WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

checked useredit.php, groupedit.php and delete.php 

Now I only need to check mass*.php
This commit is contained in:
katagia 2003-10-21 15:36:12 +00:00
parent 3f1a646797
commit d8aeeb9886
4 changed files with 260 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lam/lib/account.inc
View File

@ -210,7 +210,7 @@ function getquotas($type,$user='+') {
/* scriptServer is the IP to remote-host to which lam should connect via ssh
* scriptPath is Path to lamdaemon.pl on remote system
*/
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals, $status);
exec("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite, $vals, $status);
/* $vals is a string which contains a two dimensional array.
* We have to recreate it with explode
*
@ -702,6 +702,8 @@ function loaduser($dn) {
$return->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
// Set user samba flag
$account_new->smb_flagsW = 0;
/* Write attributes into $return.
* Some values don't have to be set. These are only loaded if they are set
*/
@ -1668,8 +1670,9 @@ function createhost($values) {
if ($_SESSION['config']->is_samba3()) {
// Add all attributes as samba3 objectclass
$attr['objectClass'][3] = 'sambaSamAccount';
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
// "Standard" password for new hosts
$attr['sambaNTPassword'] = '0CB6948805F797BF2A82807973B89537';
$attr['sambaLMPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
$attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
@ -1682,8 +1685,9 @@ function createhost($values) {
else {
// Add all attributes as samba2.2 objectclass
$attr['objectClass'][3] = 'sambaAccount';
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
// "Standard" password for new hosts
$attr['ntPassword'] = '0CB6948805F797BF2A82807973B89537';
$attr['lmPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
$attr['pwdLastSet'] = time(); // sambaAccount_may
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
@ -1823,8 +1827,9 @@ function modifyhost($values,$values_old) {
}
// Reset password
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
// "Standard" password for new hosts
$attr['sambaNTPassword'] = '0CB6948805F797BF2A82807973B89537';
$attr['sambaLMPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
$attr['userPassword'] = '';
$attr['shadowLastChange'] = getdays();
@ -1886,8 +1891,9 @@ function modifyhost($values,$values_old) {
if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
}
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
// "Standard" password for new hosts
$attr['ntPassword'] = '0CB6948805F797BF2A82807973B89537';
$attr['lmPassword'] = '01FC5A6BE7BC6929AAD3B435B51404EE';
$attr['pwdLastSet'] = time(); // sambaAccount_may
$attr['userPassword'] = '';
$attr['shadowLastChange'] = getdays();

15
lam/templates/account/groupedit.php
View File

@ -37,8 +37,8 @@ session_save_path('../../sess');
// Set correct language, codepages, ....
setlanguage();
/* hostaccount.php is using dynamic session varialenames so
* we can run several copies of hostaccount.php at the same
/* groupedit.php is using dynamic session varialenames so
* we can run several copies of groupedit.php at the same
* time
* $varkey is the dynamic part of the variable name
*/
@ -56,7 +56,6 @@ $ldap_intern =& $_SESSION['ldap'];
$config_intern =& $_SESSION['config'];
$header_intern =& $_SESSION['header'];
$userDN_intern =& $_SESSION['userDN'];
// Register Post-Variables as reference
// $_GET is only valid if groupedit.php was called from grouplist.php
if (isset($_GET['DN']) && $_GET['DN']!='') {
@ -129,7 +128,6 @@ switch ($_POST['select']) {
* general = startpage, general account paramters
* samba = page with all samba-related parameters e.g. smbpassword
* quota = page with all quota-related parameters e.g. hard file quota
* personal = page with all personal-related parametergs, e.g. phone number
* final = last page shown before account is created/modified
* finish = page shown after account has been created/modified
*/
@ -142,11 +140,11 @@ switch ($_POST['select']) {
$account_new->unix_memberUid = array_flip($account_new->unix_memberUid);
array_unique($account_new->unix_memberUid);
$account_new->unix_memberUid = array_flip($account_new->unix_memberUid);
// sort user
// sort users
sort($account_new->unix_memberUid);
break;
}
if (isset($_POST['members']) && isset($_POST['remove'])) { // remove users fromlist
if (isset($_POST['members']) && isset($_POST['remove'])) { // remove users from list
$account_new->unix_memberUid = array_delete($_POST['members'], $account_new->unix_memberUid);
break;
}
@ -155,15 +153,14 @@ switch ($_POST['select']) {
$select_local = 'groupmembers';
break;
case 'general':
// Write all general attributes into $account_new if no profile should be loaded
if (!$_POST['load']) {
// Write all general attributes into $account_new if no profile should be loaded
$account_new->general_dn = $_POST['f_general_suffix'];
$account_new->general_username = $_POST['f_general_username'];
$account_new->general_uidNumber = $_POST['f_general_uidNumber'];
$account_new->general_gecos = $_POST['f_general_gecos'];
// Check if values are OK and set automatic values. if not error-variable will be set
// Check if Groupname contains only valid characters
if ( !ereg('^([a-z]|[0-9]|[.]|[-]|[_])*$', $account_new->general_username))
$errors[] = array('ERROR', _('Groupname'), _('Groupname contains invalid characters. Valid characters are: a-z, 0-9 and .-_ !'));
@ -369,10 +366,10 @@ do { // X-Or, only one if() can be true
}
// Go back to listgroups.php
if ($_POST['backmain']) {
metaRefresh("../lists/listgroups.php");
if (isset($_SESSION['account_'.$varkey.'_account_new'])) unset($_SESSION['account_'.$varkey.'_account_new']);
if (isset($_SESSION['account_'.$varkey.'_account_old'])) unset($_SESSION['account_'.$varkey.'_account_old']);
if (isset($_SESSION['account_'.$varkey.'_final_changegids'])) unset($_SESSION['account_'.$varkey.'_final_changegids']);
metaRefresh("../lists/listgroups.php");
die;
break;
}

4
lam/templates/account/hostedit.php
View File

@ -90,8 +90,8 @@ switch ($_POST['select']) {
* final = page which will be displayed if changes were made
*/
case 'general':
// Write all general values into $account_new if no profile should be loaded
if (!$_POST['load']) {
// Write all general values into $account_new if no profile should be loaded
$account_new->general_dn = $_POST['f_general_suffix'];
$account_new->general_username = $_POST['f_general_username'];
$account_new->general_uidNumber = $_POST['f_general_uidNumber'];
@ -272,9 +272,9 @@ do { // X-Or, only one if() can be true
}
// Go back to listhosts.php
if ($_POST['backmain']) {
metaRefresh("../lists/listhosts.php");
if (isset($_SESSION['account_'.$varkey.'_account_new'])) unset($_SESSION['account_'.$varkey.'_account_new']);
if (isset($_SESSION['account_'.$varkey.'_account_old'])) unset($_SESSION['account_'.$varkey.'_account_old']);
metaRefresh("../lists/listhosts.php");
die;
break;
}

453
lam/templates/account/useredit.php
View File

@ -23,6 +23,7 @@ $Id$
LDAP Account Manager displays table for creating or modifying accounts in LDAP
*/
// include all needed files
include_once('../../lib/account.inc'); // File with all account-funtions
include_once('../../lib/config.inc'); // File with configure-functions
include_once('../../lib/profiles.inc'); // functions to load and save profiles
@ -30,10 +31,17 @@ include_once('../../lib/status.inc'); // Return error-message
include_once('../../lib/pdf.inc'); // Return a pdf-file
include_once('../../lib/ldap.inc'); // LDAP-functions
// Start session
session_save_path('../../sess');
@session_start();
// Set correct language, codepages, ....
