' . _('Setting saved') . '
' .
'';
echo "type->getScope()."-bright\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
if (checkIfWriteAccessIsAllowed($this->type->getId())) {
echo "type->getScope() . "-bright\">\n";
$this->printCommonControls($tabindex);
echo " |
\n";
}
echo "type->getScope() . "-bright\" valign=\"top\">";
// print title bar
echo '';
echo ' ';
echo '';
echo $this->titleBarTitle;
echo ' | ';
echo '';
$group = new htmlGroup();
// suffix
$group->addElement(new htmlOutputText(_('Suffix')));
$group->addElement(new htmlSpacer('2px', null));
$suffixList = array();
foreach ($this->getOUs() as $suffix) {
$suffixList[getAbstractDN($suffix)] = $suffix;
}
if (!($this->dnSuffix == '') && !in_array($this->dnSuffix, $this->getOUs())) {
$suffixList[getAbstractDN($this->dnSuffix)] = $this->dnSuffix;
}
$selectedSuffix = array($this->dnSuffix);
$suffixSelect = new htmlSelect('accountContainerSuffix', $suffixList, $selectedSuffix);
$suffixSelect->setHasDescriptiveElements(true);
$suffixSelect->setRightToLeftTextDirection(true);
$group->addElement($suffixSelect);
$group->addElement(new htmlSpacer('10px', null));
// RDN selection
$group->addElement(new htmlOutputText(_('RDN identifier')));
$group->addElement(new htmlSpacer('2px', null));
$rdnlist = getRDNAttributes($this->type->getId());
$group->addElement(new htmlSelect('accountContainerRDN', $rdnlist, array($this->rdn)));
$group->addElement(new htmlHelpLink('301'));
parseHtml(null, $group, array(), true, $tabindex, $this->type->getScope());
echo ' | ';
echo '
';
if ($this->titleBarSubtitle != null) {
echo ' ';
echo $this->titleBarSubtitle;
echo ' ';
}
echo ' ';
echo '';
echo ' ';
echo '';
// tab menu
$this->printModuleTabs();
echo ' | ';
echo " \n";
// content area
// display html-code from modules
$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage));
$y = 5000;
parseHtml($this->order[$this->current_page], $return, array(), false, $y, $this->type->getScope());
echo " \n";
echo ' | ';
echo ' ';
echo ' ';
echo " \n";
echo " |
\n";
// Display rest of html-page
echo "
\n";
}
/**
* Prints the input fields of the central password service.
*/
private function printPasswordPromt() {
echo "\n";
echo '
';
$printContainer = false;
$container = new htmlTable();
// password fields
$container->addElement(new htmlOutputText(_('Password')));
$pwdInput1 = new htmlInputField('newPassword1');
$pwdInput1->setIsPassword(true, true);
$container->addElement($pwdInput1);
$container->addElement(new htmlHelpLink('404'), true);
$container->addElement(new htmlOutputText(_('Repeat password')));
$pwdInput2 = new htmlInputField('newPassword2');
$pwdInput2->setIsPassword(true);
$pwdInput2->setSameValueFieldID('newPassword1');
$container->addElement($pwdInput2, true);
// print force password change option
$forceChangeSupported = array();
foreach ($this->module as $name => $module) {
if (($module instanceof passwordService) && $module->supportsForcePasswordChange()) {
$forceChangeSupported[] = $module;
}
}
if (!empty($forceChangeSupported)) {
$container->addElement(new htmlOutputText(_('Force password change')));
$forcePwdGroup = new htmlGroup();
$forcePwdGroup->addElement(new htmlInputCheckbox('lamForcePasswordChange', false));
$forcePwdGroup->addElement(new htmlSpacer('1rem', null));
foreach ($forceChangeSupported as $module) {
$forcePwdGroup->addElement(new htmlImage('../../graphics/' . $module->getIcon(), '16px', '16px', $module->get_alias(), $module->get_alias()));
$forcePwdGroup->addElement(new htmlSpacer('0.1rem', null));
}
$container->addElement($forcePwdGroup);
$container->addElement(new htmlHelpLink('406'), true);
}
if (isLAMProVersion() && (isset($this->attributes_orig['mail'][0]) || $this->anyModuleManagesMail())) {
$pwdMailCheckbox = new htmlTableExtendedInputCheckbox('lamPasswordChangeSendMail', false, _('Send via mail'));
$pwdMailCheckbox->setTableRowsToShow(array('lamPasswordChangeSendMailAddress'));
$container->addElement($pwdMailCheckbox);
$container->addElement(new htmlHelpLink('407'), true);
if ($_SESSION['config']->getLamProMailAllowAlternateAddress() != 'false') {
$alternateMail = '';
$pwdResetModule = $this->getAccountModule('passwordSelfReset');
if (!empty($pwdResetModule)) {
$backupMail = $pwdResetModule->getBackupEmail();
if (!empty($backupMail)) {
$alternateMail = $pwdResetModule->getBackupEmail();
}
}
$container->addElement(new htmlTableExtendedInputField(_('Alternate recipient'), 'lamPasswordChangeSendMailAddress', $alternateMail, '410'));
}
}
$container->addElement(new htmlSpacer(null, '10px'), true);
// password modules
$moduleContainer = new htmlTable();
foreach ($this->module as $name => $module) {
if (($module instanceof passwordService) && $module->managesPasswordAttributes()) {
$printContainer = true;
$buttonImage = $module->getIcon();
if ($buttonImage != null) {
if (!(strpos($buttonImage, 'http') === 0) && !(strpos($buttonImage, '/') === 0)) {
$buttonImage = '../../graphics/' . $buttonImage;
}
$moduleContainer->addElement(new htmlImage($buttonImage, null, null, getModuleAlias($name, $this->type->getScope())));
}
$moduleContainer->addElement(new htmlTableExtendedInputCheckbox('password_cb_' . $name, true, getModuleAlias($name, $this->type->getScope()), null, false));
$moduleContainer->addElement(new htmlSpacer('10px', null));
}
}
$moduleContainer->colspan = 5;
$container->addElement($moduleContainer, true);
// generate HTML
$tabindex = 2000;
if ($printContainer) {
parseHtml(null, $container, array(), false, $tabindex, $this->type->getScope());
}
echo "
\n";
}
/**
* Sets the new password in all selected account modules.
