forked from extern/egroupware
Now using accounts and acl classes
This commit is contained in:
parent
5e0ab90cb2
commit
11b69ed7af
265
setup/ldap.php
265
setup/ldap.php
@ -11,156 +11,153 @@
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
$phpgw_info["flags"] = array("noheader" => True, "nonavbar" => True,
|
||||
"currentapp" => "home", "noapi" => True);
|
||||
include("../header.inc.php");
|
||||
include("./inc/functions.inc.php");
|
||||
$phpgw_info["flags"] = array(
|
||||
"noheader" => True,
|
||||
"nonavbar" => True,
|
||||
"currentapp"=> "home",
|
||||
"noapi" => True
|
||||
);
|
||||
|
||||
// Authorize the user to use setup app and load the database
|
||||
if (!$phpgw_setup->auth("Config")){
|
||||
Header("Location: index.php");
|
||||
exit;
|
||||
}
|
||||
// Does not return unless user is authorized
|
||||
include( PHPGW_INCLUDE_ROOT . "/phpgwapi/inc/class.common.inc.php");
|
||||
include("../header.inc.php");
|
||||
include("./inc/functions.inc.php");
|
||||
|
||||
$common = new common;
|
||||
$phpgw_setup->loaddb();
|
||||
// Authorize the user to use setup app and load the database
|
||||
if (!$phpgw_setup->auth("Config")){
|
||||
Header("Location: index.php");
|
||||
exit;
|
||||
}
|
||||
// Does not return unless user is authorized
|
||||
include( PHPGW_INCLUDE_ROOT . "/phpgwapi/inc/class.common.inc.php");
|
||||
|
||||
$phpgw_info["server"]["auth_type"] = "ldap";
|
||||
$acct = CreateObject("phpgwapi.accounts");
|
||||
$common = new common;
|
||||
$phpgw_setup->loaddb();
|
||||
|
||||
$phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__);
|
||||
while ($phpgw_setup->db->next_record()) {
|
||||
$config[$phpgw_setup->db->f("config_name")] = $phpgw_setup->db->f("config_value");
|
||||
}
|
||||
$phpgw_info["server"]["auth_type"] = "ldap";
|
||||
$acct = CreateObject("phpgwapi.accounts");
|
||||
$applications = CreateObject("phpgwapi.applications");
|
||||
|
||||
// First, see if we can connect to the LDAP server, if not send `em back to config.php with an
|
||||
// error message.
|
||||
$phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__);
|
||||
while ($phpgw_setup->db->next_record()) {
|
||||
$config[$phpgw_setup->db->f("config_name")] = $phpgw_setup->db->f("config_value");
|
||||
}
|
||||
|
||||
// connect to ldap server
|
||||
if (! $ldap = @ldap_connect($config["ldap_host"])) {
|
||||
$noldapconnection = True;
|
||||
}
|
||||
// First, see if we can connect to the LDAP server, if not send `em back to config.php with an
|
||||
// error message.
|
||||
|
||||
// bind as admin, we not to able to do everything
|
||||
if (! @ldap_bind($ldap,$config["ldap_root_dn"],$config["ldap_root_pw"])) {
|
||||
$noldapconnection = True;
|
||||
}
|
||||
// connect to ldap server
|
||||
if (! $ldap = @ldap_connect($config["ldap_host"])) {
|
||||
$noldapconnection = True;
|
||||
}
|
||||
|
||||
// bind as admin, we not to able to do everything
|
||||
if (! @ldap_bind($ldap,$config["ldap_root_dn"],$config["ldap_root_pw"])) {
|
||||
$noldapconnection = True;
|
||||
}
|
||||
|
||||
if ($noldapconnection) {
|
||||
Header("Location: config.php?error=badldapconnection");
|
||||
exit;
|
||||
}
|
||||
if ($noldapconnection) {
|
||||
Header("Location: config.php?error=badldapconnection");
|
||||
exit;
|
||||
}
|
||||
|
||||
$sr = ldap_search($ldap,$config["ldap_context"],"(|(uid=*))",array("sn","givenname","uid","uidnumber"));
|
||||
$info = ldap_get_entries($ldap, $sr);
|
||||
$sr = ldap_search($ldap,$config["ldap_context"],"(|(uid=*))",array("sn","givenname","uid","uidnumber"));
|
||||
$info = ldap_get_entries($ldap, $sr);
|
||||
|
||||
for ($i=0; $i<$info["count"]; $i++) {
|
||||
if (! $phpgw_info["server"]["global_denied_users"][$info[$i]["uid"][0]]) {
|
||||
$account_info[$i]["account_id"] = $info[$i]["uidnumber"][0];
|
||||
$account_info[$i]["account_lid"] = $info[$i]["uid"][0];
|
||||
$account_info[$i]["account_lastname"] = $info[$i]["givenname"][0];
|
||||
$account_info[$i]["account_firstname"] = $info[$i]["sn"][0];
|
||||
}
|
||||
}
|
||||
|
||||
$phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and "
|
||||
. "app_name != 'administration'",__LINE__,__FILE__);
|
||||
while ($phpgw_setup->db->next_record()) {
|
||||
$apps[$phpgw_setup->db->f("app_name")] = $phpgw_setup->db->f("app_title");
|
||||
}
|
||||
|
||||
if ($submit) {
|
||||
if (! count($admins)) {
|
||||
$error = "<br>You must select at least 1 admin";
|
||||
}
|
||||
|
||||
if (! count($s_apps)) {
|
||||
$error .= "<br>You must select at least 1 application";