setlanguage();
/* groupedit.php is using dynamic session varialenames so
* we can run several copies of groupedit.php at the same
* time
* $varkey is the dynamic part of the variable name
*/
if (!isset($_POST['varkey'])) $varkey = session_id().time();
else $varkey = $_POST['varkey'];
@ -45,51 +53,56 @@ if (!isset($_SESSION['account_'.$varkey.'_shelllist'])) $_SESSION['account_'.$va
// Register Session-Variables with references so we don't net to change to complete code if names changes
$account_new =& $_SESSION['account_'.$varkey.'_account_new'];
$shelllist =& $_SESSION['account_'.$varkey.'_shelllist'];
$final_changegids =& $_SESSION['account_'.$varkey.'_final_changegids'];
if (is_object($_SESSION['account_'.$varkey.'_account_old'])) $account_old =& $_SESSION['account_'.$varkey.'_account_old'];
$ldap_intern =& $_SESSION['ldap'];
$config_intern =& $_SESSION['config'];
$header_intern =& $_SESSION['header'];
$hostDN_intern =& $_SESSION['hostDN'];
$groupDN_intern =& $_SESSION['groupDN'];
// $_GET is only valid if useredit.php was called from userlist.php
if (isset($_GET['DN']) && $_GET['DN']!='') {
// useredit.php should edit an existing account
// reset variables
if (isset($_SESSION['account_'.$varkey.'_account_old'])) {
unset($account_old);
unset($_SESSION['account_'.$varkey.'_account_old']);
}
$_SESSION['account_'.$varkey.'_account_old'] = new account();
$account_old =& $_SESSION['account_'.$varkey.'_account_old'];
// get "real" DN from variable
$DN = str_replace("\'", '',$_GET['DN']);
// Load existing group
$account_new = loaduser($DN);
$account_new ->type = 'user';
$account_old = $account_new;
$account_new->unix_password='';
$account_new->smb_password='';
$account_new->smb_flagsW = 0;
$account_new->general_dn = substr($account_new->general_dn, strpos($account_new->general_dn, ',')+1);
$final_changegids = '';
// Display general-page
$select_local = 'general';
}
else if (count($_POST)==0) { // Startcondition. useredit.php was called from outside
// Startcondition. useredit.php was called from outside to create a new group
else if (count($_POST)==0) {
// Create new account object with settings from default profile
$account_new = loadUserProfile('default');
$account_new ->type = 'user';
$account_new->smb_flagsW = 0;
// load quotas from profile and check if they are valid
if ($config_intern->scriptServer) {
// load quotas and check if quotas from profile are valid
$values = getquotas('user');
if (isset($account_new->quota[0])) { // check quotas from profile
if (isset($account_new->quota[0])) {
// check quotas from profile
$i=0;
// check quota settings
// check quota settings, loop for every partition with quotas
while (isset($account_new->quota[$i])) {
// search if quotas from profile fit to a real quota
$found = (-1);
for ($j=0; $j<count($values->quota); $j++)
if ($values->quota[$j][0]==$account_new->quota[$i][0]) $found = $j;
// unset quota from profile if quotas (mointpoint) doesn't exists anymore
if ($found==-1) unset($account_new->quota[$i]);
else {
// Set missing part in quota-array
$account_new->quota[$i][1] = $values->quota[$found][1];
$account_new->quota[$i][5] = $values->quota[$found][5];
$account_new->quota[$i][4] = $values->quota[$found][4];
@ -97,83 +110,87 @@ if (isset($_GET['DN']) && $_GET['DN']!='') {
$i++;
}
}
// Beautify array, repair index
$account_new->quota = array_values($account_new->quota);
}
else { // No quotas saved in profile
// Display quotas for new users (Quota set to 0)
if (is_object($values)) {
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $account_new->$key = $val;
}
}
}
if (isset($_SESSION['account_'.$varkey.'_account_old'])) {
unset($account_old);
unset($_SESSION['account_'.$varkey.'_account_old']);
}
// Display general-page
$select_local = 'general';
}
switch ($_POST['select']) { // Select which part of page should be loaded and check values
// general = startpage, general account paramters
// unix = page with all shadow-options and password
// samba = page with all samba-related parameters e.g. smbpassword
// quota = page with all quota-related parameters e.g. hard file quota
// personal = page with all personal-related parametergs, e.g. phone number
// final = last page shown before account is created/modified
// if account is modified commands might be ran are shown
// finish = page shown after account has been created/modified
switch ($_POST['select']) {
/* Select which part of page should be loaded and check values
* groups = page with all groups to which user is additional member
* workstations = page with all workstations the user is allowed to login
* general = startpage, general account paramters
* samba = page with all samba-related parameters e.g. smbpassword
* quota = page with all quota-related parameters e.g. hard file quota
* personal = page with all personal-related parametergs, e.g. phone number
* final = last page shown before account is created/modified
* finish = page shown after account has been created/modified
*/
case 'groups':
do { // X-Or, only one if() can be true
if (isset($_POST['allgroups']) && isset($_POST['add'])) { // Add users to list
// Add new user
if (isset($_POST['allgroups']) && isset($_POST['add'])) { // Add groups to list
// Add new group
$account_new->general_groupadd = @array_merge($account_new->general_groupadd, $_POST['allgroups']);
// remove doubles
$account_new->general_groupadd = @array_flip($account_new->general_groupadd);
array_unique($account_new->general_groupadd);
$account_new->general_groupadd = @array_flip($account_new->general_groupadd);
// sort user
// sort groups
sort($account_new->general_groupadd);
break;
}
if (isset($_POST['selectedgroups']) && isset($_POST['remove'])) { // remove users fromlist
if (isset($_POST['selectedgroups']) && isset($_POST['remove'])) { // remove groups from list
$account_new->general_groupadd = array_delete($_POST['selectedgroups'], $account_new->general_groupadd);
break;
}
} while(0);
// display group page
$select_local = 'groups';
break;
case 'workstations':
do { // X-Or, only one if() can be true
if (isset($_POST['hosts']) && isset($_POST['add'])) { // Add users to list
if (isset($_POST['hosts']) && isset($_POST['add'])) { // Add workstations to list
$temp = str_replace(' ', '', $account_new->smb_smbuserworkstations);
$workstations = explode (',', $temp);
for ($i=0; $i<count($workstations); $i++)
if ($workstations[$i]=='') unset($workstations[$i]);
$workstations = array_values($workstations);
// Add new hosts
// Add new // Add workstations
$workstations = array_merge($workstations, $_POST['hosts']);
// remove doubles
$workstations = array_flip($workstations);
array_unique($workstations);
