From 30e832e99292eed577fa7bf5ed6125ec40f69cae Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Wed, 24 Apr 2002 12:15:31 +0000 Subject: [PATCH] Better ldap filtering (GNU Bug# 100340) --- phpgwapi/inc/class.contacts_ldap.inc.php | 167 ++++++++++++++++----- phpgwapi/inc/class.contacts_shared.inc.php | 92 ------------ 2 files changed, 129 insertions(+), 130 deletions(-) diff --git a/phpgwapi/inc/class.contacts_ldap.inc.php b/phpgwapi/inc/class.contacts_ldap.inc.php index 5f23edff10..34e97ca4cc 100644 --- a/phpgwapi/inc/class.contacts_ldap.inc.php +++ b/phpgwapi/inc/class.contacts_ldap.inc.php @@ -371,10 +371,12 @@ /* this was not listing private entries when show all was selected */ /* $filterfields += array('phpgwcontactaccess' => 'public'); */ $grants = $this->grants; - while(list($user) = each($grants)) + if ($DEBUG) { echo '
DEBUG - My user id is: ' . $this->account_id; } + while (list($user) = each($grants)) { - if($DEBUG) { echo '
DEBUG - Grant from owner: '.$user; } - $filterfields += array('phpgwcontactowner' => $user); + if ($DEBUG) { echo '
DEBUG - Grant from owner: '.$user; } + /* I know this looks silly... */ + @$filterfields['phpgwcontactowner'][] = array('phpgwcontactowner' => $user); } } /* @@ -401,49 +403,28 @@ echo "
DEBUG - ORDER by $order"; } + $ldap_fields = array(); + $myfilter = ''; + if($query) { - $ldap_fields = array(); - $total = 0; - reset($this->stock_contact_fields); - $lquery = '(&(|'; /* $lquery = '(|'; */ - while(list($name,$value) = each($this->stock_contact_fields) ) - { - $lquery .= '(' . $value . '=*' . $query . '*)'; - } - $lquery .= ')(phpgwcontactowner=*))'; /* $lquery .= ')'; */ - /* echo $lquery; exit; */ - - $sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], "$lquery"); - - /* append the results */ - $ldap_fields += ldap_get_entries($this->ldap, $sri); - - /* add the # rows to our total */ - $total = $total + ldap_count_entries($this->ldap, $sri); - /* _debug_array($ldap_fields);exit; */ - - if($filterfields) - { - $ldap_fields = $this->filter_ldap($ldap_fields,$filterfields,$DEBUG); - } - - $this->total_records = count($ldap_fields); - /* echo '
total="'.$this->total_records.'"'; */ + $myfilter = $this->makefilter($filterfields,$this->stock_contact_fields,$query,$DEBUG); } else { - $sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'phpgwcontactowner=*'); - $ldap_fields = ldap_get_entries($this->ldap, $sri); - $this->total_records = ldap_count_entries($this->ldap, $sri); - - if($filterfields) - { - $ldap_fields = $this->filter_ldap($ldap_fields,$filterfields,$DEBUG); - } + $myfilter = $this->makefilter($filterfields,'','',$DEBUG); } + $sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], $myfilter); + + $ldap_fields = ldap_get_entries($this->ldap, $sri); + /* _debug_array($ldap_fields);exit; */ + + $this->total_records = ldap_count_entries($this->ldap, $sri); + /* echo '
total="'.$this->total_records.'"'; */ + if($DEBUG) { echo '
Query returned "'.$this->total_records.'" records.'; } + /* Use shared sorting routines, based on sort and order */ if($sort == 'ASC') { @@ -515,6 +496,116 @@ return $return_fields; } + /* Used by read() above to build the ldap filter string */ + function makefilter($qarray,$extra='',$query='', $DEBUG=False) + { + if(!is_array($qarray)) + { + return $qarray; + } + + if(is_array($extra)) + { + if($DEBUG) { echo '
Searching...'; } + reset($extra); + while(list($name,$value) = each($extra)) + { + $qarray[] = array($value => $query); + } + } + elseif($extra) + { + $tmp = split('=',$extra); + $qarray[] = array($tmp[0] => $tmp[1]); + } + + @ksort($qarray); + + $aquery = '(&'; + $oquery = '(|'; + $hasor = False; + + while(list($name,$value) = @each($qarray)) + { + if(is_array($value)) + { + while(list($x,$y) = each($value)) + { + if($y == '*') + { + $oquery .= '(' . $x . '=*)'; + $hasor = True; + } + elseif(is_array($y)) + { + /* This was most likely created from acl grants in read() above */ + while(list($a,$b) = each($y)) + { + $tmp .= '(' . $a . '=' . $b . ')'; + } + } + else + { + $oquery .= '(' . $x . '=*' . $y . '*)'; + $hasor = True; + } + } + } + elseif($value == $query) + { + /* searching */ + $oquery .= '(' . $name . '=*' . $value . '*)'; + $hasor = True; + } + else + { + /* exact value (filtering based on tid, etc...) */ + if($name == $lastname) + { + $aquery .= '(' . $name . '=' . $value . ')'; + } + else + { + $aquery .= '(' . $name . '=' . $value . ')'; + } + } + + if($tmp) + { + if(strstr($tmp,')(')) + { + $aquery .= '(|' . $tmp . ')'; + } + else + { + $aquery .= $tmp; + } + unset($tmp); + } + } + $aquery .= ')'; + $oquery .= ')'; + if(!$hasor) + { + $oquery = ''; + $fquery = $aquery; + } + else + { + $fquery = '(&' . $aquery . $oquery . ')'; + } + + if($DEBUG) + { + echo '
AND query: "' . $aquery . '"'; + echo '
OR query: "' . $oquery . '"'; + echo '
Full query: "' . $fquery . '"'; + echo '
Will search in "' . $GLOBALS['phpgw_info']['server']['ldap_contact_context'] . '"'; + } + + return $fquery; + } + function add($owner,$fields,$access='private',$cat_id='0',$tid='n') { $tid = $fields['tid'] ? trim($fields['tid']) : $tid; diff --git a/phpgwapi/inc/class.contacts_shared.inc.php b/phpgwapi/inc/class.contacts_shared.inc.php index 8c9b7ec970..7d53ce3a6d 100644 --- a/phpgwapi/inc/class.contacts_shared.inc.php +++ b/phpgwapi/inc/class.contacts_shared.inc.php @@ -197,98 +197,6 @@ return ($sortarray); } - function filter_ldap($ldap_fields,$filterfields,$DEBUG=0) - { - $match = 0; - if($DEBUG) { echo '
'; } - for($i=0;$i'; } - $new_ldap[] = $ldap_fields[$i]; - } - else - { - if($DEBUG) { echo $ldap_fields[$i]['uidnumber'][0].' did not match all.'.'
'; } - } - } - } - if($DEBUG) - { - if($match) - { - echo '
'.$match.' total matches.'."\n"; - } - else - { - echo '
No matches :('."\n"; - } - } - $this->total_records = count($new_ldap); - - return $new_ldap; - } - function formatted_address($id, $business = True, $afont = '', $asize = '2') { $t = CreateObject('phpgwapi.Template',$GLOBALS['phpgw']->common->get_tpl_dir('addressbook'));