-
Benoit Mortier authored1c1fc75e
<?php/* This code is part of FusionDirectory (http://www.fusiondirectory.org/) Copyright (C) 2003 Cajus Pollmeier Copyright (C) 2011 FusionDirectory This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.*//*! \brief user plugin \author Cajus Pollmeier <pollmeier@gonicus.de> \version 2.00 \date 24.07.2003 This class provides the functionality to read and write all attributes relevant for person, organizationalPerson, inetOrgPerson and gosaAccount from/to the LDAP. It does syntax checking and displays the formulars required. */class user extends plugin{ /* Definitions */ var $plHeadline= "Generic"; var $plDescription= "Edit organizational user settings"; /* Plugin specific values */ var $base= ""; var $orig_base= ""; var $cn= ""; var $new_dn= ""; var $personalTitle= ""; var $academicTitle= ""; var $homePostalAddress= ""; var $homePhone= ""; var $labeledURI= ""; var $o= ""; var $ou= ""; var $departmentNumber= ""; var $gosaLoginRestriction= array(); var $gosaLoginRestrictionWidget; var $employeeNumber= ""; var $employeeType= ""; var $roomNumber= ""; var $telephoneNumber= ""; var $facsimileTelephoneNumber= ""; var $mobile= ""; var $pager= ""; var $l= ""; var $st= ""; var $postalAddress= ""; var $dateOfBirth; var $use_dob= "0"; var $gender="0"; var $preferredLanguage="0"; var $baseSelector;7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
var $jpegPhoto= "*removed*";
var $photoData= "";
var $old_jpegPhoto= "";
var $old_photoData= "";
var $cert_dialog= FALSE;
var $picture_dialog= FALSE;
var $pwObject= NULL;
var $userPKCS12= "";
var $userSMIMECertificate= "";
var $userCertificate= "";
var $certificateSerialNumber= "";
var $old_certificateSerialNumber= "";
var $old_userPKCS12= "";
var $old_userSMIMECertificate= "";
var $old_userCertificate= "";
var $gouvernmentOrganizationalUnit= "";
var $houseIdentifier= "";
var $street= "";
var $postalCode= "";
var $vocation= "";
var $ivbbLastDeliveryCollective= "";
var $gouvernmentOrganizationalPersonLocality= "";
var $gouvernmentOrganizationalUnitDescription= "";
var $gouvernmentOrganizationalUnitSubjectArea= "";
var $functionalTitle= "";
var $role= "";
var $publicVisible= "";
var $orig_dn;
var $dialog;
/* variables to trigger password changes */
var $pw_storage= "md5";
var $last_pw_storage= "unset";
var $had_userCertificate= FALSE;
var $view_logged = FALSE;
var $manager = "";
var $manager_name = "";
var $passwordClass = NULL;
/* attribute list for save action */
var $attributes= array("sn", "givenName", "uid", "personalTitle", "academicTitle",
"homePostalAddress", "homePhone", "labeledURI", "ou", "o", "dateOfBirth", "gender","preferredLanguage",
"departmentNumber", "employeeNumber", "employeeType", "l", "st","jpegPhoto",
"roomNumber", "telephoneNumber", "mobile", "pager", "cn", "userPKCS12", "street", "postalCode",
"postalAddress", "facsimileTelephoneNumber", "userSMIMECertificate", "gosaLoginRestriction", "manager");
var $objectclasses= array("top", "person", "organizationalPerson", "inetOrgPerson",
"gosaAccount");
/* attributes that are part of the government mode */
var $govattrs= array("gouvernmentOrganizationalUnit", "houseIdentifier", "vocation",
"ivbbLastDeliveryCollective", "gouvernmentOrganizationalPersonLocality",
"gouvernmentOrganizationalUnitDescription","gouvernmentOrganizationalUnitSubjectArea",
"functionalTitle", "certificateSerialNumber", "publicVisible", "street", "role",
"postalCode");
var $multiple_support = TRUE;
var $governmentmode = FALSE;
/* constructor, if 'dn' is set, the node loads the given
'dn' from LDAP */
function user (&$config, $dn= NULL)
{
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
global $lang;
$this->config= $config;
/* Configuration is fine, allways */
if($this->config->get_cfg_value("honourIvbbAttributes") == "TRUE"){
$this->governmentmode = TRUE;
$this->attributes=array_merge($this->attributes,$this->govattrs);
}
/* Load base attributes */
plugin::plugin ($config, $dn);
