extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-24 14:58:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

rewrite of the accounts classes:

Browse Source 
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
This commit is contained in:
Ralf Becker 2006-06-06 23:42:36 +00:00
parent 3821544b6d
commit 98d8b30761
10 changed files with 2249 additions and 2706 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1643
phpgwapi/inc/class.accounts.inc.php
View File

File diff suppressed because it is too large Load Diff

345
phpgwapi/inc/class.accounts_contacts.inc.php
View File

@ -1,345 +0,0 @@
<?php
/**************************************************************************\
* eGroupWare API - Accounts manager for the contacts class *
* This file written by Miles Lott <milosch@groupwhere.org> *
* View and manipulate account records using the contacts class *
* Copyright (C) 2000, 2001 Miles Lott *
* -------------------------------------------------------------------------*
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
* This library is free software; you can redistribute it and/or modify it *
* under the terms of the GNU Lesser General Public License as published by *
* the Free Software Foundation; either version 2.1 of the License, *
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/* $Id$ */
/*
THIS NEEDS WORK!!!!!!!!! - Milosch
But it is a lot closer now...
*/
$GLOBALS['egw_info']['server']['global_denied_users'] = array(
'root' => True, 'bin' => True, 'daemon' => True,
'adm' => True, 'lp' => True, 'sync' => True,
'shutdown' => True, 'halt' => True, 'ldap' => True,
'mail' => True, 'news' => True, 'uucp' => True,
'operator' => True, 'games' => True, 'gopher' => True,
'nobody' => True, 'xfs' => True, 'pgsql' => True,
'mysql' => True, 'postgres' => True, 'oracle' => True,
'ftp' => True, 'gdm' => True, 'named' => True,
'alias' => True, 'web' => True, 'sweep' => True,
'cvs' => True, 'qmaild' => True, 'qmaill' => True,
'qmaillog' => True, 'qmailp' => True, 'qmailq' => True,
'qmailr' => True, 'qmails' => True, 'rpc' => True,
'rpcuser' => True, 'amanda' => True, 'apache' => True,
'pvm' => True, 'squid' => True, 'ident' => True,
'nscd' => True, 'mailnull' => True, 'cyrus' => True,
'backup' => True
);
$GLOBALS['egw_info']['server']['global_denied_groups'] = array(
'root' => True, 'bin' => True, 'daemon' => True,
'sys' => True, 'adm' => True, 'tty' => True,
'disk' => True, 'lp' => True, 'mem' => True,
'kmem' => True, 'wheel' => True, 'mail' => True,
'uucp' => True, 'man' => True, 'games' => True,
'dip' => True, 'ftp' => True, 'nobody' => True,
'floppy' => True, 'xfs' => True, 'console' => True,
'utmp' => True, 'pppusers' => True, 'popusers' => True,
'slipusers' => True, 'slocate' => True, 'mysql' => True,
'dnstools' => True, 'web' => True, 'named' => True,
'dba' => True, 'oinstall' => True, 'oracle' => True,
'gdm' => True, 'sweep' => True, 'cvs' => True,
'postgres' => True, 'qmail' => True, 'nofiles' => True,
'ldap' => True, 'backup' => True
);
class accounts_
{
var $db;
var $contacts;
var $account_id;
var $data;
var $debug = False;
var $qcols = array(
'fn' => 'fn',
'n_given' => 'n_given',
'n_family' => 'n_family',
'account_lastlogin' => 'account_lastlogin',
'account_lastloginfrom' => 'account_lastloginfrom',
'account_lastpwd_change' => 'account_lastpwd_change',
'account_status' => 'account_status',
'account_expires' => 'account_expires'
);
function accounts_()
{
$this->db = $GLOBALS['egw']->db;
$this->contacts =& CreateObject('phpgwapi.contacts',0);
}
function makeobj()
{
if(!$this->contacts)
{
$this->contacts =& CreateObject('phpgwapi.contacts','0');
}
}
function read_repository()
{
$this->makeobj();
$allValues = $this->contacts->read_single_entry($this->account_id,$this->qcols);
/* Now dump it into the array */
$this->data['userid'] = $allValues[0]['lid'];
$this->data['account_id'] = $allValues[0]['id'];
$this->data['account_lid'] = $allValues[0]['lid'];
$this->data['account_type'] = $allValues[0]['tid'];
$this->data['firstname'] = $allValues[0]['n_given'];
$this->data['lastname'] = $allValues[0]['n_family'];
$this->data['fullname'] = $allValues[0]['fn'];
$this->data['lastlogin'] = $allValues[0]['account_lastlogin'];
$this->data['lastloginfrom'] = $allValues[0]['account_lastloginfrom'];
$this->data['lastpasswd_change'] = $allValues[0]['account_lastpwd_change'];
$this->data['status'] = $allValues[0]['account_status'];
$this->data['expires'] = $allValues[0]['account_expires'];
return $this->data;
}
function save_repository()
{
$this->makeobj();
$entry['id'] = $this->data['account_id'];
$entry['lid'] = $this->data['account_lid'];
$entry['tid'] = $this->data['account_type'];
$entry['fn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']);
$entry['n_family'] = $this->data['lastname'];
$entry['n_given'] = $this->data['firstname'];
$entry['account_lastlogin'] = $this->data['lastlogin'];
$entry['account_lastloginfrom'] = $this->data['lastloginfrom'];
$entry['account_lastpasswd_change'] = $this->data['lastpwd_change'];
$entry['account_status'] = $this->data['status'];
$entry['account_expires'] = $this->data['expires'];
if($this->debug) { echo '<br>Updating entry:<br>' . var_dump($entry); }
$this->contacts->update($entry['id'],0,$entry,'public','',$entry['tid']);
}
function add($account_name, $account_type, $first_name, $last_name, $passwd = False)
{
$this->create($account_name, $account_type, $first_name, $last_name, $passwd);
}
function delete($accountid = '')
{
$this->makeobj();
if($this->debug) { echo '<br>Deleting entry:<br>' . $account_id; }
$account_id = get_account_id($accountid);
$this->contacts->delete($account_id);
}
function get_list($_type='both')
{
$this->makeobj();
switch($_type)
{
case 'accounts':
$filter = 'tid=u';
break;
case 'groups':
$filter = 'tid=g';
break;
default:
$filter = 'tid=u,tid=g';
}
$allValues = $this->contacts->read(0,0,$this->qcols,'',$filter);
/* get user information for each user/group */
for($i=0;$i<count($allValues);$i++)
{
$accounts[] = Array(
'account_id' => $allValues[$i]['id'],
'account_lid' => $allValues[$i]['lid'],
'account_type' => $allValues[$i]['tid'],
'account_firstname' => $allValues[$i]['n_given'],
'account_lastname' => $allValues[$i]['n_family'],
'account_status' => $allValues[$i]['account_status'],
'account_expires' => $allValues[$i]['account_expires']
);
}
return $accounts;
}
function name2id($account_lid)
{
$qcols = array('id' => 'id');
$this->makeobj();
$allValues = $this->contacts->read(0,0,$qcols,'',"lid=".$account_lid);
if($allValues[0]['id'])
{
return (int)$allValues[0]['id'];
}
else
{
return False;
}
}
function id2name($account_id)
{
$this->makeobj();
$allValues = $this->contacts->read_single_entry($account_id);
if($this->debug) { echo '<br>id2name: '.$allValues[0]['lid']; }
if($allValues[0]['lid'])
{
return $allValues[0]['lid'];
}
else
{
return False;
}
}
function get_type($accountid = '')
{
$this->makeobj();
$account_id = get_account_id($accountid);
$allValues = $this->contacts->read_single_entry($account_id);
if ($allValues[0]['tid'])
{
return $allValues[0]['tid'];
}
else
{
return False;
}
}
function exists($account_lid)
{
$this->makeobj();
if(is_int($account_lid))
{
$account_id = $account_lid;
settype($account_lid,'string');
$account_lid = $this->id2name($account_id);
}
$allValues = $this->contacts->read(0,0,array('n_given' => 'n_given'),'','lid='.$account_lid);
if ($allValues[0]['id'])
{
return True;
}
else
{
return False;
}
}
function create($account_info)
{
$this->makeobj();
if (!$$account_info['account_id'])
{
$account_info['account_id'] = $this->get_nextid();
}
$owner = $GLOBALS['egw_info']['user']['account_id'];
$entry['id'] = $account_info['account_id'];
$entry['lid'] = $account_info['account_lid'];
$entry['n_given'] = $account_info['account_firstname'];
$entry['n_family'] = $account_info['account_lastname'];
$entry['password'] = $account_info['account_passwd'];
$entry['account_status'] = $account_info['account_status'];
$entry['account_expires'] = $account_info['account_expires'];
if($this->debug) { echo '<br>Adding entry:<br>' . var_dump($entry); }
/* 'public' access, no category id, tid set to account_type */
$this->contacts->add(0,$entry,'public','',$account_info['account_type']);
return;
}
function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
{
if (! $expiredate)
{
// expire in 30 days by default
$expiredate = time() + ( ( 60 * 60 ) * (30 * 24) );
}
$default_group_id = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']);
if (!$default_group_id)
{
$default_group_id = (int) $this->name2id('Default');
}
$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
$acct_info = array(
'account_lid' => $accountname,
'account_type' => 'u',
'account_passwd' => $passwd,
'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
'account_status' => $account_status,
'account_expires' => mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate)),
'account_primary_group' => $primary_group,
);
if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
{
$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
}
elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) == True && $GLOBALS['egw_info']['server']['mail_suffix'] != '')
{
$acct_info['account_email'] = $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
}
$this->create($acct_info);
$accountid = $this->name2id($accountname);
if ($accountid)
{
/* If we have a primary_group, add it as "regular" eGW group (via ACL) too. */
if ($primary_group)
{
$GLOBALS['egw']->acl->add_repository('phpgw_group', $primary_group,$accountid,1);
}
// call hook to notify other apps about the new account
$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
$GLOBALS['hook_values']['account_id'] = $accountid;
$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
$GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array(
'location' => 'addaccount'
),False,True); /* called for every app now, not only enabled ones */
}
return $accountid;
}
}

