Now using accounts and acl classes

This commit is contained in:
Miles Lott 2001-03-10 12:26:54 +00:00
parent 5e0ab90cb2
commit 11b69ed7af

View File

@ -11,156 +11,153 @@
/* $Id$ */ /* $Id$ */
$phpgw_info["flags"] = array("noheader" => True, "nonavbar" => True, $phpgw_info["flags"] = array(
"currentapp" => "home", "noapi" => True); "noheader" => True,
include("../header.inc.php"); "nonavbar" => True,
include("./inc/functions.inc.php"); "currentapp"=> "home",
"noapi" => True
);
// Authorize the user to use setup app and load the database include("../header.inc.php");
if (!$phpgw_setup->auth("Config")){ include("./inc/functions.inc.php");
Header("Location: index.php");
exit;
}
// Does not return unless user is authorized
include( PHPGW_INCLUDE_ROOT . "/phpgwapi/inc/class.common.inc.php");
$common = new common; // Authorize the user to use setup app and load the database
$phpgw_setup->loaddb(); if (!$phpgw_setup->auth("Config")){
Header("Location: index.php");
exit;
}
// Does not return unless user is authorized
include( PHPGW_INCLUDE_ROOT . "/phpgwapi/inc/class.common.inc.php");
$phpgw_info["server"]["auth_type"] = "ldap"; $common = new common;
$acct = CreateObject("phpgwapi.accounts"); $phpgw_setup->loaddb();
$phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__); $phpgw_info["server"]["auth_type"] = "ldap";
while ($phpgw_setup->db->next_record()) { $acct = CreateObject("phpgwapi.accounts");
$config[$phpgw_setup->db->f("config_name")] = $phpgw_setup->db->f("config_value"); $applications = CreateObject("phpgwapi.applications");
}
// First, see if we can connect to the LDAP server, if not send `em back to config.php with an $phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__);
// error message. while ($phpgw_setup->db->next_record()) {
$config[$phpgw_setup->db->f("config_name")] = $phpgw_setup->db->f("config_value");
}
// connect to ldap server // First, see if we can connect to the LDAP server, if not send `em back to config.php with an
if (! $ldap = @ldap_connect($config["ldap_host"])) { // error message.
$noldapconnection = True;
}
// bind as admin, we not to able to do everything // connect to ldap server
if (! @ldap_bind($ldap,$config["ldap_root_dn"],$config["ldap_root_pw"])) { if (! $ldap = @ldap_connect($config["ldap_host"])) {
$noldapconnection = True; $noldapconnection = True;
} }
// bind as admin, we not to able to do everything
if (! @ldap_bind($ldap,$config["ldap_root_dn"],$config["ldap_root_pw"])) {
$noldapconnection = True;
}
if ($noldapconnection) { if ($noldapconnection) {
Header("Location: config.php?error=badldapconnection"); Header("Location: config.php?error=badldapconnection");
exit; exit;
} }
$sr = ldap_search($ldap,$config["ldap_context"],"(|(uid=*))",array("sn","givenname","uid","uidnumber")); $sr = ldap_search($ldap,$config["ldap_context"],"(|(uid=*))",array("sn","givenname","uid","uidnumber"));
$info = ldap_get_entries($ldap, $sr); $info = ldap_get_entries($ldap, $sr);
for ($i=0; $i<$info["count"]; $i++) { for ($i=0; $i<$info["count"]; $i++) {
if (! $phpgw_info["server"]["global_denied_users"][$info[$i]["uid"][0]]) { if (! $phpgw_info["server"]["global_denied_users"][$info[$i]["uid"][0]]) {
$account_info[$i]["account_id"] = $info[$i]["uidnumber"][0]; $account_info[$i]["account_id"] = $info[$i]["uidnumber"][0];
$account_info[$i]["account_lid"] = $info[$i]["uid"][0]; $account_info[$i]["account_lid"] = $info[$i]["uid"][0];
$account_info[$i]["account_lastname"] = $info[$i]["givenname"][0]; $account_info[$i]["account_firstname"] = $info[$i]["givenname"][0];
$account_info[$i]["account_firstname"] = $info[$i]["sn"][0]; $account_info[$i]["account_lastname"] = $info[$i]["sn"][0];
}
}
$phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and "
. "app_name != 'administration'",__LINE__,__FILE__);
while ($phpgw_setup->db->next_record()) {
$apps[$phpgw_setup->db->f("app_name")] = $phpgw_setup->db->f("app_title");
}
if ($submit) {
if (! count($admins)) {
$error = "<br>You must select at least 1 admin";
}
if (! count($s_apps)) {
$error .= "<br>You must select at least 1 application";
}
if (! $error) {
// This section is being modified to use the accounts and acl classes soon
// Create a default group
$defaultgroupid = mt_rand (100, 600000);
$sql = "insert into phpgw_accounts";
$sql .= "(account_id, account_lid, account_type, account_pwd, account_firstname, account_lastname, account_lastpwd_change, account_status)";
$sql .= "values (".$defaultgroupid.", 'Default', 'g', '".md5($passwd)."', 'Default', 'Group', ".time().", 'A')";
$phpgw_setup->db->query($sql);
// Give the group access to apps
while ($app = each($s_apps)) {
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='".$app[1]."' AND acl_location='run' AND acl_account="
. $defaultgroupid;
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
. " VALUES('".$app[1]."','run',".$defaultgroupid.",1)";
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
}