$workstations = array_flip($workstations);
// sort user
// sort workstations
sort($workstations);
// Recreate workstation string
$account_new->smb_smbuserworkstations = $workstations[0];
for ($i=1; $i<count($workstations); $i++) {
$account_new->smb_smbuserworkstations = $account_new->smb_smbuserworkstations . ", " . $workstations[$i];
}
// display groupmembers page
break;
}
if (isset($_POST['members']) && isset($_POST['remove'])) { // remove users fromlist
if (isset($_POST['members']) && isset($_POST['remove'])) { // remove // Add workstations from list
// Put all workstations in array
$temp = str_replace(' ', '', $account_new->smb_smbuserworkstations);
$workstations = explode (',', $temp);
for ($i=0; $i<count($workstations); $i++)
if ($workstations[$i]=='') unset($workstations[$i]);
$workstations = array_values($workstations);
// Remove unwanted workstations from array
$workstations = array_delete($_POST['members'], $workstations);
// Recreate workstation string
$account_new->smb_smbuserworkstations = $workstations[0];
for ($i=1; $i<count($workstations); $i++) {
$account_new->smb_smbuserworkstations = $account_new->smb_smbuserworkstations . ", " . $workstations[$i];
@ -181,13 +198,12 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
break;
}
} while(0);
// display workstations page
$select_local = 'workstations';
break;
case 'general':
// Write all general values into $account_new if no profile should be loaded
if (!$_POST['load']) {
// Write all general values into $account_new if no profile should be loaded
$account_new->general_dn = $_POST['f_general_suffix'];
$account_new->general_username = $_POST['f_general_username'];
$account_new->general_surname = $_POST['f_general_surname'];
@ -197,14 +213,6 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$account_new->general_homedir = $_POST['f_general_homedir'];
$account_new->general_shell = $_POST['f_general_shell'];
$account_new->general_gecos = $_POST['f_general_gecos'];
// Check if Homedir is valid
$account_new->general_homedir = str_replace('$group', $account_new->general_group, $account_new->general_homedir);
if ($account_new->general_username != '')
$account_new->general_homedir = str_replace('$user', $account_new->general_username, $account_new->general_homedir);
if ($account_new->general_homedir != $_POST['f_general_homedir']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $account_new->general_homedir ))
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z]|[-]|[ ]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+$', $account_new->general_givenname)) $errors[] = array('ERROR', _('Given name'), _('Given name contains invalid characters'));
// Check if surname is valid
@ -234,10 +242,20 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$lastchar = substr($account_new->general_username, strlen($account_new->general_username)-1, 1);
// Last character is no number
if ( !ereg('^([0-9])+$', $lastchar))
/* Last character is no number. Therefore we only have to
* add "2" to it.
*/
$account_new->general_username = $account_new->general_username . '2';
else {
/* Last character is a number -> we have to increase the number until we've
* found a groupname with trailing number which is not in use.
*
* $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number
*/
$i=strlen($account_new->general_username)-1;
$mark = false;
// Set $i to the last character which is a number in $account_new->general_username
while (!$mark) {
if (ereg('^([0-9])+$',substr($account_new->general_username, $i, strlen($account_new->general_username)-$i))) $i--;
else $mark=true;
@ -245,23 +263,29 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
// increase last number with one
$firstchars = substr($account_new->general_username, 0, $i+1);
$lastchars = substr($account_new->general_username, $i+1, strlen($account_new->general_username)-$i);
// Put username together
$account_new->general_username = $firstchars . (intval($lastchars)+1);
}
}
// Show warning if lam has changed username
if ($account_new->general_username != $_POST['f_general_username']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
// Check if Homedir is valid
$account_new->general_homedir = str_replace('$group', $account_new->general_group, $account_new->general_homedir);
if ($account_new->general_username != '')
$account_new->general_homedir = str_replace('$user', $account_new->general_username, $account_new->general_homedir);
if ($account_new->general_homedir != $_POST['f_general_homedir']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $account_new->general_homedir ))
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$temp = explode(':', checkid($account_new, $account_old));
$account_new->general_uidNumber = $temp[0];
// true if checkid has returned an error
if ($temp[1]!='') $errors[] = explode(';',$temp[1]);
// Check if Name-length is OK. minLength=3, maxLength=20
if ( !ereg('.{3,20}', $account_new->general_username)) $errors[] = array('ERROR', _('Name'), _('Name must contain between 3 and 20 characters.'));
// Check if Name starts with letter
if ( !ereg('^([a-z]|[A-Z]).*$', $account_new->general_username))
$errors[] = array('ERROR', _('Name'), _('Name contains invalid characters. First character must be a letter'));
}
break;
case 'unix':
@ -292,26 +316,25 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
// Keep unix-page acitve
$select_local = 'unix';
}
// Check if values are OK and set automatic values. if not error-variable will be set
else { // account.inc
if ($account_new->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
}
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( !ereg('^([0-9])*$', $account_new->unix_pwdminage)) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
if ( $account_new->unix_pwdminage > $account_new->unix_pwdmaxage ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
if ( !ereg('^([0-9]*)$', $account_new->unix_pwdmaxage)) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
if ( !ereg('^(([-][1])|([0-9]*))$', $account_new->unix_pwdallowlogin))
$errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
if ( !ereg('^([0-9]*)$', $account_new->unix_pwdwarn)) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
if ((!$account_new->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $account_new->unix_host))
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
// Check if values are OK and set automatic values. if not error-variable will be set
else { // account.inc
if ($account_new->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
}
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( !ereg('^([0-9])*$', $account_new->unix_pwdminage)) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