*
* @param array $input input parameters
*/
public function setNewPassword($input) {
$password1 = $input['password1'];
$password2 = $input['password2'];
$random = $input['random'];
$modules = $input['modules'];
for ($m = 0; $m < sizeof($modules); $m++) {
$modules[$m] = str_replace('password_cb_', '', $modules[$m]);
}
$return = array(
'messages' => '',
'errorsOccured' => 'false'
);
if ($random == 'true') {
$password1 = generateRandomPassword();
$return['messages'] .= StatusMessage('INFO', _('The password was set to:') . ' ' . htmlspecialchars($password1), '', array(), true);
}
else {
// check if passwords match
if ($password1 != $password2) {
$return['messages'] .= StatusMessage('ERROR', _('Passwords are different!'), '', array(), true);
$return['errorsOccured'] = 'true';
}
// check passsword stregth
$pwdPolicyResult = checkPasswordStrength($password1, null, null);
if ($pwdPolicyResult !== true) {
$return['messages'] .= StatusMessage('ERROR', $pwdPolicyResult, '', array(), true);
$return['errorsOccured'] = 'true';
}
}
$forcePasswordChange = false;
if (isset($input['forcePasswordChange']) && ($input['forcePasswordChange'] == 'true')) {
$forcePasswordChange = true;
}
$sendMail = false;
if (isset($input['sendMail']) && ($input['sendMail'] == 'true')) {
$sendMail = true;
}
$return['forcePasswordChange'] = $forcePasswordChange;
if ($return['errorsOccured'] == 'false') {
// set new password
foreach ($this->module as $name => $module) {
if ($module instanceof passwordService) {
$messages = $module->passwordChangeRequested($password1, $modules, $forcePasswordChange);
for ($m = 0; $m < sizeof($messages); $m++) {
if ($messages[$m][0] == 'ERROR') {
$return['errorsOccured'] = 'true';
}
if (sizeof($messages[$m]) == 2) {
$return['messages'] .= StatusMessage($messages[$m][0], $messages[$m][1], '', array(), true);
}
elseif (sizeof($messages[$m]) == 3) {
$return['messages'] .= StatusMessage($messages[$m][0], $messages[$m][1], $messages[$m][2], array(), true);
}
elseif (sizeof($messages[$m]) == 4) {
$return['messages'] .= StatusMessage($messages[$m][0], $messages[$m][1], $messages[$m][2], $messages[$m][3], true);
}
}
}
}
}
if (isLAMProVersion() && $sendMail) {
$this->sendPasswordViaMail = $password1;
if (($_SESSION['config']->getLamProMailAllowAlternateAddress() != 'false') && !empty($input['sendMailAlternateAddress'])) {
if (!get_preg($input['sendMailAlternateAddress'], 'email')) {
$return['messages'] .= StatusMessage('ERROR', _('Alternate recipient'), _('Please enter a valid email address!'), array(), true);
$return['errorsOccured'] = 'true';
}
$this->sendPasswordViaMailAlternateAddress = $input['sendMailAlternateAddress'];
}
}
if ($return['errorsOccured'] == 'false') {
$return['messages'] .= StatusMessage('INFO', _('The new password will be stored in the directory after you save this account.'), '', array(), true);
}
return $return;
}
/**
* Returns if any module manages the mail attribute.
*
* @return boolean mail is managed
*/
private function anyModuleManagesMail() {
foreach ($this->module as $mod) {
if (in_array('mail', $mod->getManagedAttributes($this->get_type()->getId()))) {
return true;
}
}
return false;
}
/**
* Prints common controls like the save button and the ou selection.
*
* @param int $tabindex tabindex for GUI elements
*/
private function printCommonControls(&$tabindex) {
$table = new htmlTable('100%');
$leftButtonGroup = new htmlGroup();
$leftButtonGroup->alignment = htmlElement::ALIGN_LEFT;
// save button
$saveButton = new htmlButton('accountContainerSaveAccount', _('Save'));
$saveButton->setIconClass('saveButton');
$leftButtonGroup->addElement($saveButton);
$leftButtonGroup->addElement(new htmlSpacer('1px', null));
// reset button
if (!$this->isNewAccount) {
$resetButton = new htmlButton('accountContainerReset', _('Reset changes'));
$resetButton->setIconClass('undoButton');
$leftButtonGroup->addElement($resetButton);
}
// set password button
if ($this->showSetPasswordButton()) {
$leftButtonGroup->addElement(new htmlSpacer('15px', null));
$passwordButton = new htmlButton('accountContainerPassword', _('Set password'));
$passwordButton->setIconClass('passwordButton');
$passwordButton->setOnClick('passwordShowChangeDialog(\'' . _('Set password') . '\', \'' . _('Ok') . '\', \''
. _('Cancel') . '\', \'' . _('Set random password') . '\', \'../misc/ajax.php?function=passwordChange\',\''
. getSecurityTokenName() . '\',\'' . getSecurityTokenValue() . '\');');
$leftButtonGroup->addElement($passwordButton);
}
$table->addElement($leftButtonGroup);
$rightGroup = new htmlGroup();
$rightGroup->alignment = htmlElement::ALIGN_RIGHT;
// profile selection
$profilelist = \LAM\PROFILES\getAccountProfiles($this->type->getId());
if (sizeof($profilelist) > 0) {
$rightGroup->addElement(new htmlSelect('accountContainerSelectLoadProfile', $profilelist, array($this->lastLoadedProfile)));
$profileButton = new htmlButton('accountContainerLoadProfile', _('Load profile'));
$profileButton->setIconClass('loadProfileButton');
if (!$this->isNewAccount) {
$profileButton->setType('submit');
$profileButton->setOnClick('confirmOrStopProcessing(\'' . _('This may overwrite existing values with profile data. Continue?') . '\', event);');
}
$rightGroup->addElement($profileButton);
$rightGroup->addElement(new htmlSpacer('1px', null));
$rightGroup->addElement(new htmlHelpLink('401'));
}
$table->addElement($rightGroup);
parseHtml(null, $table, array(), false, $tabindex, $this->type->getScope());
}
/**
* Returns if the page should show a button to set the password.