$this->orig_dn = $this->dn;
$this->new_dn = $dn;
if ($this->governmentmode){
/* Fix public visible attribute if unset */
if (!isset($this->attrs['publicVisible'])){
$this->publicVisible == "nein";
}
}
/* Load government mode attributes */
if ($this->governmentmode){
/* Copy all attributs */
foreach ($this->govattrs as $val){
if (isset($this->attrs["$val"][0])){
$this->$val= $this->attrs["$val"][0];
}
}
}
/* Create me for new accounts */
if ($dn == "new"){
$this->is_account= TRUE;
}
/* Make hash default to md5 if not set in config */
$hash= $this->config->get_cfg_value("passwordDefaultHash", "crypt/md5");
/* Load data from LDAP? */
if ($dn !== NULL){
/* Do base conversation */
if ($this->dn == "new"){
$ui= get_userinfo();
$this->base= dn2base(session::global_is_set("CurrentMainBase")?"cn=dummy,".session::global_get("CurrentMainBase"):$ui->dn);
} else {
$this->base= dn2base($dn);
}
/* get password storage type */
if (isset ($this->attrs['userPassword'][0])){
/* Initialize local array */
$matches= array();
if (preg_match ("/^{[^}]+}/", $this->attrs['userPassword'][0])){
$tmp= passwordMethod::get_method($this->attrs['userPassword'][0]);
if(is_object($tmp)){
$this->pw_storage= $tmp->get_hash();
}
} else {
if ($this->attrs['userPassword'][0] != ""){
$this->pw_storage= "clear";
} else {
$this->pw_storage= $hash;
}
}
} else {
/* Preset with vaule from configuration */
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
$this->pw_storage= $hash;
}
/* Load extra attributes: certificate and picture */
$this->load_cert();
$this->load_picture();
if ($this->userCertificate != ""){
$this->had_userCertificate= TRUE;
}
}
/* Reset password storage indicator, used by password_change_needed() */
if ($dn == "new"){
$this->last_pw_storage= "unset";
} else {
$this->last_pw_storage= $this->pw_storage;
}
/* Generate dateOfBirth entry */
if (isset ($this->attrs['dateOfBirth'])){
/* This entry is ISO 8601 conform */
list($year, $month, $day)= explode("-", $this->attrs['dateOfBirth'][0], 3);
#TODO: use $lang to convert date
$this->dateOfBirth= "$day.$month.$year";
} else {
$this->dateOfBirth= "";
}
/* Put gender attribute to upper case */
if (isset ($this->attrs['gender'])){
$this->gender= strtoupper($this->attrs['gender'][0]);
}
// Get login restrictions
if(isset($this->attrs['gosaLoginRestriction'])){
$this->gosaLoginRestriction =array();
for($i =0;$i < $this->attrs['gosaLoginRestriction']['count']; $i++){
$this->gosaLoginRestriction[] = $this->attrs['gosaLoginRestriction'][$i];
}
}
$this->gosaLoginRestrictionWidget= new sortableListing($this->gosaLoginRestriction);
$this->gosaLoginRestrictionWidget->setDeleteable(true);
$this->gosaLoginRestrictionWidget->setColspecs(array('*'));
$this->gosaLoginRestrictionWidget->setWidth("100%");
$this->gosaLoginRestrictionWidget->setHeight("70px");
$this->orig_base = $this->base;
$this->baseSelector= new baseSelector($this->allowedBasesToMoveTo(), $this->base);
$this->baseSelector->setSubmitButton(false);
$this->baseSelector->setHeight(300);
$this->baseSelector->update(true);
// Detect the managers name
$this->manager_name = "";
$ldap = $this->config->get_ldap_link();
if(!empty($this->manager)){
$ldap->cat($this->manager, array('cn'));
if($ldap->count()){
$attrs = $ldap->fetch();
$this->manager_name = $attrs['cn'][0];
}else{
$this->manager_name = "("._("Unknown")."!): ".$this->manager;
}
}
}
/* execute generates the html output for this node */
281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350
function execute()
{
/* Call parent execute */
plugin::execute();
/* Set list ACL */
$restrict_writeable = $this->acl_is_writeable('gosaLoginRestriction', (!is_object($this->parent) && !session::is_set('edit')));
$this->gosaLoginRestrictionWidget->setAcl($this->getacl('gosaLoginRestriction', (!is_object($this->parent) && !session::is_set('edit'))));
$this->gosaLoginRestrictionWidget->update();
/* Handle add/delete for restriction mode */
if (isset($_POST['add_res']) && isset($_POST['res']) && $restrict_writeable){