if ( $account_new->unix_pwdminage > $account_new->unix_pwdmaxage ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
if ( !ereg('^([0-9]*)$', $account_new->unix_pwdmaxage)) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must be are natural number.'));
if ( !ereg('^(([-][1])|([0-9]*))$', $account_new->unix_pwdallowlogin))
$errors[] = array('ERROR', _('Password Expire'), _('Password expire must be are natural number or -1.'));
if ( !ereg('^([0-9]*)$', $account_new->unix_pwdwarn)) $errors[] = array('ERROR', _('Password warn'), _('Password warn must be are natural number.'));
if ((!$account_new->unix_host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $account_new->unix_host))
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
}
break;
case 'samba':
// Write all general values into $account_new
@ -328,26 +351,19 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$account_new->smb_smbhome = stripslashes($_POST['f_smb_smbhome']);
$account_new->smb_profilePath = stripslashes($_POST['f_smb_profilePath']);
$account_new->smb_displayName = $_POST['f_smb_displayName'];
if ($_POST['f_smb_flagsW']) $account_new->smb_flagsW = true;
else $account_new->smb_flagsW = false;
if ($_POST['f_smb_flagsD']) $account_new->smb_flagsD = true;
else $account_new->smb_flagsD = false;
if ($_POST['f_smb_flagsX']) $account_new->smb_flagsX = true;
else $account_new->smb_flagsX = false;
if ($config_intern->is_samba3()) {
// samba 3 uses object with SID and domainname
$samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix());
for ($i=0; $i<sizeof($samba3domains); $i++)
if ($_POST['f_smb_domain'] == $samba3domains[$i]->name) {
$account_new->smb_domain = $samba3domains[$i];
}
}
else {
if (isset($_POST['f_smb_domain'])) $account_new->smb_domain = $_POST['f_smb_domain'];
else $account_new->smb_domain = '';
}
if ($config_intern->is_samba3())
// Check if user is member of a well known windows group
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $account_new->smb_mapgroup = $account_new->smb_domain->SID . "-" . '514'; break;
case '*'._('Domain Users'): $account_new->smb_mapgroup = $account_new->smb_domain->SID . "-" . '513'; break;
@ -357,7 +373,12 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
(2 * getgid($account_new->general_group) + $account_new->smb_domain->RIDbase +1);
break;
}
else
}
else {
// samba 2.2 only uses a string as domainname
if (isset($_POST['f_smb_domain'])) $account_new->smb_domain = $_POST['f_smb_domain'];
else $account_new->smb_domain = '';
// Check if user is member of a well known windows group
switch ($_POST['f_smb_mapgroup']) {
case '*'._('Domain Guests'): $account_new->smb_mapgroup = '514'; break;
case '*'._('Domain Users'): $account_new->smb_mapgroup = '513'; break;
@ -366,30 +387,27 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$account_new->smb_mapgroup = (2 * getgid($account_new->general_group) + 1001);
break;
}
}
// Set samba password
$smb_password = $_POST['f_smb_password'];
// Decrypt unix-password if needed password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ( ($account_new->smb_useunixpwd && !$account_old) || ($account_new->smb_useunixpwd && $account_new->unix_password!='') ) {
$smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$smb_password = str_replace(chr(00), '', $smb_password);
// Set Samba-Password to unix-password if option is set
$unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$smb_password = str_replace(chr(00), '', $unix_password);
}
// Check values
$account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath);
$account_new->smb_scriptPath = str_replace('$group', $account_new->general_group, $account_new->smb_scriptPath);
if ($account_new->smb_scriptPath != $_POST['f_smb_scriptpath']) $errors[] = array('INFO', _('Script path'), _('Inserted user- or groupname in scriptpath.'));
$account_new->smb_profilePath = str_replace('$user', $account_new->general_username, $account_new->smb_profilePath);
$account_new->smb_profilePath = str_replace('$group', $account_new->general_group, $account_new->smb_profilePath);
if ($account_new->smb_profilePath != stripslashes($_POST['f_smb_profilePath'])) $errors[] = array('INFO', _('Profile path'), _('Inserted user- or groupname in profilepath.'));
$account_new->smb_smbhome = str_replace('$user', $account_new->general_username, $account_new->smb_smbhome);
$account_new->smb_smbhome = str_replace('$group', $account_new->general_group, $account_new->smb_smbhome);
if ($account_new->smb_smbhome != stripslashes($_POST['f_smb_smbhome'])) $errors[] = array('INFO', _('Home path'), _('Inserted user- or groupname in HomePath.'));
if ( (!$account_new->smb_smbhome=='') && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-]|[%]|[ä]|[Ä]|[ö]|[Ö]|[ü]|[Ü]|[ß])+)+$', $account_new->smb_smbhome)))
$errors[] = array('ERROR', _('Home path'), _('Home path is invalid.'));
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$',
@ -403,12 +421,10 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
if ((!$account_new->smb_domain=='') && (!is_object($account_new->smb_domain)) && !ereg('^([a-z]|[A-Z]|[0-9]|[-])+$', $account_new->smb_domain))
$errors[] = array('ERROR', _('Domain name'), _('Domain name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.'));
if ($account_new->smb_useunixpwd) $account_new->smb_useunixpwd = 1; else $account_new->smb_useunixpwd = 0;
if (($account_new->smb_displayName=='') && isset($account_new->general_gecos)) {
$account_new->smb_displayName = $account_new->general_gecos;
$errors[] = array('INFO', _('Display name'), _('Inserted gecos-field as display name.'));
}
if ($smb_password!='') {
// Encrypt password
$account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $smb_password,
@ -419,6 +435,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
case 'quota':
// Write all general values into $account_new
$i=0;
// loop for every mointpoint with quotas
while ($account_new->quota[$i][0]) {
$account_new->quota[$i][2] = $_POST['f_quota_'.$i.'_2'];
$account_new->quota[$i][3] = $_POST['f_quota_'.$i.'_3'];
@ -436,7 +453,6 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
$i++;
}
break;
case 'personal':
// Write all general values into $account_new
$account_new->personal_title = $_POST['f_personal_title'];
@ -459,16 +475,13 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
if ( !ereg('^([0-9]|[A-Z]|[a-z]|[ ]|[.]|[Ä]|[ä]|[Ö]|[ö]|[Ü]|[ü]|[ß])*$', $account_new->personal_employeeType)) $errors[] = array('ERROR', _('Employee type'), _('Please enter a valid employee type!'));
if ( !ereg('^([0-9]|[A-Z]|[a-z])*$', $account_new->personal_postalCode)) $errors[] = array('ERROR', _('Postal code'), _('Please enter a valid postal code!'));