*
* @return boolean show or hide button
*/
private function showSetPasswordButton() {
foreach ($this->module as $name => $module) {
if (($module instanceof passwordService) && $module->managesPasswordAttributes()) {
return true;
}
}
return false;
}
/**
* Prints the header of the account pages.
*/
private function printPageHeader() {
if (!empty($_POST)) {
validateSecurityToken();
}
include '../main_header.php';
echo '';
echo "\n";
include '../main_footer.php';
}
/**
* Prints the HTML code to notify the user about the successful saving.
*
* @param array $messages array which contains status messages. Each entry is an array containing the status message parameters.
*/
private function printSuccessPage($messages) {
$this->printPageHeader();
// Show success message
if ($this->dn_orig == '') {
$text = _("Account was created successfully.");
}
else {
$text = _("Account was modified successfully.");
}
echo "type->getScope() . "-bright smallPaddingContent\">";
$container = new htmlTable();
// show messages
for ($i = 0; $i < sizeof($messages); $i++) {
if (sizeof($messages[$i]) == 2) {
$message = new htmlStatusMessage($messages[$i][0], $messages[$i][1]);
$message->colspan = 10;
$container->addElement($message, true);
}
else {
$message = new htmlStatusMessage($messages[$i][0], $messages[$i][1], $messages[$i][2]);
$message->colspan = 10;
$container->addElement($message, true);
}
}
$message = new htmlStatusMessage('INFO', _('LDAP operation successful.'), $text);
$message->colspan = 10;
$container->addElement($message, true);
$container->addElement(new htmlSpacer(null, '20px'), true);
$type = $this->type->getBaseType();
$buttonGroup = new htmlGroup();
if (checkIfNewEntriesAreAllowed($this->type->getId())) {
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
$createButton->setIconClass('createButton');
$buttonGroup->addElement($createButton);
$buttonGroup->addElement(new htmlSpacer('10px', null));
}
$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
$pdfButton->setIconClass('pdfButton');
$buttonGroup->addElement($pdfButton);
$buttonGroup->addElement(new htmlSpacer('10px', null));
$backToListButton = new htmlButton('accountContainerBackToList', $type->LABEL_BACK_TO_ACCOUNT_LIST);
$backToListButton->setIconClass('backButton');
$buttonGroup->addElement($backToListButton);
$buttonGroup->addElement(new htmlSpacer('10px', null));
$backToEditButton = new htmlButton('accountContainerBackToEdit', _('Edit again'));
$backToEditButton->setIconClass('editButton');
$buttonGroup->addElement($backToEditButton);
$container->addElement($buttonGroup, true);
$tabindex = 1;
parseHtml(null, $container, array(), false, $tabindex, $this->type->getScope());
echo "
\n";
$this->printPageFooter();
}
/**
* Checks if the user requested to load a profile.
*
* @return boolean true, if profile was loaded
*/
private function loadProfileIfRequested() {
if (isset($_POST['accountContainerLoadProfile']) && isset($_POST['accountContainerSelectLoadProfile'])) {
$profile = \LAM\PROFILES\loadAccountProfile($_POST['accountContainerSelectLoadProfile'], $this->type->getId());
$this->lastLoadedProfile = $_POST['accountContainerSelectLoadProfile'];
// pass profile to each module
$modules = array_keys($this->module);
foreach ($modules as $module) $this->module[$module]->load_profile($profile);
if (isset($profile['ldap_rdn'][0])) {
if (in_array($profile['ldap_rdn'][0], getRDNAttributes($this->type->getId()))) {
$this->rdn = $profile['ldap_rdn'][0];
}
}
if (isset($profile['ldap_suffix'][0]) && ($profile['ldap_suffix'][0] != '-')) {
$this->dnSuffix = $profile['ldap_suffix'][0];
}
return true;
}
return false;
}
/**
* Prints the HTML code of the module tabs.
*/
private function printModuleTabs() {
// $x is used to count up tabindex
$x=1;
echo '';
}
/**
* This function checks which LDAP attributes have changed while the account was edited.