$val= validate($_POST['res']);
if (preg_match('/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/', $val) ||
preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+)$/', $val) ||
preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/', $val)) {
$this->gosaLoginRestrictionWidget->addEntry($val);
} else {
msg_dialog::display(_("Error"), _("Please add a single IP address or a network/netmask combination!"), ERROR_DIALOG);
}
}
/* Log view */
if($this->is_account && !$this->view_logged){
$this->view_logged = TRUE;
new log("view","users/".get_class($this),$this->dn);
}
// Clear manager attribute if requested
if(preg_match("/ removeManager/i", " ".implode(array_keys($_POST),' ')." ")){
$this->manager = "";
$this->manager_name = "";
}
// Allow to select a new inetOrgPersion:manager
if(preg_match("/ editManager/i", " ".implode(array_keys($_POST),' ')." ")){
$this->dialog = new singleUserSelect($this->config, get_userinfo());
}
if($this->dialog instanceOf singleUserSelect && count($this->dialog->detectPostActions())){
$users = $this->dialog->detectPostActions();
if(isset($users['targets']) && count($users['targets'])){
$headpage = $this->dialog->getHeadpage();
$dn = $users['targets'][0];
$attrs = $headpage->getEntry($dn);
$this->manager = $dn;
$this->manager_name = $attrs['cn'][0];
$this->dialog = NULL;
}
}
if(isset($_POST['add_users_cancel'])){
$this->dialog = NULL;
}
if($this->dialog instanceOf singleUserSelect) return($this->dialog->execute());
$smarty= get_smarty();
$smarty->assign("usePrototype", "true");
$smarty->assign("gosaLoginRestrictionWidget", $this->gosaLoginRestrictionWidget->render());
/* Assign sex */
$sex= array(0 => " ", "F" => _("female"), "M" => _("male"));
$smarty->assign("gender_list", $sex);
$language= array_merge(array(0 => " ") ,get_languages(TRUE));
$smarty->assign("preferredLanguage_list", $language);
/* Get random number for pictures */
srand((double)microtime()*1000000);
$smarty->assign("rand", rand(0, 10000));
351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420
/* Do we represent a valid gosaAccount? */
if (!$this->is_account){
$str = "<img alt=\"\" src=\"images/small-error.png\" align=\"middle\"> <b>".
msgPool::noValidExtension("FusionDirectory")."</b>";
return($str);
}
/* Password configure dialog handling */
if(is_object($this->pwObject) && $this->pwObject->display){
$output= $this->pwObject->configure();
if ($output != ""){
$this->dialog= TRUE;
return $output;
}
$this->dialog= false;
}
/* Want password method editing? */
if ($this->acl_is_writeable("userPassword")){
if (isset($_POST['edit_pw_method'])){
if (!is_object($this->pwObject) || $this->pw_storage != $this->pwObject->get_hash_name()){
$temp= passwordMethod::get_available_methods();
$this->pwObject= new $temp[$this->pw_storage]($this->config,$this->dn);
}
$this->pwObject->display = TRUE;
$this->dialog= TRUE;
return ($this->pwObject->configure());
}
}
/* Want picture edit dialog? */
if($this->acl_is_writeable("userPicture")) {
if (isset($_POST['edit_picture'])){
/* Save values for later recovery, in case some presses
the cancel button. */
$this->old_jpegPhoto= $this->jpegPhoto;
$this->old_photoData= $this->photoData;
$this->picture_dialog= TRUE;
$this->dialog= TRUE;
}
}
/* Remove picture? */
if($this->acl_is_writeable("userPicture",(!is_object($this->parent) && !session::is_set('edit'))) ){
if (isset($_POST['picture_remove'])){
$this->set_picture ();
$this->jpegPhoto= "*removed*";
$this->is_modified= TRUE;
return($smarty->fetch (get_template_path('generic_picture.tpl', TRUE, dirname(__FILE__))));
}
}
/* Save picture */
if (isset($_POST['picture_edit_finish'])){
/* Check for clean upload */
if ($_FILES['picture_file']['name'] != ""){
if (!is_uploaded_file($_FILES['picture_file']['tmp_name'])) {
msg_dialog::display(_("Error"), _("Cannot upload file!"), ERROR_DIALOG);
}else{
/* Activate new picture */
$this->set_picture($_FILES['picture_file']['tmp_name']);
}
}
$this->picture_dialog= FALSE;