1796
phpgwapi/inc/class.accounts_ldap.inc.php
View File

File diff suppressed because it is too large Load Diff

816
phpgwapi/inc/class.accounts_sql.inc.php
View File

@ -1,483 +1,385 @@
<?php <?php
/**************************************************************************\ /**
* eGroupWare API - Accounts manager for SQL * * API - accounts SQL backend
* Written by Joseph Engo <jengo@phpgroupware.org> * *
* and Dan Kuykendall <seek3r@phpgroupware.org> * * The SQL backend stores the group memberships via the ACL class (location 'phpgw_group')
* and Bettina Gille [ceb@phpgroupware.org] * *
* View and manipulate account records using SQL * * The (positive) account_id's of groups are mapped in this class to negative numeric
* Copyright (C) 2000 - 2002 Joseph Engo * * account_id's, to conform wit the way we handle groups in LDAP!
* Copyright (C) 2003 Joseph Engo, Bettina Gille * *
* ------------------------------------------------------------------------ * * @link http://www.egroupware.org
* This library is part of the eGroupWare API * * @author Ralf Becker <RalfBecker-AT-outdoor-training.de> complete rewrite in 6/2006 and
* http://www.egroupware.org * * earlier to use the new DB functions
* ------------------------------------------------------------------------ * *
* This library is free software; you can redistribute it and/or modify it * * This class replaces the former accounts_sql class written by
* under the terms of the GNU Lesser General Public License as published by * * Joseph Engo <jengo@phpgroupware.org>, Dan Kuykendall <seek3r@phpgroupware.org>
* the Free Software Foundation; either version 2.1 of the License, * * and Bettina Gille <ceb@phpgroupware.org>.
* or any later version. * * Copyright (C) 2000 - 2002 Joseph Engo
* This library is distributed in the hope that it will be useful, but * * Copyright (C) 2003 Lars Kneschke, Bettina Gille
* WITHOUT ANY WARRANTY; without even the implied warranty of * *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* See the GNU Lesser General Public License for more details. * * @package api
* You should have received a copy of the GNU Lesser General Public License * * @subpackage accounts
* along with this library; if not, write to the Free Software Foundation, * * @version $Id$
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */
\**************************************************************************/
/* $Id$ */ /**
* SQL Backend for accounts
*
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @package api
* @subpackage accounts
* @access internal only use the interface provided by the accounts class
*/
class accounts_backend
{
/**
* instance of the db class
*
* @var object
*/
var $db;
/**
* table name for the accounts
*
* @var string
*/
var $table = 'egw_accounts';
/**
* total number of found entries from get_list method
*
* @var int
*/
var $total;
function accounts_backend()
{
if (is_object($GLOBALS['egw_setup']->db))
{
$this->db = clone($GLOBALS['egw_setup']->db);
}
else
{
$this->db = clone($GLOBALS['egw']->db);
}
$this->db->set_app('phpgwapi'); // to load the right table-definitions for insert, select, update, ...
}
/** /**
* Class for handling user and group accounts in SQL * Reads the data of one account
*
* @param int $account_id numeric account-id
* @return array/boolean array with account data (keys: account_id, account_lid, ...) or false if account not found
*/ */
class accounts_ function read($account_id)
{ {
var $db; if (!(int)$account_id) return false;
var $account_id;
var $data;
var $total;
var $table = 'egw_accounts';
function accounts_() $this->db->select($this->table,'*',array('account_id' => abs($account_id)),__LINE__,__FILE__);
if (!($data = $this->db->row(true)))
{ {
return false;
} }
if ($data['account_type'] == 'g')
function list_methods($_type='xmlrpc')
{ {
if (is_array($_type)) $data['account_id'] = -$data['account_id'];
{ }
$_type = $_type['type'] ? $_type['type'] : $_type[0]; $data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
}
switch($_type) return $data;
}
/**
* Saves / adds the data of one account
*
* If no account_id is set in data the account is added and the new id is set in $data.
*
* @param array $data array with account-data
* @return int/boolean the account_id or false on error
*/
function save(&$data)
{
echo "<p>accounts_sql::save(".print_r($data,true).")</p>\n";
$to_write = $data;
unset($to_write['account_id']);
unset($to_write['account_passwd']);
// encrypt password if given or unset it if not
if ($data['account_passwd'])
{
$to_write['account_pwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']);
}
if (!(int)$data['account_id'])
{
if (!in_array($to_write['account_type'],array('u','g')) ||
!$this->db->insert($this->table,$to_write,false,__LINE__,__FILE__)) return false;
$data['account_id'] = $this->db->get_last_insert_id($this->table,'account_id');
if ($data['account_type'] == 'g') $data['account_id'] *= -1;
}
elseif (!$this->db->update($this->table,$to_write,array('account_id' => abs($data['account_id'])),__LINE__,__FILE__))
{
return false;
}
return $data['account_id'];
}
/**
* Delete one account, deletes also all acl-entries for that account
*
* @param int $id numeric account_id
* @return boolean true on success, false otherwise
*/
function delete($account_id)
{
if (!(int)$account_id) return false;
return !!$this->db->delete($this->table,array('account_id' => abs($account_id)),__LINE__,__FILE__);
}
/**
* Get all memberships of an account $accountid / groups the account is a member off
*
* @param int $account_id numeric account-id
* @return array/boolean array with account_id => account_lid pairs or false if account not found
*/
function memberships($account_id)
{
if (!(int)$account_id) return false;
$memberships = array();
if(($gids = $GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id)))
{
foreach($gids as $gid)
{ {
case 'xmlrpc': $memberships[(string) $gid] = $this->id2name($gid);