*
* @param array $attributes list of current LDAP attributes
* @param array $orig list of old attributes when account was loaded
* @return array an array which can be passed to $this->saveAccount()
*/
function save_module_attributes($attributes, $orig) {
$return = array();
$toadd = array();
$tomodify = array();
$torem = array();
$notchanged = array();
// get list of all attributes
$attr_names = array_keys($attributes);
$orig_names = array_keys($orig);
// find deleted attributes (in $orig but no longer in $attributes)
foreach ($orig_names as $i => $value) {
if (!isset($attributes[$value])) {
$torem[$value] = $orig[$value];
}
}
// find changed attributes
foreach ($attr_names as $i => $name) {
// find deleted attributes
if (isset($orig[$name]) && is_array($orig[$name])) {
foreach ($orig[$name] as $j => $value) {
if (is_array($attributes[$name])) {
if (!in_array($value, $attributes[$name], true)) {
if (($value !== null) && ($value !== '')) {
$torem[$name][] = $value;
}
}
}
elseif (($value !== null) && ($value !== '')) {
$torem[$name][] = $value;
}
}
}
// find new attributes
if (isset($attributes[$name]) && is_array($attributes[$name])) {
foreach ($attributes[$name] as $j => $value) {
if (isset($orig[$name]) && is_array($orig[$name])) {
if (!in_array($value, $orig[$name], true))
if (($value !== null) && ($value !== '')) {
$toadd[$name][] = $value;
}
}
elseif (($value !== null) && ($value !== '')) {
$toadd[$name][] = $value;
}
}
}
// find unchanged attributes
if (isset($orig[$name]) && is_array($orig[$name]) && is_array($attributes[$name])) {
foreach ($attributes[$name] as $j => $value) {
if (($value !== null) && ($value !== '') && in_array($value, $orig[$name], true)) {
$notchanged[$name][] = $value;
}
}
}
}
// create modify with add and remove
$attributes2 = array_keys($toadd);
for ($i=0; $i 0) && (count($torem[$attributes2[$i]]) > 0)) {
// found attribute which should be modified
$tomodify[$attributes2[$i]] = $toadd[$attributes2[$i]];
// merge unchanged values
if (isset($notchanged[$attributes2[$i]])) {
$tomodify[$attributes2[$i]] = array_merge($tomodify[$attributes2[$i]], $notchanged[$attributes2[$i]]);
unset($notchanged[$attributes2[$i]]);
}
// remove old add and remove commands
unset($toadd[$attributes2[$i]]);
unset($torem[$attributes2[$i]]);
}
}
if (count($toadd) > 0) {
$return[$this->dn_orig]['add'] = $toadd;
}
if (count($torem) > 0) {
$return[$this->dn_orig]['remove'] = $torem;
}
if (count($tomodify) > 0) {
$return[$this->dn_orig]['modify'] = $tomodify;
}
if (count($notchanged) > 0) {
$return[$this->dn_orig]['notchanged'] = $notchanged;
}
return $return;
}
/**
* Loads an LDAP account with the given DN.
*
* @param string $dn the DN of the account
* @param array $infoAttributes list of additional informational attributes that are added to the LDAP attributes
* E.g. this is used to inject the clear text password in the file upload. Informational attribute names must start with "INFO.".
* @return array error messages
*/
function load_account($dn, $infoAttributes = array()) {
logNewMessage(LOG_DEBUG, "Edit account " . $dn);
$this->module = array();
$modules = $_SESSION['config']->get_AccountModules($this->type->getId());
$filter = 'objectClass=*';
$searchAttrs = array('*', '+');
foreach ($modules as $module) {
$modTmp = new $module($this->type->getScope());
$searchAttrs = array_merge($searchAttrs, $modTmp->getManagedHiddenAttributes($this->type->getId()));
}
$result = @ldap_read($_SESSION['ldap']->server(), escapeDN($dn), $filter, $searchAttrs, 0, 0, 0, LDAP_DEREF_NEVER);
if (!$result) {
return array(array("ERROR", _("Unable to load LDAP entry:") . " " . htmlspecialchars($dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())));
}
$entry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
if (!$entry) {
return array(array("ERROR", _("Unable to load LDAP entry:") . " " . htmlspecialchars($dn), getDefaultLDAPErrorString($_SESSION['ldap']->server())));
}
$this->dnSuffix = extractDNSuffix($dn);
$this->dn_orig = $dn;
// extract RDN
$this->rdn = extractRDNAttribute($dn);
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
$attr = array($attr);
cleanLDAPResult($attr);
$attr = $attr[0];
// fix spelling errors
$attr = $this->fixLDAPAttributes($attr, $modules);
// get binary attributes
$binaryAttr = array('jpegPhoto');
for ($i = 0; $i < sizeof($binaryAttr); $i++) {
if (isset($attr[$binaryAttr[$i]][0])) {
$binData = ldap_get_values_len($_SESSION['ldap']->server(), $entry, $binaryAttr[$i]);
unset($binData['count']);
$attr[$binaryAttr[$i]] = $binData;
}
}
// add informational attributes
$attr = array_merge($attr, $infoAttributes);
// save original attributes
$this->attributes_orig = $attr;
foreach ($modules as $module) {
if (!isset($this->module[$module])) {
$this->module[$module] = new $module($this->type->getScope());
$this->module[$module]->init($this->base);
}
$this->module[$module]->load_attributes($attr);
}
// sort module buttons
$this->sortModules();
// get titles
$typeObject = $this->type->getBaseType();
$this->titleBarTitle = $typeObject->getTitleBarTitle($this);
$this->titleBarSubtitle = $typeObject->getTitleBarSubtitle($this);
return array();
}
/**
* Fixes spelling errors in the attribute names.