break;
case 'final':
// Write all general values into $account_new
if ($_POST['f_final_changegids']) $final_changegids = $_POST['f_final_changegids'] ;
// Check which part Site should be displayed next
break;
case 'finish':
// Check if pdf-file should be created
if ($_POST['outputpdf']) {
// Quota Settings
// Load quotas if not yet done because they are needed for the pdf-file
if ($config_intern->scriptServer && !isset($account_new->quota[0])) { // load quotas
$values = getquotas('user', $account_old->general_username);
if (is_object($values)) {
@ -480,7 +493,9 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
if (isset($val)) $account_old->$key = $val;
}
}
createUserPDF(array($account_new));
// Create / display PDf-file
createUSerPDF(array($account_new));
// Stop script
die;
}
break;
@ -490,50 +505,96 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
do { // X-Or, only one if() can be true
if ($_POST['next_general']) {
// Go from general to next page if no error did ocour
if (!is_array($errors)) $select_local='general';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_unix']) {
// Go from unix to next page if no error did ocour
if (!is_array($errors)) $select_local='unix';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_samba']) {
// Go from samba to next page if no error did ocour
if (!is_array($errors)) $select_local='samba';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_quota']) {
// Go from quota to next page if no error did ocour
if (!is_array($errors)) $select_local='quota';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_personal']) {
// Go from personal to next page if no error did ocour
if (!is_array($errors)) $select_local='personal';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_final']) {
// Go from final to next page if no error did ocour
if (($account_old) && ($account_new->general_uidNumber != $account_old->general_uidNumber))
$errors[] = array('INFO', _('UID-number has changed. You have to run the following command as root in order to change existing file-permissions:'),
'find / -gid ' . $account_old->general_uidNumber . ' -exec chown ' . $account_new->general_uidNumber . ' {} \;');
if (($account_old) && ($account_new->general_group != $account_old->general_group))
$errors[] = array('INFO', _('Primary group has changed. You have to run the following command as root in order to change existing file-permissions:'),
'find / -uid ' . $account_new->general_uidNumber . ' -gid ' . getgid($account_old->general_group) .' -exec chown ' . $account_new->general_uidNumber . ':'.getgid($account_new->general_group). ' {} \;');
if (($account_old) && ($account_new->general_homedir != $account_old->general_homedir))
$errors[] = array('INFO', _('Home Directory has changed. You have to run the following command as root in order to change the existing homedirectory:'),
'mv ' . $account_old->general_homedir . ' ' . $account_new->general_homedir);
if ($config_intern->is_samba3() && !isset($account_new->smb_domain))
// Samba page not viewed; can not create user because if missing options
$errors[] = array("ERROR", _("Samba Options not set!"), _("Please check settings on samba page."));
else {
$found = false;
if (strstr($account_new->smb_scriptPath, '$group')) $found = true;
if (strstr($account_new->smb_scriptPath, '$user')) $found = true;
if (strstr($account_new->smb_profilePath, '$group')) $found = true;
if (strstr($account_new->smb_profilePath, '$user')) $found = true;
if (strstr($account_new->smb_smbhome, '$group')) $found = true;
if (strstr($account_new->smb_smbhome, '$user')) $found = true;
if ($found)
// Samba page not viewed; can not create group because if missing options
$errors[] = array("ERROR", _("Samba Options not set!"), _("Please check settings on samba page."));
}
if (isset($account_old->general_objectClass)) {
if (!in_array('posixAccount', $account_old->general_objectClass))
$errors[] = array('WARN', _('ObjectClass posixAccount not found.'), _('Have to add objectClass posixAccount.'));
if (!in_array('shadowAccount', $account_old->general_objectClass))
$errors[] = array('WARN', _('ObjectClass shadowAccount.'), _('Have to add objectClass shadowAccount.'));
if ($config_intern->is_samba3()) {
if (!in_array('sambaSamAccount', $account_old->general_objectClass))
$errors[] = array('WARN', _('ObjectClass sambaSamAccount not found.'), _('Have to add objectClass sambaSamAccount. USer with sambaAccount will be updated.'));
}
else {
if (!in_array('sambaAccount', $account_old->general_objectClass))
$errors[] = array('WARN', _('ObjectClass sambaAccount not found.'), _('Have to add objectClass sambaAccount. User with sambaSamAccount will be set back to sambaAccount.'));
}
}
if (!is_array($errors)) $select_local='final';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_workstations']) {
// Go from workstations to next page if no error did ocour
if (!is_array($errors)) $select_local='workstations';
else $select_local=$_POST['select'];
break;
}
if ($_POST['next_groups']) {
// Go from groups to next page if no error did ocour
if (!is_array($errors)) $select_local='groups';
else $select_local=$_POST['select'];
break;
}
// Reset account to original settings if undo-button was pressed
if ($_POST['next_reset']) {
$account_new = $account_old;
$account_new->unix_password='';
$account_new->smb_password='';
$account_new->smb_flagsW = 0;
$account_new->general_dn = substr($account_new->general_dn, strpos($account_new->general_dn, ',')+1);
$select_local = $_POST['select'];
break;
@ -542,19 +603,22 @@ do { // X-Or, only one if() can be true
// Create or modify an account
if ($account_old) $result = modifyuser($account_new,$account_old);
else $result = createuser($account_new); // account.inc
if ( $result==1 || $result==3 ) $select_local = 'finish';
else $select_local = 'final';
if ( $result==4 || $result==5 ) $select_local = 'final';
else $select_local = 'finish';
break;
}
// Load Profile and reset all attributes to settings in profile
if ($_POST['createagain']) {
$select_local='general';
unset ($_SESSION['account_'.$varkey.'_account_new']);
unset($account_new);
$account_new = loadUserProfile('default');
$_SESSION['account_'.$varkey.'_account_new'] = loadUserProfile('default');
$account_new =& $_SESSION['account_'.$varkey.'_account_new'];
$account_new ->type = 'user';
break;
}
// Load Profile and reset all attributes to settings in profile
if ($_POST['load']) {
// load profile
$account_new->general_dn = $_POST['f_general_suffix'];
$account_new->general_username = $_POST['f_general_username'];
$account_new->general_surname = $_POST['f_general_surname'];