$xml_functions = array(
'get_list' => array(
'function' => 'get_list',
'signature' => array(array(xmlrpcStruct)),
'docstring' => lang('Returns a full list of accounts on the system. Warning: This is return can be quite large')
),
'list_methods' => array(
'function' => 'list_methods',
'signature' => array(array(xmlrpcStruct,xmlrpcString)),
'docstring' => lang('Read this list of methods.')
)
);
return $xml_functions;
break;
case 'soap':
return $this->soap_functions;
break;
default:
return array();
break;
} }
} }
//echo "accounts::memberships($account_id)"; _debug_array($memberships);
return $memberships;
}
/** /**
* grabs the records from the data store * Sets the memberships of the account this class is instanciated for
* *
*/ * @param array $groups array with gidnumbers
function read_repository() * @param int $account_id numerical account-id
*/
function set_memberships($groups,$account_id)
{
if (!(int)$account_id) return;
$acl =& CreateObject('phpgwapi.acl',$account_id);
$acl->read_repository();
$acl->delete('phpgw_group',false);
foreach($groups as $group)
{ {
$this->db->select($this->table,'*',array('account_id'=>abs($this->account_id)),__LINE__,__FILE__); $acl->add('phpgw_group',$group,1);
$this->data['account_id'] = $this->db->next_record() ? $this->account_id : null;
$this->data['account_lid'] = $this->data['userid'] = $this->db->f('account_lid');
$this->data['firstname'] = $this->db->f('account_firstname');
$this->data['lastname'] = $this->db->f('account_lastname');
$this->data['fullname'] = $this->db->f('account_firstname') . ' ' . $this->db->f('account_lastname');
$this->data['lastlogin'] = $this->db->f('account_lastlogin');
$this->data['lastloginfrom'] = $this->db->f('account_lastloginfrom');
$this->data['lastpasswd_change'] = $this->db->f('account_lastpwd_change');
$this->data['status'] = $this->db->f('account_status');
$this->data['expires'] = $this->db->f('account_expires');
$this->data['person_id'] = $this->db->f('person_id');
$this->data['account_primary_group'] = $this->db->f('account_primary_group');
$this->data['email'] = $this->db->f('account_email');
return $this->data;
} }
$acl->save_repository();
}
/** /**
* saves the records to the data store * Get all members of the group $accountid
* *
*/ * @param int/string $account_id numeric account-id
function save_repository() * @return array with account_id => account_lid pairs
*/
function members($account_id)
{
if (!($uids = $GLOBALS['egw']->acl->get_ids_for_location($account_id, 1, 'phpgw_group')))
{ {
$data = array(
'account_firstname' => $this->data['firstname'],
'account_lastname' => $this->data['lastname'],
'account_status' => $this->data['status'],
'account_expires' => $this->data['expires'],
'account_lid' => $this->data['account_lid'],
'account_primary_group' => $this->data['account_primary_group'],
'account_email' => $this->data['email'],
);
// overwrite person_id only if it's set in this->data!
if (isset($this->data['person_id']))
{
$data['person_id'] = $this->data['person_id'];
}
$this->db->update($this->table,$data,array(
'account_id' => abs($this->account_id)
),__LINE__,__FILE__);
}
function delete($accountid = '')
{
$account_id = get_account_id($accountid);
/* Do this last since we are depending upon this record to get the account_lid above */
$this->db->lock(Array($this->table));
$this->db->delete($this->table,array('account_id'=>abs($account_id)),__LINE__,__FILE__);
$this->db->unlock();
}
function get_list($_type='both',$start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
{
if (! $sort)
{
$sort = "DESC";
}
if (!empty($order) && preg_match('/^[a-zA-Z_0-9, ]+$/',$order) && (empty($sort) || preg_match('/^(DESC|ASC|desc|asc)$/',$sort)))
{
$orderclause = "ORDER BY $order $sort";
}
else
{
$orderclause = "ORDER BY account_lid ASC";
}
switch($_type)
{
case 'accounts':
$whereclause = "WHERE account_type = 'u'";
break;
case 'groups':
$whereclause = "WHERE account_type = 'g'";
break;
default:
$whereclause = '';
}
if ($query)
{
if ($whereclause)
{
$whereclause .= ' AND ( ';
}
else
{
$whereclause = ' WHERE ( ';
}
switch($query_type)
{
case 'all':
default:
$query = '%'.$query;
// fall-through
case 'start':
$query .= '%';
// fall-through
case 'exact':
$query = $this->db->quote($query);
$whereclause .= " account_firstname LIKE $query OR account_lastname LIKE $query OR account_lid LIKE $query )";
break;
case 'firstname':
case 'lastname':
case 'lid':
case 'email':
$query = $this->db->quote('%'.$query.'%');
$whereclause .= " account_$query_type LIKE $query )";
break;
}
}
$sql = "SELECT * FROM $this->table $whereclause $orderclause";
if ($offset)
{
$this->db->limit_query($sql,$start,__LINE__,__FILE__,$offset);
}
elseif (is_numeric($start))
{
$this->db->limit_query($sql,$start,__LINE__,__FILE__);
}
else
{
$this->db->query($sql,__LINE__,__FILE__);
}
while ($this->db->next_record())
{
$accounts[] = Array(
'account_id' => ($this->db->f('account_type') == 'g' ? -1 : 1) * $this->db->f('account_id'),
'account_lid' => $this->db->f('account_lid'),
'account_type' => $this->db->f('account_type'),
'account_firstname' => $this->db->f('account_firstname'),
'account_lastname' => $this->db->f('account_lastname'),
'account_status' => $this->db->f('account_status'),
'account_expires' => $this->db->f('account_expires'),
'person_id' => $this->db->f('person_id'),
'account_primary_group' => $this->db->f('account_primary_group'),
'account_email' => $this->db->f('account_email'),
);
}
$this->db->query("SELECT count(*) FROM $this->table $whereclause");
$this->total = $this->db->next_record() ? $this->db->f(0) : 0;
return $accounts;
}
/**
* converts a name / unique value from the accounts-table (account_lid,account_email) to an id
*/
function name2id($name,$which='account_lid')
{
$where = $which == 'account_fullname' ? '('.$this->db->concat('account_firstname',"' '",'account_lastname').')='.$this->db->quote($name) :