*
* @param array $attributes LDAP attributes
* @param array $modules list of active modules
* @return array fixed attributes
*/
function fixLDAPAttributes($attributes, $modules) {
if (!is_array($attributes)) return $attributes;
$keys = array_keys($attributes);
// get correct object class names, aliases and attributes
$objectClasses = array();
$aliases = array();
$ldapAttributesTemp = array();
foreach ($modules as $module) {
$moduleObj = moduleCache::getModule($module, $this->type->getScope());
$objectClasses = array_merge($objectClasses, $moduleObj->getManagedObjectClasses($this->type->getId()));
$aliases = array_merge($aliases, $moduleObj->getLDAPAliases($this->type->getId()));
$ldapAttributesTemp = array_merge($ldapAttributesTemp, $moduleObj->getManagedAttributes($this->type->getId()));
}
// build lower case attribute names
$ldapAttributes = array();
for ($i = 0; $i < sizeof($ldapAttributesTemp); $i++) {
$ldapAttributes[strtolower($ldapAttributesTemp[$i])] = $ldapAttributesTemp[$i];
unset($ldapAttributes[$i]);
}
$ldapAttributesKeys = array_keys($ldapAttributes);
// convert alias names to lower case (for easier comparison)
$aliasKeys = array_keys($aliases);
for ($i = 0; $i < sizeof($aliasKeys); $i++) {
if ($aliasKeys[$i] != strtolower($aliasKeys[$i])) {
$aliases[strtolower($aliasKeys[$i])] = $aliases[$aliasKeys[$i]];
unset($aliases[$aliasKeys[$i]]);
$aliasKeys[$i] = strtolower($aliasKeys[$i]);
}
}
// fix object classes and attributes
for ($i = 0; $i < sizeof($keys); $i++) {
// check object classes
if (strtolower($keys[$i]) == 'objectclass') {
// fix object class attribute
if ($keys[$i] != 'objectClass') {
$temp = $attributes[$keys[$i]];
unset($attributes[$keys[$i]]);
$attributes['objectClass'] = $temp;
}
// fix object classes
for ($attrClass = 0; $attrClass < sizeof($attributes['objectClass']); $attrClass++) {
for ($modClass = 0; $modClass < sizeof($objectClasses); $modClass++) {
if (strtolower($attributes['objectClass'][$attrClass]) == strtolower($objectClasses[$modClass])) {
if ($attributes['objectClass'][$attrClass] != $objectClasses[$modClass]) {
unset($attributes['objectClass'][$attrClass]);
$attributes['objectClass'][] = $objectClasses[$modClass];
}
break;
}
}
}
}
else {
// fix aliases
if (in_array(strtolower($keys[$i]), $aliasKeys)) {
$attributes[$aliases[strtolower($keys[$i])]] = $attributes[$keys[$i]];
unset($attributes[$keys[$i]]);
}
// fix attribute names
elseif (in_array(strtolower($keys[$i]), $ldapAttributesKeys)) {
if ($keys[$i] != $ldapAttributes[strtolower($keys[$i])]) {
$attributes[$ldapAttributes[strtolower($keys[$i])]] = $attributes[$keys[$i]];
unset($attributes[$keys[$i]]);
}
}
}
}
return $attributes;
}
/**
* This function will prepare the object for a new account.
*/
public function new_account() {
logNewMessage(LOG_DEBUG, "New account with type " . $this->type->getId());
$this->isNewAccount = true;
$this->lastLoadedProfile = 'default';
$this->initModules();
// sort module buttons
$this->sortModules();
$profileName = 'default';
$profileCookieKey = 'defaultProfile_' . $this->get_type()->getId();
if (!empty($_COOKIE[$profileCookieKey])) {
$cookieProfileName = $_COOKIE[$profileCookieKey];
if (\LAM\PROFILES\profileExists($cookieProfileName, $this->get_type()->getId())) {
$profileName = $cookieProfileName;
$this->lastLoadedProfile = $cookieProfileName;
}
}
$profile = \LAM\PROFILES\loadAccountProfile($profileName, $this->type->getId());
// pass profile to each module
$modules = array_keys($this->module);
foreach ($modules as $module) $this->module[$module]->load_profile($profile);
if (isset($profile['ldap_rdn'][0])) {
if (in_array($profile['ldap_rdn'][0], getRDNAttributes($this->type->getId()))) {
$this->rdn = $profile['ldap_rdn'][0];
}
}
if (isset($profile['ldap_suffix'][0]) && ($profile['ldap_suffix'][0] != '-')) {
$this->dnSuffix = $profile['ldap_suffix'][0];
}
// get titles
$typeObject = $this->type->getBaseType();
$this->titleBarTitle = $typeObject->getTitleBarTitle($this);
$this->titleBarSubtitle = $typeObject->getTitleBarSubtitle($this);
return 0;
}
/**
* Creates the account modules and initializes them.
*/
public function initModules() {
$modules = $_SESSION['config']->get_AccountModules($this->type->getId());
foreach ($modules as $module) {
$this->module[$module] = new $module($this->type->getScope());
$this->module[$module]->init($this->base);
}
}
/**
* This function will save an account to the LDAP database.