$this->dialog= FALSE;
$this->is_modified= TRUE;
}
421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490
/* Cancel picture */
if (isset($_POST['picture_edit_cancel'])){
/* Restore values */
$this->jpegPhoto= $this->old_jpegPhoto;
$this->photoData= $this->old_photoData;
/* Update picture */
session::set('binary',$this->photoData);
session::set('binarytype',"image/jpeg");
$this->picture_dialog= FALSE;
$this->dialog= FALSE;
}
/* Want certificate= */
if ((isset($_POST['edit_cert'])) && $this->acl_is_readable("Certificate")){
/* Save original values for later reconstruction */
foreach (array("certificateSerialNumber", "userCertificate",
"userSMIMECertificate", "userPKCS12") as $val){
$oval= "old_$val";
$this->$oval= $this->$val;
}
$this->cert_dialog= TRUE;
$this->dialog= TRUE;
}
/* Cancel certificate dialog */
if (isset($_POST['cert_edit_cancel'])){
/* Restore original values in case of 'cancel' */
foreach (array("certificateSerialNumber", "userCertificate",
"userSMIMECertificate", "userPKCS12") as $val){
$oval= "old_$val";
$this->$val= $this->$oval;
}
$this->cert_dialog= FALSE;
$this->dialog= FALSE;
}
/* Remove certificate? */
if($this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))){
foreach (array ("userCertificate", "userSMIMECertificate", "userPKCS12") as $val){
if (isset($_POST["remove_$val"])){
/* Reset specified cert*/
$this->$val= "";
$this->is_modified= TRUE;
}
}
}
/* Upload new cert and close dialog? */
if($this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))){
$fail =false;
if (isset($_POST['cert_edit_finish'])){
/* for all certificates do */
foreach (array ("userCertificate", "userSMIMECertificate", "userPKCS12")
as $val){
/* Check for clean upload */
491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560
if (array_key_exists($val."_file", $_FILES) &&
array_key_exists('name', $_FILES[$val."_file"]) &&
$_FILES[$val."_file"]['name'] != "" &&
is_uploaded_file($_FILES[$val."_file"]['tmp_name'])) {
$this->set_cert("$val", $_FILES[$val."_file"]['tmp_name']);
}
}
/* Save serial number */
if (isset($_POST["certificateSerialNumber"]) &&
$_POST["certificateSerialNumber"] != ""){
if (!tests::is_id($_POST["certificateSerialNumber"])){
$fail = true;
msg_dialog::display(_("Error"), msgPool::invalid(_("Serial number"),$_POST["certificateSerialNumber"],"/[0-9]/"),ERROR_DIALOG);
foreach(array("userCertificate", "userSMIMECertificate", "userPKCS12") as $cert){
if ($this->$cert != ""){
$smarty->assign("$cert"."_state", "true");
} else {
$smarty->assign("$cert"."_state", "");
}
}
}
$this->certificateSerialNumber= $_POST["certificateSerialNumber"];
$this->is_modified= TRUE;
}
if(!$fail){
$this->cert_dialog= FALSE;
$this->dialog= FALSE;
}
}
}
/* Display picture dialog */
if ($this->picture_dialog){
return($smarty->fetch (get_template_path('generic_picture.tpl', TRUE, dirname(__FILE__))));
}
/* Display cert dialog */
if ($this->cert_dialog){
$smarty->assign("CertificateACL",$this->getacl("Certificate",(!is_object($this->parent) && !session::is_set('edit'))));
$smarty->assign("Certificate_readable",$this->acl_is_readable("Certificate"));
$smarty->assign("certificateSerialNumber",$this->certificateSerialNumber);
foreach(array("userCertificate", "userSMIMECertificate", "userPKCS12") as $cert){
if ($this->$cert != ""){
/* import certificate */
$certificate = new certificate;
$certificate->import($this->$cert);
/* Read out data*/
$timeto = $certificate->getvalidto_date();
$timefrom = $certificate->getvalidfrom_date();
/* Additional info if start end time is '0' */
$add_str_info = "";
if($timeto == 0 && $timefrom == 0){
$add_str_info = "<br><i>"._("(Some types of certificates are currently not supported and may be displayed as 'invalid'.)")."</i>";
}
$str = "<table summary=\"\" border=0>
<tr>
<td style='vertical-align:top'>CN</td>
<td>".preg_replace("/ /", " ", $certificate->getname())."</td>
</tr>
</table><br>".
sprintf(_("Certificate is valid from %s to %s and is currently %s."),