array($which => $name);
$this->db->select($this->table,'account_id,account_type',$where,__LINE__,__FILE__);
if($this->db->next_record())
{
return ($this->db->f('account_type') == 'g' ? -1 : 1) * $this->db->f('account_id');
}
return False; return False;
} }
$members = array();
/** foreach ($uids as $uid)
* converts an id to the corresponding value of the accounts-table (account_lid,account_email,account_firstname,...)
*/
function id2name($account_id,$which='account_lid')
{ {
$this->db->select($this->table,$this->db->name_quote($which),array('account_id'=>abs($account_id)),__LINE__,__FILE__); $members[$uid] = $this->id2name($uid);
if($this->db->next_record())
{
return $this->db->f(0);
}
return False;
} }
//echo "accounts::members($accountid)"; _debug_array($members);
return $members;
}
function exists($account_lid) /**
* Set the members of a group
*
* @param array $members array with uidnumber or uid's
* @param int $gid gidnumber of group to set
*/
function set_members($members,$gid)
{
//echo "<p>accounts::set_members(".print_r($members,true).",$gid)</p>\n";
$GLOBALS['egw']->acl->delete_repository('phpgw_group',$gid);
foreach($members as $id)
{ {
static $by_id, $by_lid; $GLOBALS['egw']->acl->add_repository('phpgw_group',$gid,$id,1);
$where = array();
if(is_numeric($account_lid))
{
if(@isset($by_id[$account_lid]) && $by_id[$account_lid] != '')
{
return $by_id[$account_lid];
}
$where['account_id'] = abs($account_lid);
}
else
{
if(@isset($by_lid[$account_lid]) && $by_lid[$account_lid] != '')
{
return $by_lid[$account_lid];
}
$where['account_lid'] = $account_lid;
}
$this->db->select($this->table,'count(*)',$where,__LINE__,__FILE__);
$this->db->next_record();
$ret_val = $this->db->f(0) > 0;
if(is_numeric($account_lid))
{
$by_id[$account_lid] = $ret_val;
$by_lid[$this->id2name($account_lid)] = $ret_val;
}
else
{
$by_lid[$account_lid] = $ret_val;
$by_id[$this->name2id($account_lid)] = $ret_val;
}
return $ret_val;
}
function create($account_info)
{
$account_data = array(
'account_lid' => $account_info['account_lid'],
'account_pwd' => $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd'],True),
'account_firstname' => $account_info['account_firstname'],
'account_lastname' => $account_info['account_lastname'],
'account_status' => $account_info['account_status'],
'account_expires' => $account_info['account_expires'],
'account_type' => $account_info['account_type'],
'person_id' => $account_info['person_id'],
'account_primary_group' => $account_info['account_primary_group'],
'account_email' => $account_info['account_email'],
);
if (isset($account_info['account_id']) && (int)$account_info['account_id'] && !$this->id2name($account_info['account_id']))
{
// only use account_id, if it's not already used
$account_data['account_id'] = abs($account_info['account_id']);
}
if (!$this->db->insert($this->table,$account_data,False,__LINE__,__FILE__))
{
return false;
}
$id = $account_data['account_id'] ? $account_data['account_id'] : $this->db->get_last_insert_id($this->table,'account_id');
if ($account_info['account_type'] == 'g' && $id > 0) // create negative id for groups
{
$id = -$id;
}
return $id;
}
function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
{
if ($expiredate == 0)
{
if(isset($GLOBALS['egw_info']['server']['auto_create_expire']) == True)
{
if($GLOBALS['egw_info']['server']['auto_create_expire'] == 'never')
{
$expires = -1;
}
else
{
$expiredate = time() + $GLOBALS['egw_info']['server']['auto_create_expire'];
}
}
}
else
{
/* expire in 30 days by default */
$expiredate = time() + ((60 * 60) * (30 * 24));
}
if ($expires != -1)
{
$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
}
$default_group_id = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']);
if (!$default_group_id)
{
$default_group_id = (int) $this->name2id('Default');
}
$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
$acct_info = array(
'account_id' => (int) $GLOBALS['auto_create_acct']['id'],
'account_lid' => $accountname,
'account_type' => 'u',
'account_passwd' => $passwd,
'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
'account_status' => $account_status,
'account_expires' => $expires,
'account_primary_group' => $primary_group,
);
/* attempt to set an email address */
if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
{
$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
}
elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) == True && $GLOBALS['egw_info']['server']['mail_suffix'] != '')
{
$acct_info['account_email'] = $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
}
$this->db->transaction_begin();
$accountid = $this->create($acct_info); /* create the account */
if ($accountid) /* begin account setup */
{
/* If we have a primary_group, add it as "regular" eGW group (via ACL) too. */
if ($primary_group)
{
$GLOBALS['egw']->acl->add_repository('phpgw_group', $primary_group,$accountid,1);
}
/* if we have an mail address set it in the users' email preference */
if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
{
$GLOBALS['egw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
$GLOBALS['egw']->preferences->preferences($accountid);
$GLOBALS['egw']->preferences->read_repository();
$GLOBALS['egw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
$GLOBALS['egw']->preferences->save_repository();
}
/* use the default mail domain to set the uesrs' email preference */
elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) && $GLOBALS['egw_info']['server']['mail_suffix'] != '')
{
$GLOBALS['egw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
$GLOBALS['egw']->preferences->preferences($accountid);
$GLOBALS['egw']->preferences->read_repository();
$GLOBALS['egw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix']);
$GLOBALS['egw']->preferences->save_repository();
}
/* commit the new account transaction */
$this->db->transaction_commit();