*
* @return array list of status messages
*/
function save_account() {
if (!checkIfWriteAccessIsAllowed($this->type->getId())) {
die();
}
$this->finalDN = $this->dn_orig;
$errors = array();
$ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0];
$module = array_keys($this->module);
$attributes = array();
// load attributes
foreach ($module as $singlemodule) {
// load changes
$temp = $this->module[$singlemodule]->save_attributes();
if (!is_array($temp)) $temp = array();
// merge changes
$DNs = array_keys($temp);
if (is_array($temp)) $attributes = array_merge_recursive($temp, $attributes);
for ($i = 0; $i < count($DNs); $i++) {
$ops = array_keys($temp[$DNs[$i]]);
for ($j=0; $jdn_orig]['modify'][$this->rdn][0])) {
$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['modify'][$this->rdn][0]) . ',' . $this->dnSuffix;
if ($this->dn_orig != $this->finalDN) {
$attributes[$this->finalDN] = $attributes[$this->dn_orig];
unset($attributes[$this->dn_orig]);
}
}
elseif (isset($attributes[$this->dn_orig]['add'][$this->rdn][0])) {
$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['add'][$this->rdn][0]) . ',' . $this->dnSuffix;
if ($this->dn_orig != $this->finalDN) {
$attributes[$this->finalDN] = $attributes[$this->dn_orig];
unset($attributes[$this->dn_orig]);
}
}
elseif (isset($attributes[$this->dn_orig]['remove'][$this->rdn][0]) && isset($attributes[$this->dn_orig]['notchanged'][$this->rdn][0])) {
$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['notchanged'][$this->rdn][0]) . ',' . $this->dnSuffix;
if ($this->dn_orig != $this->finalDN) {
$attributes[$this->finalDN] = $attributes[$this->dn_orig];
unset($attributes[$this->dn_orig]);
}
}
elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->dn_orig)))) {
$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['notchanged'][$this->rdn][0]) . ',' . $this->dnSuffix;
$attributes[$this->finalDN] = $attributes[$this->dn_orig];
unset($attributes[$this->dn_orig]);
}
// remove pwdAccountLockedTime attribute change if also userPassword is changed (PPolicy will remove this attribute itself)
if (isset($attributes[$this->finalDN]['modify']['userPassword']) || isset($attributes[$this->finalDN]['remove']['userPassword'])) {
if (isset($attributes[$this->finalDN]['modify']['pwdAccountLockedTime'])) {
unset($attributes[$this->finalDN]['modify']['pwdAccountLockedTime']);
}
if (isset($attributes[$this->finalDN]['remove']['pwdAccountLockedTime'])) {
unset($attributes[$this->finalDN]['remove']['pwdAccountLockedTime']);
}
}
// pre modify actions
$prePostModifyAttributes = array();
if (isset($attributes[$this->finalDN]) && is_array($attributes[$this->finalDN])) {
if (isset($attributes[$this->finalDN]['notchanged'])) {
$prePostModifyAttributes = array_merge($prePostModifyAttributes, $attributes[$this->finalDN]['notchanged']);
}
if (isset($attributes[$this->finalDN]['modify'])) {
foreach ($attributes[$this->finalDN]['modify'] as $key => $value) {
$prePostModifyAttributes[$key] = &$attributes[$this->finalDN]['modify'][$key];
}
foreach ($attributes[$this->finalDN]['modify'] as $key => $value) {
$prePostModifyAttributes['MOD.' . $key] = $value;
}
}
if (isset($attributes[$this->finalDN]['add'])) {
foreach ($attributes[$this->finalDN]['add'] as $key => $value) {
$prePostModifyAttributes[$key] = &$attributes[$this->finalDN]['add'][$key];
}
foreach ($attributes[$this->finalDN]['add'] as $key => $value) {
$prePostModifyAttributes['NEW.' . $key] = $value;
}
}
if (isset($attributes[$this->finalDN]['remove'])) {
foreach ($attributes[$this->finalDN]['remove'] as $key => $value) {
$prePostModifyAttributes['DEL.' . $key] = $value;
}
}
if (isset($attributes[$this->finalDN]['info'])) {
foreach ($attributes[$this->finalDN]['info'] as $key => $value) {
$prePostModifyAttributes['INFO.' . $key] = $value;
}
}
}
if (!$this->isNewAccount) {
foreach ($this->attributes_orig as $key => $value) {
$prePostModifyAttributes['ORIG.' . $key] = $value;
}
$prePostModifyAttributes['ORIG.dn'][0] = $this->dn_orig;
}
$prePostModifyAttributes['dn'][0] = $this->finalDN;
if (!$this->isNewAccount && ($this->finalDN != $this->dn_orig)) {
$prePostModifyAttributes['MOD.dn'][0] = $this->finalDN;
}
logNewMessage(LOG_DEBUG, 'Edit page pre/postModify attributes: ' . print_r($prePostModifyAttributes, true));
$preModifyOk = true;
foreach ($module as $singlemodule) {
$preModifyMessages = $this->module[$singlemodule]->preModifyActions($this->isNewAccount, $prePostModifyAttributes);
$errors = array_merge($errors, $preModifyMessages);
for ($i = 0; $i < sizeof($preModifyMessages); $i++) {
if ($preModifyMessages[$i][0] == 'ERROR') {
$preModifyOk = false;
break;
}
}
}
if (!$preModifyOk) {
$errors[] = array('ERROR', _('The operation was stopped because of the above errors.'));
return $errors;
}
// Set to true if an real error has happened
$stopprocessing = false;
if (strtolower($this->finalDN) != strtolower($this->dn_orig)) {
// move existing DN
if ($this->dn_orig!='') {
$removeOldRDN = false;
if (isset($attributes[$this->finalDN]['modify'])) {
$attributes[$this->finalDN]['modify'] = array_change_key_case($attributes[$this->finalDN]['modify'], CASE_LOWER);
}
$rdnAttr = strtolower(extractRDNAttribute($this->finalDN));
if (isset($attributes[$this->finalDN]['modify'][$rdnAttr])
&& (sizeof($attributes[$this->finalDN]['modify'][$rdnAttr]) == 1)
&& ($attributes[$this->finalDN]['modify'][$rdnAttr][0] == extractRDNValue($this->finalDN))) {
// remove old RDN if attribute is single valued