@ -578,27 +642,28 @@ do { // X-Or, only one if() can be true
$account_new->smb_scriptPath = str_replace('$group', $account_new->general_group, $account_new->smb_scriptPath);
if ($account_new->general_username != '')
$account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath);
$account_new->smb_profilePath = str_replace('$group', $account_new->general_group, $account_new->smb_profilePath);
if ($account_new->general_username != '')
$account_new->smb_profilePath = str_replace('$user', $account_new->general_username, $account_new->smb_profilePath);
$account_new->smb_smbhome = str_replace('$group', $account_new->general_group, $account_new->smb_smbhome);
if ($account_new->general_username != '')
$account_new->smb_smbhome = str_replace('$user', $account_new->general_username, $account_new->smb_smbhome);
if ($config_intern->scriptServer) {
// load quotas from profile and check if they are valid
$values = getquotas('user', $account_old->general_username);
if (isset($account_new->quota[0])) { // check quotas from profile
// load quotas and check if quotas from profile are valid
$values = getquotas('user');
if (isset($account_new->quota[0])) {
// check quotas from profile
$i=0;
// check quota settings
// check quota settings, loop for every partition with quotas
while (isset($account_new->quota[$i])) {
// search if quotas from profile fit to a real quota
$found = (-1);
for ($j=0; $j<count($values->quota); $j++)
if ($values->quota[$j][0]==$account_new->quota[$i][0]) $found = $j;
// unset quota from profile if quotas (mointpoint) doesn't exists anymore
if ($found==-1) unset($account_new->quota[$i]);
else {
// Set missing part in quota-array
$account_new->quota[$i][1] = $values->quota[$found][1];
$account_new->quota[$i][5] = $values->quota[$found][5];
$account_new->quota[$i][4] = $values->quota[$found][4];
@ -606,27 +671,35 @@ do { // X-Or, only one if() can be true
$i++;
}
}
// Beautify array, repair index
$account_new->quota = array_values($account_new->quota);
}
else { // No quotas saved in profile
// Display quotas for new users (Quota set to 0)
if (is_object($values)) {
while (list($key, $val) = each($values)) // Set only defined values
if (isset($val)) $account_new->$key = $val;
}
}
$account_old->quota = $values->quota;
}
// select general page after group has been loaded
$select_local='general';
break;
}
// Save Profile
if ($_POST['save']) {
// save profile
saveUserProfile($account_new, $_POST['f_finish_safeProfile']);
if ($_POST['f_finish_safeProfile']=='')
$errors[] = array('ERROR', _('Save profile'), _('No profilename given.'));
else {
saveUSerProfile($account_new, $_POST['f_finish_safeProfile']);
$errors[] = array('INFO', _('Save profile'), _('New profile created.'));
}
// select last page displayed before user is created
$select_local='final';
break;
}
// Go back to listgroups.php
if ($_POST['backmain']) {
if (isset($_SESSION['account_'.$varkey.'_account_new'])) unset($_SESSION['account_'.$varkey.'_account_new']);
if (isset($_SESSION['account_'.$varkey.'_account_old'])) unset($_SESSION['account_'.$varkey.'_account_old']);
@ -636,7 +709,6 @@ do { // X-Or, only one if() can be true
die;
break;
}
if (!$select_local) $select_local='general';
} while(0);
@ -652,31 +724,38 @@ echo "</title>\n".
"<form action=\"useredit.php\" method=\"post\">\n".
"<input name=\"varkey\" type=\"hidden\" value=\"".$varkey."\">\n";
// Display errir-messages
if (is_array($errors))
for ($i=0; $i<sizeof($errors); $i++) StatusMessage($errors[$i][0], $errors[$i][1], $errors[$i][2]);
// print_r($account_new);
// print_r($_POST);
switch ($select_local) { // Select which part of page will be loaded
// general = startpage, general account paramters
// unix = page with all shadow-options and password
// samba = page with all samba-related parameters e.g. smbpassword
// quota = page with all quota-related parameters e.g. hard file quota
// personal = page with all personal-related parametergs, e.g. phone number
// final = last page shown before account is created/modified
// if account is modified commands might be ran are shown
// finish = page shown after account has been created/modified
switch ($select_local) {
/* Select which part of page should be loaded and check values
* groups = page with all groups to which user is additional member
* workstations = page with all workstations the user is allowed to login
* general = startpage, general account paramters
* samba = page with all samba-related parameters e.g. smbpassword
* quota = page with all quota-related parameters e.g. hard file quota
* personal = page with all personal-related parametergs, e.g. phone number
* final = last page shown before account is created/modified
* finish = page shown after account has been created/modified
*/
case 'workstations':
// Validate cache-array
ldapreload('host');
// Get copy of cache-array
$temp2 = $hostDN_intern;
// unset timestamp stored in $temp2[0]
unset($temp2[0]);
// Remove $ from workstations
foreach ($temp2 as $temp) $hosts[] = str_replace("$", '',$temp['cn']);
// sort workstations
sort($hosts, SORT_STRING);
// get workstation array
$temp = str_replace(' ', '', $account_new->smb_smbuserworkstations);
$workstations = explode (',', $temp);
// Remove workstations to which the user is allowed to login from array
$hosts = array_delete($workstations, $hosts);
echo '<input name="select" type="hidden" value="workstations">';
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
@ -706,6 +785,7 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<fieldset class=\"useredit-bright\"><legend class=\"useredit-bright\">";
echo _("Allowed workstations");
echo "</legend>\n";
// display all workstations the user is allowed to login
if (count($workstations)!=0) {
echo "<select name=\"members[]\" class=\"useredit-bright\" size=15 multiple>\n";
for ($i=0; $i<count($workstations); $i++)
@ -720,6 +800,7 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<td valign=\"top\"><fieldset class=\"useredit-bright\"><legend class=\"useredit-bright\">";
echo _('Available workstations');
echo "</legend>\n";
// Display all workstations without these the user is allowed to login
if (count($hosts)!=0) {
echo "<select name=\"hosts[]\" size=15 multiple class=\"useredit-bright\">\n";
foreach ($hosts as $temp) echo " <option>$temp</option>\n";
@ -729,18 +810,23 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<input name=\"next_samba\" type=\"submit\" value=\""; echo _('Back'); echo "\">\n";
echo "</fieldset></td></tr></table>\n</td></tr>\n</table>\n";
break;
case 'groups':
// Validate cache-array
ldapreload('group');
// Get copy of cache-array
$temp2 = $groupDN_intern;
// unset timestamp stored in $temp2[0]