while ($account = each($account_info)) {
// do some checks before we try to import the data
if (!empty($account[1]["account_id"]) && !empty($account[1]["account_lid"]))
/* // This is where each new user was given app rights, instead of per the group
@reset($s_apps);
while ($app = each($s_apps)) {
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='".$app[1]."' AND acl_location='run' AND acl_account="
. $account[1]["account_id"];
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
. " VALUES('".$app[1]."','run',".$account[1]["account_id"].",1)";
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
} */
// Cleanup admin permissions
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='admin' AND acl_location='run' AND acl_account="
. $account[1]["account_id"];
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
// Give the user admin only if we asked for them to have it
for ($a=0;$a<count($admins);$a++) {
if ($admins[$a] == $account[1]["account_id"]) {
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
. " VALUES('admin','run',".$account[1]["account_id"].",1)";
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
}
}
// Actually create the account
$phpgw_setup->db->query("SELECT account_id FROM phpgw_accounts WHERE account_id=" . $account[1]["account_id"]
. " AND account_lid='" . $account[1]["account_lid"] . "'");
if(!$phpgw_setup->db->num_rows() && $account[1]["account_lid"]) {
$phpgw_setup->db->query("INSERT INTO phpgw_accounts (account_id,account_lid,account_pwd,account_type,"
. "account_status,account_lastpwd_change) VALUES (" . $account[1]["account_id"] . ",'"
. $account[1]["account_lid"] . "','x','u','A',".time().")",__LINE__,__FILE__);
}
// Now make them a member of the default group
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
. " VALUES('phpgw_group',".$defaultgroupid.",".$account[1]["account_id"].",'1')";
$phpgw_setup->db->query($sql);
}
$setup_complete = True;
} }
} }
// Add a check to see if there is no users in LDAP, if not create a default user. $phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and "
. "app_name != 'administration'",__LINE__,__FILE__);
while ($phpgw_setup->db->next_record()) {
$apps[$phpgw_setup->db->f("app_name")] = $phpgw_setup->db->f("app_title");
}
$phpgw_setup->show_header(); if ($submit) {
if (! count($admins)) {
$error = "<br>You must select at least 1 admin";
}
if (! count($s_apps)) {
$error .= "<br>You must select at least 1 application";
}
if (! $error) {
// Create the 'Default' group
$defaultgroupid = mt_rand (100, 600000);
$acct = CreateObject('phpgwapi.accounts',$defaultgroupid);
$acct->db = $phpgw_setup->db;
// Check if the group account is already there
// Since the id above is random, this will fail on a reload
$acct_exist = $acct->exists($defaultgroupid);
if(!$acct_exist && $defaultgroupid) {
$acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid);
}
$acl = CreateObject('phpgwapi.acl',$defaultgroupid);
$acl->db = $phpgw_setup->db;
$acl->read_repository();
while ($app = each($s_apps)) {
$acl->add($app[1],'run',1);
}
$acl->save_repository();
while ($account = each($account_info)) {
// do some checks before we try to import the data
if (!empty($account[1]["account_id"]) && !empty($account[1]["account_lid"]))
$accounts = CreateObject("phpgwapi.accounts",$account[1]["account_id"]);
$accounts->db = $phpgw_setup->db;
$acl = CreateObject("phpgwapi.acl",intval($account[1]["account_id"]));
$acl->db = $phpgw_setup->db;
$acl->read_repository();
// Only give them admin if we asked for them to have it
for ($a=0;$a<count($admins);$a++) {
if ($admins[$a] == $account[1]["account_id"]) {
$acl->add('admin','run',1);
}
}
// Check if the account is already there
$acct_exist = $accounts->exists($account[1]["account_id"]);
if(!$acct_exist && $account[1]["account_id"]) {
$accounts->create('u', $account[1]["account_lid"], 'x',
$account[1]["account_firstname"], $account[1]["account_lastname"],
'A',$account[1]["account_id"]
);
}
// Now make them a member of the 'Default' group
$acl->add("phpgw_group",$defaultgroupid,1);
$acl->save_repository();
}
$setup_complete = True;
}
}
// Add a check to see if there is no users in LDAP, if not create a default user.
$phpgw_setup->show_header();
if ($error) { if ($error) {
echo "<br><center><b>Error:</b> $error</center>"; echo "<br><center><b>Error:</b> $error</center>";
} }
if ($setup_complete) { if ($setup_complete) {
$phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__); $phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__);
$phpgw_setup->db->next_record(); $phpgw_setup->db->next_record();
echo '<br><center>Setup has been completed! Click <a href="' . $phpgw_setup->db->f("config_value") echo '<br><center>Setup has been completed! Click <a href="' . $phpgw_setup->db->f("config_value")
. '/login.php">here</a> to login</center>'; . '/login.php">here</a> to login</center>';
exit; exit;
} }
?> ?>
<form action="ldap.php" method="POST"> <form action="ldap.php" method="POST">