// call hook to notify interested apps about the new account
$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
$GLOBALS['hook_values']['account_id'] = $accountid;
$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
$GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array(
'location' => 'addaccount',
// at login-time only the hooks from the following apps will be called
'order' => array('felamimail','fudforum'),
),False,True); /* called for every app now, not only enabled ones */
} /* end account setup */
else /* if no account id abort the account creation */
{
$this->db->transaction_abort();
}
/*
* If we succeeded in creating the account (above), return the accountid, else,
* return the error value from $this->name2id($accountname)
*/
return $accountid;
} /* end auto_add() */
function get_account_name($accountid,&$lid,&$fname,&$lname)
{
$this->db->select($this->table,'account_lid,account_firstname,account_lastname',array('account_id'=>abs($accountid)),__LINE__,__FILE__);
if (!$this->db->next_record())
{
return False;
}
$lid = $this->db->f('account_lid');
$fname = $this->db->f('account_firstname');
$lname = $this->db->f('account_lastname');
return True;
}
/**
* Update the last login timestamps and the IP
*
* @param int $account_id
* @param string $ip
* @return int lastlogin time
*/
function update_lastlogin($account_id, $ip)
{
$this->db->select($this->table,'account_lastlogin',array('account_id'=>abs($account_id)),__LINE__,__FILE__);
$previous_login = $this->db->next_record() ? $this->db->f('account_lastlogin') : false;
$this->db->update($this->table,array(
'account_lastloginfrom' => $ip,
'account_lastlogin' => time(),
),array(
'account_id' => abs($account_id),
),__LINE__,__FILE__);
return $previous_login;
} }
} }
/**
* Searches users and/or groups
*
* ToDo: implement a search like accounts::search
*
* @param string $_type
* @param int $start=null
* @param string $sort=''
* @param string $order=''
* @param string $query
* @param int $offset=null
* @param string $query_type
* @return array
*/
function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = null, $query_type='')
{
if (! $sort)
{
$sort = "DESC";
}
if (!empty($order) && preg_match('/^[a-zA-Z_0-9, ]+$/',$order) && (empty($sort) || preg_match('/^(DESC|ASC|desc|asc)$/',$sort)))
{
$orderclause = "ORDER BY $order $sort";
}
else
{
$orderclause = "ORDER BY account_lid ASC";
}
switch($_type)
{
case 'accounts':
$whereclause = "WHERE account_type = 'u'";
break;
case 'groups':
$whereclause = "WHERE account_type = 'g'";
break;
default:
$whereclause = '';
}
if ($query)
{
if ($whereclause)
{
$whereclause .= ' AND ( ';
}
else
{
$whereclause = ' WHERE ( ';
}
switch($query_type)
{
case 'all':
default:
$query = '%'.$query;
// fall-through
case 'start':
$query .= '%';
// fall-through
case 'exact':
$query = $this->db->quote($query);
$whereclause .= " account_firstname LIKE $query OR account_lastname LIKE $query OR account_lid LIKE $query )";
break;
case 'firstname':
case 'lastname':
case 'lid':
case 'email':
$query = $this->db->quote('%'.$query.'%');
$whereclause .= " account_$query_type LIKE $query )";
break;
}
}
$sql = "SELECT * FROM $this->table $whereclause $orderclause";
if ($offset)
{
$this->db->limit_query($sql,$start,__LINE__,__FILE__,$offset);
}
elseif (is_numeric($start))
{
$this->db->limit_query($sql,$start,__LINE__,__FILE__);
}
else
{
$this->db->query($sql,__LINE__,__FILE__);
}
while ($this->db->next_record())
{
$accounts[] = Array(
'account_id' => ($this->db->f('account_type') == 'g' ? -1 : 1) * $this->db->f('account_id'),
'account_lid' => $this->db->f('account_lid'),
'account_type' => $this->db->f('account_type'),
'account_firstname' => $this->db->f('account_firstname'),
'account_lastname' => $this->db->f('account_lastname'),
'account_status' => $this->db->f('account_status'),
'account_expires' => $this->db->f('account_expires'),
'person_id' => $this->db->f('person_id'),
'account_primary_group' => $this->db->f('account_primary_group'),
'account_email' => $this->db->f('account_email'),
);
}
$this->db->query("SELECT count(*) FROM $this->table $whereclause");
$this->total = $this->db->next_record() ? $this->db->f(0) : 0;
return $accounts;
}
/**
* convert an alphanumeric account-value (account_lid, account_email) to the account_id
*
* Please note:
* - if a group and an user have the same account_lid the group will be returned (LDAP only)
* - if multiple user have the same email address, the returned user is undefined
*
* @param string $name value to convert
* @param string $which='account_lid' type of $name: account_lid (default), account_email, person_id, account_fullname
* @param string $account_type u = user, g = group, default null = try both
* @return int/false numeric account_id or false on error ($name not found)
*/
function name2id($name,$which='account_lid',$account_type=null)
{
$where = array();
switch($which)
{
case 'account_fullname':
$where[] = '('.$this->db->concat('account_firstname',"' '",'account_lastname').')='.$this->db->quote($name);
break;
default:
$where[$which] = $name;
}
if ($account_type)
{
$where['account_type'] = $account_type;
}
$this->db->select($this->table,'account_id,account_type',$where,__LINE__,__FILE__);
if(!$this->db->next_record()) return false;
return ($this->db->f('account_type') == 'g' ? -1 : 1) * $this->db->f('account_id');
}
/**
* Update the last login timestamps and the IP
*
* @param int $account_id
* @param string $ip
* @return int lastlogin time
*/
function update_lastlogin($account_id, $ip)
{
$this->db->select($this->table,'account_lastlogin',array('account_id'=>abs($account_id)),__LINE__,__FILE__);
$previous_login = $this->db->next_record() ? $this->db->f('account_lastlogin') : false;
$this->db->update($this->table,array(
'account_lastloginfrom' => $ip,
'account_lastlogin' => time(),
),array(
'account_id' => abs($account_id),
),__LINE__,__FILE__);
return $previous_login;
}
}