unset($temp2[0]);
// load list with all groups
foreach ($temp2 as $temp) $groups[] = $temp['cn'];
// sort groups
sort($groups, SORT_STRING);
// remove groups the user is member of from grouplist
$groups = array_delete($account_new->general_groupadd, $groups);
// Remove primary group from grouplist
$groups = array_flip($groups);
unset ($groups[$account_new->general_group]);
if (isset($groups[$account_new->general_group])) unset ($groups[$account_new->general_group]);
$groups = array_flip($groups);
echo '<input name="select" type="hidden" value="groups">';
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
echo "<table><tr><td><fieldset class=\"useredit-dark\"><legend class=\"useredit-bright\"><b>";
@ -769,6 +855,7 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<fieldset class=\"useredit-bright\"><legend class=\"useredit-bright\">";
echo _("Selected groups");
echo "</legend>\n";
// Show all groups the user is additional member of
if (count($account_new->general_groupadd)!=0) {
echo "<select name=\"selectedgroups[]\" class=\"useredit-bright\" size=15 multiple>\n";
for ($i=0; $i<count($account_new->general_groupadd); $i++)
@ -783,6 +870,7 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<td valign=\"top\"><fieldset class=\"useredit-bright\"><legend class=\"useredit-bright\">";
echo _('Available groups');
echo "</legend>\n";
// show all groups expect these the user is member of
if (count($groups)!=0) {
echo "<select name=\"allgroups[]\" size=15 multiple class=\"useredit-bright\">\n";
foreach ($groups as $temp) {
@ -795,15 +883,12 @@ switch ($select_local) { // Select which part of page will be loaded
echo "<input name=\"next_general\" type=\"submit\" value=\""; echo _('Back'); echo "\">\n";
echo "</fieldset></td></tr></table>\n</td></tr>\n</table>\n";
break;
case 'general':
// General Account Settings
// load list of all groups
$groups = findgroups();
// load list of profiles
$profilelist = getUserProfiles();
// Show page info
// Show page info
echo '<input name="select" type="hidden" value="general">';
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
echo "<table><tr><td><fieldset class=\"useredit-dark\"><legend class=\"useredit-bright\"><b>";
@ -889,6 +974,7 @@ switch ($select_local) { // Select which part of page will be loaded
'<a href="../help.php?HelpNumber=405" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Suffix'); echo '</td><td><select name="f_general_suffix">';
// loop through all user suffixes
foreach ($ldap_intern->search_units($config_intern->get_UserSuffix()) as $suffix) {
if ($account_new->general_dn) {
if ($account_new->general_dn == $suffix)
@ -901,6 +987,7 @@ switch ($select_local) { // Select which part of page will be loaded
"</a></td>\n</tr>\n</table>";
echo _('Values with * are required');
echo "</fieldset>\n</td></tr><tr><td>";
// Show fieldset with list of all user profiles
if (count($profilelist)!=0) {
echo "<fieldset class=\"useredit-dark\"><legend class=\"useredit-bright\"><b>";
echo _("Load profile");
@ -913,7 +1000,6 @@ switch ($select_local) { // Select which part of page will be loaded
echo _('Help')."</a></td>\n</tr>\n</table>\n</fieldset>\n";
}
echo "</td></tr>\n</table>\n</td></tr></table>\n";
break;
case 'unix':
// Unix Password Settings
@ -925,6 +1011,7 @@ switch ($select_local) { // Select which part of page will be loaded
$password = str_replace(chr(00), '', $password);
}
else $password='';
// Use dd-mm-yyyy format of date because it's easier to read for humans
$date = getdate ($account_new->unix_pwdexpire);
echo "<input name=\"select\" type=\"hidden\" value=\"unix\">\n";
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
@ -1005,16 +1092,19 @@ switch ($select_local) { // Select which part of page will be loaded
if ($account_new->unix_deactivated) echo ' checked ';
echo '></td>'."\n".'<td>'.
'<a href="../help.php?HelpNumber=427" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Unix workstations');
echo '</td>'."\n".'<td><input name="f_unix_host" type="text" size="20" maxlength="80" value="' . $account_new->unix_host . '">'.
'</td>'."\n".'<td>'.
'<a href="../help.php?HelpNumber=466" target="lamhelp">'._('Help').
"</a></td>\n</tr>\n</table>";
'</td></tr>'."\n";
// show only hosts if schema does allow hosts
if ($_SESSION['ldap']->support_unix_hosts) {
echo '<tr><td>';
echo _('Unix workstations');
echo '</td>'."\n".'<td><input name="f_unix_host" type="text" size="20" maxlength="80" value="' . $account_new->unix_host . '">'.
'</td>'."\n".'<td>'.
'<a href="../help.php?HelpNumber=466" target="lamhelp">'._('Help').
"</a></td>\n</tr>\n";
}
echo "</table>\n";
echo _('Values with * are required');
echo "</fieldset>\n</td></tr></table></td></tr>\n</table>\n";
break;
case 'samba':
// Samba Settings
@ -1027,10 +1117,11 @@ switch ($select_local) { // Select which part of page will be loaded
}
else $password = "";
if ($config_intern->is_samba3()) $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix());
// Use dd-mm-yyyy format of date because it's easier to read for humans
$canchangedate = getdate($account_new->smb_pwdcanchange);
$mustchangedate = getdate($account_new->smb_pwdmustchange);
echo '<input name="select" type="hidden" value="samba">';
// Save all values smaller than "day" so we don't loose them
echo '<input name="f_smb_pwdcanchange_h" type="hidden" value="'.$canchangedate['hours'].'">'.
'<input name="f_smb_pwdcanchange_m" type="hidden" value="'.$canchangedate['minutes'].'">'.
'<input name="f_smb_pwdcanchange_s" type="hidden" value="'.$canchangedate['seconds'].'">'.
@ -1132,7 +1223,7 @@ switch ($select_local) { // Select which part of page will be loaded
'</td></tr>'."\n".'<tr><td>';
echo _('Home drive');
echo '</td>'."\n".'<td><select name="f_smb_homedrive" >';
for ($i=68; $i<91; $i++)
for ($i=90; $i>67; $i--)
if ($account_new->smb_homedrive== chr($i).':') echo '<option selected> '.chr($i).':</option>'; else echo '<option> '.chr($i).':</option>';
echo '</select></td>'."\n".'<td>'.
'<a href="../help.php?HelpNumber=433" target="lamhelp">'._('Help').'</a>'.
@ -1159,6 +1250,7 @@ switch ($select_local) { // Select which part of page will be loaded
'</td></tr>'."\n".'<tr><td>';
echo _('Windows groupname');
echo '</td>'."\n".'<td><select name="f_smb_mapgroup" >';
// Display if group SID should be mapped to a well kown SID
if ($config_intern->samba3=='yes') {
if ( $account_new->smb_mapgroup == $account_new->smb_domain->SID . "-".
(2 * getgid($account_new->general_group) + $values->smb_domain->RIDbase+1)) {
@ -1240,7 +1332,9 @@ switch ($select_local) { // Select which part of page will be loaded
'<a href="../help.php?HelpNumber=464" target="lamhelp">'._('Help').'</a>'.
