMin'][0])) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
|
||||
if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0] ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
|
||||
if ( !ereg('^([0-9]*)$', $this->attributes['shadowMax'][0])) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
|
||||
if ( !ereg('^(([-][1])|([0-9]*))$', $this->attributes['shadowInactive'][0]))
|
||||
$errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
|
||||
if ( !ereg('^([0-9]*)$', $this->attributes['shadowWarning'][0])) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
|
||||
|
||||
if (is_array($errors)) return $errors;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* This function loads all attributes into the object
|
||||
* $attr is an array as it's retured from ldap_get_attributes
|
||||
*/
|
||||
function load_attributes($attr) {
|
||||
// Load attributes which are displayed
|
||||
// unset count entries
|
||||
unset ($attr['count']);
|
||||
$attributes = array_keys($attr);
|
||||
foreach ($attributes as $attribute) unset ($attr[$attribute]['count']);
|
||||
// unset double entries
|
||||
for ($i=0; $i<count($attr); $i++)
|
||||
if (isset($attr[$i])) unset($attr[$i]);
|
||||
foreach ($attributes as $attribute) {
|
||||
if (isset($this->attributes[$attribute])) {
|
||||
// decode as unicode
|
||||
$this->attributes[$attribute] = $attr[$attribute];
|
||||
for ($i=0; $i<count($this->attributes[$attribute]); $i++) $this->attributes[$attribute][$i] = utf8_decode ($this->attributes[$attribute][$i]);
|
||||
}
|
||||
}
|
||||
// Values are kept as copy so we can compare old attributes with new attributes
|
||||
$this->orig = $this->attributes;
|
||||
$this->attributes['objectClass'][0] = 'shadowAccount';
|
||||
}
|
||||
|
||||
|
||||
/* This function returns an array with 3 entries:
|
||||
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||
* DN is the DN to change. It may be possible to change several DNs,
|
||||
* e.g. create a new user and add him to some groups via attribute memberUid
|
||||
* add are attributes which have to be added to ldap entry
|
||||
* remove are attributes which have to be removed from ldap entry
|
||||
* modify are attributes which have to been modified in ldap entry
|
||||
*/
|
||||
function save_attributes() {
|
||||
// Get list of all "easy" attributes
|
||||
$attr_names = array_keys($this->attributes);
|
||||
// Get attributes which should be added
|
||||
for ($i=0; $i<count($attr_names); $i++) {
|
||||
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->attributes[$attr_names[$i]])) {
|
||||
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
|
||||
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
|
||||
}
|
||||
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
|
||||
}
|
||||
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->orig[$attr_names[$i]])) {
|
||||
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
|
||||
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
|
||||
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
|
||||
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
|
||||
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
|
||||
}
|
||||
}
|
||||
}
|
||||
// create modify wuth add and remove
|
||||
if (is_array($toadd)) {
|
||||
$attributes = array_keys($toadd);
|
||||
for ($i=0; $i<count($attributes); $i++) {
|
||||
if (isset($torem[$attributes[$i]])) {
|
||||
// found modify entry
|
||||
// Add unchanged attributes
|
||||
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
|
||||
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
|
||||
// unset attributes
|
||||
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
|
||||
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
|
||||
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
|
||||
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
|
||||
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
|
||||
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
|
||||
|
||||
// Set shadowLastchange manual.
|
||||
if ($_SESSION[$this->base]->module['inetOrgPerson']->userPassword()!='' || $_SESSION[$this->base]->module['inetOrgPerson']->userPassword_no)
|
||||
$return[$_SESSION[$this->base]->dn]['modify']['shadowLastChange'] = array(time()/3600/24);
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/* This function returns all ldap attributes
|
||||
* which are part of shadowAccount and returns
|
||||
* also their values.
|
||||
*/
|
||||
function get_attributes() {
|
||||
return $this->attributes;
|
||||
}
|
||||
|
||||
/* This function will create the html-page
|
||||
* to show a page with all attributes.