10
phpgwapi/inc/class.acl.inc.php
View File

@ -151,8 +151,8 @@
{ {
$this->acl(); $this->acl();
} }
$acl_acc_list = array_values((array)$this->get_location_list_for_id('phpgw_group', 1, $this->account_id)); $acl_acc_list = $GLOBALS['egw']->accounts->memberships($this->account_id,true);
array_unshift($acl_acc_list,$this->account_id,0); array_unshift($acl_acc_list,$this->account_id);
$this->db->select($this->table_name,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__); $this->db->select($this->table_name,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__);
$this->data = Array(); $this->data = Array();
@ -210,7 +210,7 @@
* Delete ACL record in the repository of the class * Delete ACL record in the repository of the class
* *
* @param string $appname appname or '' for $GLOBALS['egw_info']['flags']['currentapp'] * @param string $appname appname or '' for $GLOBALS['egw_info']['flags']['currentapp']
* @param string $location location * @param string/boolean $location location or false for all locations
* @return array all ACL records from $this->data. * @return array all ACL records from $this->data.
*/ */
function delete($appname,$location) function delete($appname,$location)
@ -219,7 +219,9 @@
foreach($this->data as $idx => $value) foreach($this->data as $idx => $value)
{ {
if ($this->data[$idx]['appname'] == $appname && $this->data[$idx]['location'] == $location && $this->data[$idx]['account'] == $this->account_id) if ($this->data[$idx]['appname'] == $appname &&
($location === false || $this->data[$idx]['location'] == $location) &&
$this->data[$idx]['account'] == $this->account_id)
{ {
unset($this->data[$idx]); unset($this->data[$idx]);
} }