$removeOldRDN = true;
unset($attributes[$this->finalDN]['modify'][extractRDNAttribute($this->finalDN)]);
}
if (isset($attributes[$this->finalDN]['notchanged'][$rdnAttr])
&& !(isset($attributes[$this->finalDN]['add'][$rdnAttr]) || isset($attributes[$this->finalDN]['modify'][$rdnAttr]) || isset($attributes[$this->finalDN]['remove'][$rdnAttr]))) {
// fix for AD which requires to remove RDN even if not changed
$removeOldRDN = true;
}
logNewMessage(LOG_DEBUG, 'Rename ' . $this->dn_orig . ' to ' . $this->finalDN);
$success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN);
if ($success) {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN);
// do not add attribute value as new one if added via rename operation
if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) {
$attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]);
if (empty($attributes[$this->finalDN]['add'][$rdnAttr])) {
unset($attributes[$this->finalDN]['add'][$rdnAttr]);
}
}
}
else {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to rename DN: %s.'), $this->dn_orig), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true;
}
}
// create complete new dn
else {
$attr = array();
if (isset($attributes[$this->finalDN]['add']) && is_array($attributes[$this->finalDN]['add'])) {
$attr = array_merge_recursive($attr, $attributes[$this->finalDN]['add']);
}
if (isset($attributes[$this->finalDN]['notchanged']) && is_array($attributes[$this->finalDN]['notchanged'])) {
$attr = array_merge_recursive($attr, $attributes[$this->finalDN]['notchanged']);
}
if (isset($attributes[$this->finalDN]['modify']) && is_array($attributes[$this->finalDN]['modify'])) {
$attr = array_merge_recursive($attr, $attributes[$this->finalDN]['modify']);
}
$success = @ldap_add($_SESSION['ldap']->server(), $this->finalDN, $attr);
if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to create DN: ' . $this->finalDN . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to create DN: %s.'), $this->finalDN), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true;
}
else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Created DN: ' . $this->finalDN);
}
unset($attributes[$this->finalDN]);
}
}
$DNs = array_keys($attributes);
for ($i=0; $iserver(), $DNs[$i], $attributes[$DNs[$i]]['modify']);
if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true;
}
else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]);
// check if the password of the currently logged in user was changed
$lamAdmin = $_SESSION['ldap']->decrypt_login();
if ((strtolower($DNs[$i]) == strtolower($lamAdmin[0])) && isset($attributes[$DNs[$i]]['info']['userPasswordClearText'][0])) {
$_SESSION['ldap']->encrypt_login($DNs[$i], $attributes[$DNs[$i]]['info']['userPasswordClearText'][0]);
}
}
}
// add attributes
if (!empty($attributes[$DNs[$i]]['add']) && !$stopprocessing) {
$success = @ldap_mod_add($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['add']);
if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add attributes to DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true;
}
else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]);
}
}
// remove attributes
if (!empty($attributes[$DNs[$i]]['remove']) && !$stopprocessing) {
$success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
if (!$success) {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete attributes from DN: ' . $DNs[$i] . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
. getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
$errors[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $DNs[$i]), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
$stopprocessing = true;
}
else {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Modified DN: ' . $DNs[$i]);
}
}
}
}
// send password mail
if (!$stopprocessing && isLAMProVersion() && ($this->sendPasswordViaMail != null)) {
$mailMessages = sendPasswordMail($this->sendPasswordViaMail, $prePostModifyAttributes, $this->sendPasswordViaMailAlternateAddress);
if (sizeof($mailMessages) > 0) {
$errors = array_merge($errors, $mailMessages);
}
$this->sendPasswordViaMail = null;
$this->sendPasswordViaMailAlternateAddress = null;
}
if (!$stopprocessing) {
// post modify actions
foreach ($module as $singlemodule) {
$postMessages = $this->module[$singlemodule]->postModifyActions($this->isNewAccount, $prePostModifyAttributes);
$errors = array_merge($errors, $postMessages);
}
}
return $errors;
}
/**
* Defines if the LDAP entry has only virtual child entries. This is the case for e.g. LDAP views.
*
* @return boolean has only virtual children
*/
public function hasOnlyVirtualChildren() {
foreach ($this->module as $module) {
if ($module->hasOnlyVirtualChildren()) {
return true;
}
}
return false;
}
/**
* Returns a list of possible PDF entries for this account.
*
* @param array $pdfKeys list of PDF keys that are included in document
* @param string $typeId type id (user, group, host)
* @return PDFEntry[] list of key => PDFEntry
*/
function get_pdfEntries($pdfKeys, $typeId) {
$return = array();
while(($current = current($this->module)) != null) {
$return = array_merge($return,$current->get_pdfEntries($pdfKeys, $typeId));
next($this->module);
}
$dn = $this->dn_orig;
if (isset($this->finalDN)) {
$dn = $this->finalDN;
}
$return = array_merge($return,array('main_dn' => array(new \LAM\PDF\PDFLabelValue(_('DN'), $dn))));
return $return;
}
/**
* Sorts the module buttons for the account page.