'</td></tr>'."\n".'<tr><td>';
echo _('Domain');
// select which domain name should be displayed
if ($config_intern->is_samba3()) {
// samba 3 uses object to store SID and name of domain
echo '</td><td><select name="f_smb_domain">';
for ($i=0; $i<sizeof($samba3domains); $i++) {
if ($account_new->smb_domain->name) {
@ -1253,6 +1347,7 @@ switch ($select_local) { // Select which part of page will be loaded
echo '</select>';
}
else {
// Samba 2.2 just uses a string as domain name
echo '</td>'."\n".'<td><input name="f_smb_domain" type="text" size="20" maxlength="80" value="' . $account_new->smb_domain . '">';
}
echo '</td>'."\n".'<td><a href="../help.php?HelpNumber=438" target="lamhelp">'._('Help').'</a></td></tr>'."\n";
@ -1260,6 +1355,7 @@ switch ($select_local) { // Select which part of page will be loaded
break;
case 'quota':
// Quota Settings
// Load quotas if not yet done
if ($config_intern->scriptServer && !isset($account_new->quota[0])) { // load quotas
$values = getquotas('user', $account_old->general_username);
if (is_object($values)) {
@ -1303,6 +1399,7 @@ switch ($select_local) { // Select which part of page will be loaded
'<a href="../help.php?HelpNumber=445" target="lamhelp">'._('Help').'</a></td>'."\n".'<td><a href="../help.php?HelpNumber=446" target="lamhelp">'._('Help').'</a></td>'."\n".'<td>'.
'<a href="../help.php?HelpNumber=447" target="lamhelp">'._('Help').'</a></td></tr>'."\n";
$i=0;
// loop for every mointpoint with enabled quotas
while ($account_new->quota[$i][0]) {
echo '<tr><td>'.$account_new->quota[$i][0].'</td><td>'.$account_new->quota[$i][1].'</td>'; // used blocks
echo '<td><input name="f_quota_'.$i.'_2" type="text" size="12" maxlength="20" value="'.$account_new->quota[$i][2].'"></td>'; // blocks soft limit
@ -1316,7 +1413,6 @@ switch ($select_local) { // Select which part of page will be loaded
}
echo "</table>\n</fieldset>\n</td></tr></table></td></tr>\n</table>\n";
break;
case 'personal':
// Personal Settings
echo "<input name=\"select\" type=\"hidden\" value=\"personal\">\n";
@ -1399,12 +1495,6 @@ switch ($select_local) { // Select which part of page will be loaded
break;
case 'final':
// Final Settings
$disabled = "";
if ($config_intern->is_samba3()) {
if (!isset($account_new->smb_domain)) { // Samba page nit viewd; can not create group because if missing options
$disabled = "disabled";
}
}
echo '<input name="select" type="hidden" value="final">';
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
echo "<table><tr><td><fieldset class=\"useredit-dark\"><legend class=\"useredit-bright\"><b>";
@ -1440,76 +1530,7 @@ switch ($select_local) { // Select which part of page will be loaded
else echo _('Create');
echo "</b></legend>\n";
echo "<table border=0 width=\"100%\">";
if (($account_old) && ($account_new->general_uidNumber != $account_old->general_uidNumber)) {
echo '<tr>';
StatusMessage ('INFO', _('UID-number has changed. You have to run the following command as root in order to change existing file-permissions:'),
'find / -gid ' . $account_old->general_uidNumber . ' -exec chown ' . $account_new->general_uidNumber . ' {} \;');
echo '</tr>'."\n";
}
if (($account_old) && ($account_new->general_group != $account_old->general_group)) {
echo '<tr>';
StatusMessage ('INFO', _('Primary group has changed. You have to run the following command as root in order to change existing file-permissions:'),
'find / -uid ' . $account_new->general_uidNumber . ' -gid ' . getgid($account_old->general_group) .' -exec chown ' . $account_new->general_uidNumber . ':'.getgid($account_new->general_group). ' {} \;');
echo '</tr>'."\n";
}
if (($account_old) && ($account_new->general_homedir != $account_old->general_homedir)) {
echo '<tr>';
StatusMessage ('INFO', _('Home Directory has changed. You have to run the following command as root in order to change the existing homedirectory:'),
'mv ' . $account_old->general_homedir . ' ' . $account_new->general_homedir);
echo '</tr>'."\n";
}
if ($disabled=='disabled') { // Samba page nit viewd; can not create group because if missing options
echo "<tr>";
StatusMessage("ERROR", _("Samba Options not set!"), _("Please check settings on samba page."));
echo "</tr>";
}
else {
$found = false;
if (strstr($account_new->smb_scriptPath, '$group')) $found = true;
if (strstr($account_new->smb_scriptPath, '$user')) $found = true;
if (strstr($account_new->smb_profilePath, '$group')) $found = true;
if (strstr($account_new->smb_profilePath, '$user')) $found = true;
if (strstr($account_new->smb_smbhome, '$group')) $found = true;
if (strstr($account_new->smb_smbhome, '$user')) $found = true;
if ($found) { // Samba page nit viewd; can not create group because if missing options
$disabled = "disabled";
echo "<tr>";
StatusMessage("ERROR", _("Samba Options not set!"), _("Please check settings on samba page."));
echo "</tr>";
}
}
if (isset($account_old->general_objectClass)) {
if (!in_array('posixAccount', $account_old->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass posixAccount not found.'), _('Have to add objectClass posixAccount.'));
echo "</tr>\n";
}
if (!in_array('shadowAccount', $account_old->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass shadowAccount.'), _('Have to add objectClass shadowAccount.'));
echo "</tr>\n";
}
if ($config_intern->is_samba3()) {
if (!in_array('sambaSamAccount', $account_old->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass sambaSamAccount not found.'), _('Have to add objectClass sambaSamAccount. USer with sambaAccount will be updated.'));
echo "</tr>\n";
}}
else
if (!in_array('sambaAccount', $account_old->general_objectClass)) {
echo '<tr>';
StatusMessage('WARN', _('ObjectClass sambaAccount not found.'), _('Have to add objectClass sambaAccount. User with sambaSamAccount will be set back to sambaAccount.'));
echo "</tr>\n";
}
}
echo "<tr><td><input name=\"create\" $disabled type=\"submit\" value=\"";
echo "<tr><td><input name=\"create\" type=\"submit\" value=\"";
if ($account_old) echo _('Modify Account');
else echo _('Create Account');
echo '">'."\n";