85
phpgwapi/inc/class.auth.inc.php
View File

@ -166,7 +166,32 @@
return $e_password; return $e_password;
} }
/* Create a password for storage in the accounts table */ /**
* Create an ldap hash from an sql hash
*
* @param string $hash
*/
function hash_sql2ldap($hash)
{
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
{
case '': // not set sql_encryption_type
case 'md5':
$hash = '{md5}' . base64_encode(pack("H*",$hash));
break;
case 'crypt':
$hash = '{crypt}' . $hash;
break;
}
return $hash;
}
/**
* Create a password for storage in the accounts table
*
* @param string $password
* @return string hash
*/
function encrypt_sql($password) function encrypt_sql($password)
{ {
/* Grab configured type, or default to md5() (old method) */ /* Grab configured type, or default to md5() (old method) */
@ -249,7 +274,7 @@
* but as pecl dosn't run on any platform and isn't GPL'd * but as pecl dosn't run on any platform and isn't GPL'd
* i haven't implemented it yet * i haven't implemented it yet
* Windows compatible check is: 7 char lenth, 1 Up, 1 Low, 1 Num and 1 Special * Windows compatible check is: 7 char lenth, 1 Up, 1 Low, 1 Num and 1 Special
* @author cornelius weiss<egw at von-und-zu-weiss.de> * @author cornelius weiss <egw at von-und-zu-weiss.de>
* @return mixed false if password is considered "safe" or a string $message if "unsafe" * @return mixed false if password is considered "safe" or a string $message if "unsafe"
*/ */
function crackcheck($passwd) function crackcheck($passwd)
@ -278,11 +303,11 @@
} }
/** /**
@function smd5_compare * compare SMD5-encrypted passwords for authentication
@abstract compare SMD5-encrypted passwords for authentication *
@param $form_val user input value for comparison * @param string $form_val user input value for comparison
@param $db_val stored value (from database) * @param string $db_val stored value (from database)
@return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function smd5_compare($form_val,$db_val) function smd5_compare($form_val,$db_val)
{ {
@ -304,11 +329,11 @@
} }
/** /**
@function sha_compare * compare SHA-encrypted passwords for authentication
@abstract compare SHA-encrypted passwords for authentication *
@param $form_val user input value for comparison * @param string $form_val user input value for comparison
@param $db_val stored value (from database) * @param string $db_val stored value (from database)
@return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function sha_compare($form_val,$db_val) function sha_compare($form_val,$db_val)
{ {
@ -325,11 +350,11 @@
} }
/** /**
@function ssha_compare * compare SSHA-encrypted passwords for authentication
@abstract compare SSHA-encrypted passwords for authentication *
@param $form_val user input value for comparison * @param string $form_val user input value for comparison
@param $db_val stored value (from database) * @param string $db_val stored value (from database)
@return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function ssha_compare($form_val,$db_val) function ssha_compare($form_val,$db_val)
{ {
@ -349,12 +374,12 @@
} }
/** /**
@function crypt_compare * compare crypted passwords for authentication whether des,ext_des,md5, or blowfish crypt
@abstract compare crypted passwords for authentication whether des,ext_des,md5, or blowfish crypt *
@param $form_val user input value for comparison * @param string $form_val user input value for comparison
@param $db_val stored value (from database) * @param string $db_val stored value (from database)
@param $type crypt() type * @param string $type crypt() type
@return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function crypt_compare($form_val,$db_val,$type) function crypt_compare($form_val,$db_val,$type)
{ {
@ -378,13 +403,13 @@
} }
/** /**
@function md5_hmac_compare * compare md5_hmac-encrypted passwords for authentication (see RFC2104)
@abstract compare md5_hmac-encrypted passwords for authentication (see RFC2104) *
@param $form_val user input value for comparison * @param string $form_val user input value for comparison
@param $db_val stored value (from database) * @param string $db_val stored value (from database)
@param $key key for md5_hmac-encryption (username for imported smf users) * @param string $key key for md5_hmac-encryption (username for imported smf users)
@return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function md5_hmac_compare($form_val,$db_val,$key) function md5_hmac_compare($form_val,$db_val,$key)
{ {
$key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00)); $key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));

43
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -42,6 +42,9 @@
{ {
return False; return False;
} }
// allow non-ascii in username & password
$username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8');
$passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8');
if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host'])) if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host']))
{ {
@ -61,29 +64,30 @@
return False; return False;
} }
/* find the dn for this uid, the uid is not always in the dn */ /* find the dn for this uid, the uid is not always in the dn */
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber'); $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire');
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{ {
$filter = "(&$filter(phpgwaccountstatus=A))"; $filter = "(&$filter(objectclass=posixaccount))";
} }
$sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes); $sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes);
$allValues = ldap_get_entries($ldap, $sri); $allValues = ldap_get_entries($ldap, $sri);
if ($allValues['count'] > 0) if ($allValues['count'] > 0)
{ {
if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true) if ($GLOBALS['egw_info']['server']['case_sensitive_username'] == true &&
$allValues[0]['uid'][0] != $username)
{ {
if($allValues[0]['uid'][0] != $username) return false;
{ }
return false; if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap' &&
} isset($allValues[0]['shawdowexpire']) && $allValues[0]['shawdowexpire'][0]*24*3600 < time())
{
return false; // account is expired
} }
/* we only care about the first dn */
$userDN = $allValues[0]['dn']; $userDN = $allValues[0]['dn'];
/* /*
generate a bogus password to pass if the user doesn't give us one generate a bogus password to pass if the user doesn't give us one
@ -93,12 +97,11 @@
{ {
$passwd = crypt(microtime()); $passwd = crypt(microtime());
} }
/* try to bind as the user with user suplied password */ // try to bind as the user with user suplied password
if (@ldap_bind($ldap, $userDN, $passwd)) if (@ldap_bind($ldap, $userDN, $passwd))
{ {
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
{ {
$account =& CreateObject('phpgwapi.accounts',$username,'u');
if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct']) if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'])
{ {
// create a global array with all availible info about that account // create a global array with all availible info about that account
@ -106,7 +109,7 @@
foreach(array( foreach(array(
'givenname' => 'firstname', 'givenname' => 'firstname',
'sn' => 'lastname', 'sn' => 'lastname',
'uidnumber' => 'id', 'uidnumber' => 'account_id',
'mail' => 'email', 'mail' => 'email',
'gidnumber' => 'primary_group', 'gidnumber' => 'primary_group',
) as $ldap_name => $acct_name) ) as $ldap_name => $acct_name)
@ -116,19 +119,22 @@
} }
return True; return True;
} }
$data = $account->read_repository(); return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) &&
return $data['status'] == 'A'; $GLOBALS['egw']->accounts->id2name($id,'account_status') == 'A';
} }
return True; return True;
} }
} }
/* dn not found or password wrong */ // dn not found or password wrong
return False; return False;
} }
/** /**
* changes password in LDAP * changes password in LDAP
* *
* If $old_passwd is given, the password change is done binded as user and NOT with the
* "root" dn given in the configurations.
*
* @param string $old_passwd must be cleartext or empty to not to be checked * @param string $old_passwd must be cleartext or empty to not to be checked
* @param string $new_passwd must be cleartext * @param string $new_passwd must be cleartext
* @param int $account_id account id of user whose passwd should be changed * @param int $account_id account id of user whose passwd should be changed
@ -142,7 +148,8 @@
} }
else else
{ {
$username = $GLOBALS['egw']->accounts->id2name($account_id); $username = $GLOBALS['egw']->translation->convert($GLOBALS['egw']->accounts->id2name($account_id),
$GLOBALS['egw']->translation->charset(),'utf-8');
} }
//echo "<p>auth_ldap::change_password('$old_password','$new_passwd',$account_id) username='$username'</p>\n"; //echo "<p>auth_ldap::change_password('$old_password','$new_passwd',$account_id) username='$username'</p>\n";
@ -156,6 +163,10 @@
$entry['userpassword'] = $this->encrypt_password($new_passwd); $entry['userpassword'] = $this->encrypt_password($new_passwd);
$dn = $allValues[0]['dn']; $dn = $allValues[0]['dn'];
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw
{
$ds = $GLOBALS['egw']->common->ldapConnect('',$dn,$old_passwd);
}
if (!@ldap_modify($ds, $dn, $entry)) if (!@ldap_modify($ds, $dn, $entry))
{ {
return false; return false;