*/
function sortModules() {
$order = array();
$modules = array_keys($this->module);
$depModules = array();
if (isset($this->order)) {
$currentPage = $this->order[$this->current_page];
}
for ($i = 0; $i < sizeof($modules); $i++) {
// insert waiting modules
for ($w = 0; $w < sizeof($depModules); $w++) {
$dependencies = $this->module[$depModules[$w]]->get_dependencies($this->type->getScope());
$dependencies = $dependencies['depends'];
$everything_found = true;
for ($d = 0; $d < sizeof($dependencies); $d++) {
if (!in_array($dependencies[$d], $order)) {
$everything_found = false;
break;
}
}
// inser after depending module
if ($everything_found) {
$order[] = $depModules[$w];
unset($depModules[$w]);
$depModules = array_values($depModules);
$w--;
}
}
// check next module
$dependencies = $this->module[$modules[$i]]->get_dependencies($this->type->getScope());
if (is_array($dependencies['depends'])) {
$everything_found = true;
$dependencies = $dependencies['depends'];
for ($d = 0; $d < sizeof($dependencies); $d++) {
if (is_array($dependencies[$d])) { // or-combined dependencies
$noneFound = true;
foreach ($dependencies[$d] as $or) {
if (in_array($or, $order)) {
$noneFound = false;
break;
}
}
if ($noneFound) {
$everything_found = false;
break;
}
}
elseif (!in_array($dependencies[$d], $order)) { // single dependency
$everything_found = false;
break;
}
}
// remove module if dependencies are not satisfied
if (!$everything_found) {
$depModules[] = $modules[$i];
unset($modules[$i]);
$modules = array_values($modules);
$i--;
}
else {
$order[] = $modules[$i];
}
}
else {
$order[] = $modules[$i];
}
}
// add modules which could not be sorted (e.g. because of cyclic dependencies)
if (sizeof($depModules) > 0) {
for ($i = 0; $i < sizeof($depModules); $i++) $order[] = $depModules[$i];
}
// move disabled modules to end
$activeModules = array();
$passiveModules = array();
for ($i = 0; $i < sizeof($order); $i++) {
if ($this->module[$order[$i]]->getButtonStatus() == 'enabled') {
$activeModules[] = $order[$i];
}
else {
$passiveModules[] = $order[$i];
}
}
$this->order = array_merge($activeModules, $passiveModules);
// check if ordering changed and current page number must be updated
if (isset($currentPage) && ($currentPage != $this->order[$this->current_page])) {
$this->current_page = array_search($currentPage, $this->order);
}
}
/**
* Returns the RDN part of a given DN.
*
* @param String $dn DN
* @return String RDN
*/
function getRDN($dn) {
if (($dn == "") || ($dn == null)) return "";
$rdn = substr($dn, 0, strpos($dn, ","));
return $rdn;
}
/**
* Returns the parent DN of a given DN.
*
* @param String $dn DN
* @return String DN
*/
function getParentDN($dn) {
if (($dn == "") || ($dn == null)) return "";
$parent = substr($dn, strpos($dn, ",") + 1);
return $parent;
}
/**
* Returns a list of OUs that exist for this account type.
*
* @return array OU list
*/
public function getOUs() {
if ($this->cachedOUs != null) {
return $this->cachedOUs;
}
$this->cachedOUs = $this->type->getSuffixList();
return $this->cachedOUs;
}
/**
* Replaces POST data with wildcard values from modules.
*
* @param array $keyPrefixes POST keys as full name or prefix (e.g. "key" matches "key1")
*/
public function replaceWildcardsInPOST($keyPrefixes) {
$replacements = array();
foreach ($this->module as $module) {
$replacements = array_merge($replacements, $module->getWildCardReplacements());
}
while (true) {
if (!$this->replaceWildcards($replacements, $keyPrefixes, $_POST)) {
break;
}
}
}
/**
* Replaces wildcards in an array.
*
* @param array $replacements replacements (key => value)
* @param array $keyPrefixes prefixes of $data array keys that should be replaced
* @param array $data data array
* @return boolean replacement done
*/
private function replaceWildcards($replacements, $keyPrefixes, &$data) {
$found = false;
foreach ($data as $key => $value) {
foreach ($keyPrefixes as $keyPrefix) {
if (strpos($key, $keyPrefix) === 0) {
$found = $this->doReplace($replacements, $data[$key]) || $found;
}
}
}
return $found;
}
/**
* Replaces wildcards in a value.
*
* @param array $replacements replacements (key => value)
* @param String $value value to perform replacements
* @return boolean replacement done
*/
private function doReplace($replacements, &$value) {
$found = false;
foreach ($replacements as $replKey => $replValue) {
$searchString = '$' . $replKey;
if (strpos($value, $searchString) !== false) {
$found = true;
$value = str_replace($searchString, $replValue, $value);
}
}
return $found;
}
/**
* Encrypts sensitive data before storing in session.
*
* @return array list of attributes which are serialized
*/
function __sleep() {
// encrypt data
$this->attributes = lamEncrypt(serialize($this->attributes));
$this->attributes_orig = lamEncrypt(serialize($this->attributes_orig));
$this->module = lamEncrypt(serialize($this->module));
// save all attributes
return array_keys(get_object_vars($this));
}
/**
* Decrypts sensitive data after accountContainer was loaded from session.
*/
function __wakeup() {
// decrypt data
$this->attributes = unserialize(lamDecrypt($this->attributes));
$this->attributes_orig = unserialize(lamDecrypt($this->attributes_orig));
$this->module = unserialize(lamDecrypt($this->module));
}
}
/**
* This interface needs to be implemented by all account modules which manage passwords.
* It allows LAM to provide central password changes.
*
* @package modules
*/
interface passwordService {
/**
* This method specifies if a module manages password attributes. The module alias will
* then appear as option in the GUI.
*
If the module only wants to get notified about password changes then return false.
*
* @return boolean true if this module manages password attributes
*/
public function managesPasswordAttributes();
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange();
/**
* This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name.
*
* @param String $password new password
* @param array $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.'))
*/
public function passwordChangeRequested($password, $modules, $forcePasswordChange);
}
?>