|
||||
* It will output a complete html-table
|
||||
*/
|
||||
function display_html_attributes($post) {
|
||||
// Use dd-mm-yyyy format of date because it's easier to read for humans
|
||||
$date = getdate ($this->attributes['shadowExpire'][0]*3600*24);
|
||||
echo "<table border=0 width=\"100%\">\n<tr>\n";
|
||||
echo "<td>" . _('Password warn') . "</td>\n";
|
||||
echo "<td><input name=\"form_shadowAccount_shadowWarning\" type=\"text\" size=\"4\" maxlength=\"4\" value=\"" . $this->attributes['shadowWarning'][0] . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=414\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Password Expire') . "</td>\n";
|
||||
echo "<td><input name=\"form_shadowAccount_shadowInactive\" type=\"text\" size=\"4\" maxlength=\"4\" value=\"" . $this->attributes['shadowInactive'][0] . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=415\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Maximum password age') . "</td>\n";
|
||||
echo "<td><input name=\"form_shadowAccount_shadowMax\" type=\"text\" size=\"5\" maxlength=\"5\" value=\"" . $this->attributes['shadowMax'][0] . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=416\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Minimum password age') . "</td>\n";
|
||||
echo "<td><input name=\"form_shadowAccount_shadowMin\" type=\"text\" size=\"4\" maxlength=\"4\" value=\"" . $this->attributes['shadowMin'][0] . "\"></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=417\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td>" . _('Expire date') . "</td>\n";
|
||||
echo "<td><select name=\"form_shadowAccount_shadowExpire_day\">";
|
||||
for ( $i=1; $i<=31; $i++ ) {
|
||||
if ($date['mday']==$i) echo "<option selected>$i</option>";
|
||||
else echo "<option>$i</option>";
|
||||
}
|
||||
echo "</select>\n<select name=\"form_shadowAccount_shadowExpire_mon\">";
|
||||
for ( $i=1; $i<=12; $i++ ) {
|
||||
if ($date['mon'] == $i) echo "<option selected>$i</option>";
|
||||
else echo "<option>$i</option>";
|
||||
}
|
||||
echo "</select>\n<select name=\"form_shadowAccount_shadowExpire_yea\">";
|
||||
for ( $i=2030; $i>=2003; $i-- ) {
|
||||
if ($date['year']==$i) echo "<option selected>$i</option>";
|
||||
else echo "<option>$i</option>";
|
||||
}
|
||||
echo "</select></td>\n";
|
||||
echo "<td><a href=\"../help.php?HelpNumber=418\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</table>\n";
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
?>
|
|
@ -758,11 +758,6 @@ if (is_array($errors))
|
|||
|
||||
// print_r($account_new);
|
||||
//print_r($account_old);
|
||||
//$_SESSION['cache'] = new cache();
|
||||
//$temp = new accountContainer('user');
|
||||
//$temp->add_objectClass('posixAccount');
|
||||
//$temp->load_account('uid=julia,ou=people,dc=my-domain,dc=com');
|
||||
//print_r($temp->module['posixAccount']->attributes);
|
||||
|
||||
switch ($select_local) {
|
||||
/* Select which part of page should be loaded and check values
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
<?php
|
||||
/*
|
||||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||
Copyright (C) 2003 Tilo Lutz
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
||||
LDAP Account Manager displays table for creating or modifying accounts in LDAP
|
||||
*/
|
||||
|
||||
// include all needed files
|
||||
include_once('../../lib/account.inc'); // File with all account-funtions
|
||||
include_once('../../lib/config.inc'); // File with configure-functions
|
||||
include_once('../../lib/profiles.inc'); // functions to load and save profiles
|
||||
include_once('../../lib/status.inc'); // Return error-message
|
||||
include_once('../../lib/pdf.inc'); // Return a pdf-file
|
||||
include_once('../../lib/ldap.inc'); // LDAP-functions
|
||||
|
||||
/* We have to include all modules
|
||||
* before start session
|
||||
* *** fixme I would prefer loading them dynamic but
|
||||
* i don't know how to to this
|
||||
*/
|
||||
$dir = opendir('../../lib/modules');
|
||||
while ($entry = readdir($dir))
|
||||
if (is_file('../../lib/modules/'.$entry)) include_once ('../../lib/modules/'.$entry);
|
||||
|
||||
|
||||
|
||||
// Start session
|
||||
session_save_path('../../sess');
|
||||
@session_start();
|
||||
|
||||
// Redirect to startpage if user is not loged in
|
||||
if (!isset($_SESSION['loggedIn'])) {
|
||||
metaRefresh("../login.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
// Set correct language, codepages, ....
|
||||
setlanguage();
|
||||
|
||||
if (!isset($_SESSION['cache'])) {
|
||||
$_SESSION['cache'] = new cache();
|
||||
}
|
||||
if ($_GET['DN']) {
|
||||
//load account
|
||||
$DN = str_replace("\'", '', $_GET['DN']);
|
||||
$_SESSION['account'] = new accountContainer('user', 'account');
|
||||
$_SESSION['account']->load_account($DN);
|
||||
}
|
||||
else if (count($_POST)==0) {
|
||||
$_SESSION['account'] = new accountContainer('user', 'account');
|
||||
$_SESSION['account']->new_account();
|
||||
}
|
||||
$_SESSION['account']->continue_main($_POST);
|
||||
|
||||
?>
|
Loading…
Reference in New Issue