2
phpgwapi/inc/class.sessions.inc.php
View File

@ -548,7 +548,7 @@
$GLOBALS['egw']->crypto->init(array($this->key,$this->iv)); $GLOBALS['egw']->crypto->init(array($this->key,$this->iv));
$this->read_repositories(False); $this->read_repositories(False);
if ($this->user['expires'] != -1 && $this->user['expires'] < time()) if ($GLOBALS['egw']->accounts->is_expired($this->user))
{ {
if(is_object($GLOBALS['egw']->log)) if(is_object($GLOBALS['egw']->log))
{ {

2
phpgwapi/setup/setup.inc.php
View File

@ -14,7 +14,7 @@
/* Basic information about this app */ /* Basic information about this app */
$setup_info['phpgwapi']['name'] = 'phpgwapi'; $setup_info['phpgwapi']['name'] = 'phpgwapi';
$setup_info['phpgwapi']['title'] = 'eGroupWare API'; $setup_info['phpgwapi']['title'] = 'eGroupWare API';
$setup_info['phpgwapi']['version'] = '1.3.006'; $setup_info['phpgwapi']['version'] = '1.3.007';
$setup_info['phpgwapi']['versions']['current_header'] = '1.28'; $setup_info['phpgwapi']['versions']['current_header'] = '1.28';
$setup_info['phpgwapi']['enable'] = 3; $setup_info['phpgwapi']['enable'] = 3;
$setup_info['phpgwapi']['app_order'] = 1; $setup_info['phpgwapi']['app_order'] = 1;

85
phpgwapi/setup/tables_update.inc.php
View File

@ -135,4 +135,87 @@
return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.3.006'; return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.3.006';
} }
?>
$test[] = '1.3.006';
function phpgwapi_upgrade1_3_006()
{
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
'config_app' => 'phpgwapi',
"(config_name LIKE '%ldap%' OR config_name IN ('auth_type','account_repository'))",
),__LINE__,__FILE__);
while (($row = $GLOBALS['egw_setup']->db->row(true)))
{
$config[$row['config_name']] = $row['config_value'];
}
// the update is only for accounts in ldap
if ($config['account_repository'] == 'ldap' || !$config['account_repository'] && $config['auth_type'] == 'ldap')
{
$GLOBALS['egw_setup']->setup_account_object();
if (!is_object($GLOBALS['egw']->acl))
{
$GLOBALS['egw']->acl =& CreateObject('phpgwapi.acl');
}
$ds = $GLOBALS['egw']->common->ldapConnect();
$phpgwAccountAttributes = array(
'phpgwaccounttype','phpgwaccountexpires','phpgwaccountstatus',
'phpgwaccountlastlogin','phpgwaccountlastloginfrom','phpgwaccountlastpasswdchange',
);
foreach(array($config['ldap_context'],$config['ldap_group_context']) as $context)
{
if (!$context) continue;
$sri = ldap_search($ds,$context,'(objectclass=phpgwaccount)',
array_merge(array('gidnumber','objectclass'),$phpgwAccountAttributes));
foreach(ldap_get_entries($ds, $sri) as $key => $entry)
{
if ($key === 'count') continue;
// remove the phpgwAccounts objectclass
$objectclass = $entry['objectclass'];
unset($objectclass['count']);
foreach($objectclass as $n => $class) $objectclass[$n] = strtolower($class);
unset($objectclass[array_search('phpgwaccount',$objectclass)]);
if ($entry['phpgwaccounttype'][0] == 'g')
{
if (!in_array('posixgroup',$objectclass)) $objectclass[] = 'posixgroup';
$to_write = array('objectclass' => array_values($objectclass));
// make sure all group-memberships are correctly set in LDAP
if (($uids = $GLOBALS['egw']->acl->get_ids_for_location($entry['gidnumber'][0],1,'phpgw_group')))
{
foreach ($uids as $uid)
{
$to_write['memberuid'] = $GLOBALS['egw']->accounts->id2name($uid);
}
}
}
else // user
{
if (!in_array('posixaccount',$objectclass)) $objectclass[] = 'posixaccount';
if (!in_array('shadowaccount',$objectclass)) $objectclass[] = 'shadowaccount';
$to_write = array('objectclass' => array_values($objectclass));
// store the important values of the phpgwaccount schema in the shadowAccount schema
if (!$entry['phpgwaccountstatus'][0] || $entry['phpgwaccountexpires'][0] != -1)
{
$to_write['shadowexpire'] = $entry['phpgwaccountexpires'][0] != -1 &&
($entry['phpgwaccountstatus'][0] ||
!$entry['phpgwaccountstatus'][0] && $entry['phpgwaccountexpires'][0] < time()) ?
$entry['phpgwaccountexpires'][0] / (24*3600) : 0;
}
if ($entry['phpgwlastpasswdchange'][0])
{
$to_write['shadowlastchange'] = $entry['phpgwlastpasswdchange'][0] / (24*3600);
}
}
foreach($phpgwAccountAttributes as $attr)
{
if (isset($entry[$attr])) $to_write[$attr] = array();
}
echo $entry['dn']; _debug_array($to_write);
ldap_modify($ds,$entry['dn'],$to_write);
}
}
}
return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.3.007';
}