|
||||
}
|
||||
|
||||
if (! $error) {
|
||||
// This section is being modified to use the accounts and acl classes soon
|
||||
// Create a default group
|
||||
$defaultgroupid = mt_rand (100, 600000);
|
||||
$sql = "insert into phpgw_accounts";
|
||||
$sql .= "(account_id, account_lid, account_type, account_pwd, account_firstname, account_lastname, account_lastpwd_change, account_status)";
|
||||
$sql .= "values (".$defaultgroupid.", 'Default', 'g', '".md5($passwd)."', 'Default', 'Group', ".time().", 'A')";
|
||||
$phpgw_setup->db->query($sql);
|
||||
// Give the group access to apps
|
||||
while ($app = each($s_apps)) {
|
||||
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='".$app[1]."' AND acl_location='run' AND acl_account="
|
||||
. $defaultgroupid;
|
||||
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
|
||||
|
||||
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
|
||||
. " VALUES('".$app[1]."','run',".$defaultgroupid.",1)";
|
||||
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
|
||||
}
|
||||
|
||||
while ($account = each($account_info)) {
|
||||
// do some checks before we try to import the data
|
||||
if (!empty($account[1]["account_id"]) && !empty($account[1]["account_lid"]))
|
||||
/* // This is where each new user was given app rights, instead of per the group
|
||||
@reset($s_apps);
|
||||
while ($app = each($s_apps)) {
|
||||
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='".$app[1]."' AND acl_location='run' AND acl_account="
|
||||
. $account[1]["account_id"];
|
||||
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
|
||||
|
||||
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
|
||||
. " VALUES('".$app[1]."','run',".$account[1]["account_id"].",1)";
|
||||
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
|
||||
} */
|
||||
|
||||
// Cleanup admin permissions
|
||||
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='admin' AND acl_location='run' AND acl_account="
|
||||
. $account[1]["account_id"];
|
||||
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
|
||||
|
||||
// Give the user admin only if we asked for them to have it
|
||||
for ($a=0;$a<count($admins);$a++) {
|
||||
if ($admins[$a] == $account[1]["account_id"]) {
|
||||
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
|
||||
. " VALUES('admin','run',".$account[1]["account_id"].",1)";
|
||||
$phpgw_setup->db->query($sql ,__LINE__,__FILE__);
|
||||
}
|
||||
}
|
||||
|
||||
// Actually create the account
|
||||
$phpgw_setup->db->query("SELECT account_id FROM phpgw_accounts WHERE account_id=" . $account[1]["account_id"]
|
||||
. " AND account_lid='" . $account[1]["account_lid"] . "'");
|
||||
if(!$phpgw_setup->db->num_rows() && $account[1]["account_lid"]) {
|
||||
$phpgw_setup->db->query("INSERT INTO phpgw_accounts (account_id,account_lid,account_pwd,account_type,"
|
||||
. "account_status,account_lastpwd_change) VALUES (" . $account[1]["account_id"] . ",'"
|
||||
. $account[1]["account_lid"] . "','x','u','A',".time().")",__LINE__,__FILE__);
|
||||
}
|
||||
|
||||
// Now make them a member of the default group
|
||||
$sql = "INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
|
||||
. " VALUES('phpgw_group',".$defaultgroupid.",".$account[1]["account_id"].",'1')";
|
||||
$phpgw_setup->db->query($sql);
|
||||
}
|
||||
$setup_complete = True;
|
||||
for ($i=0; $i<$info["count"]; $i++) {
|
||||
if (! $phpgw_info["server"]["global_denied_users"][$info[$i]["uid"][0]]) {
|
||||
$account_info[$i]["account_id"] = $info[$i]["uidnumber"][0];
|
||||
$account_info[$i]["account_lid"] = $info[$i]["uid"][0];
|
||||
$account_info[$i]["account_firstname"] = $info[$i]["givenname"][0];
|
||||
$account_info[$i]["account_lastname"] = $info[$i]["sn"][0];
|
||||
}
|
||||
}
|
||||
|
||||
// Add a check to see if there is no users in LDAP, if not create a default user.
|
||||
$phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and "
|
||||
. "app_name != 'administration'",__LINE__,__FILE__);
|
||||
while ($phpgw_setup->db->next_record()) {
|
||||
$apps[$phpgw_setup->db->f("app_name")] = $phpgw_setup->db->f("app_title");
|
||||
}
|
||||
|
||||
$phpgw_setup->show_header();
|
||||
if ($submit) {
|
||||
if (! count($admins)) {
|
||||
$error = "<br>You must select at least 1 admin";
|
||||
}
|
||||
|
||||
if (! count($s_apps)) {
|
||||
$error .= "<br>You must select at least 1 application";
|
||||
}
|
||||
|
||||
if (! $error) {
|
||||
// Create the 'Default' group
|
||||
$defaultgroupid = mt_rand (100, 600000);
|
||||
|
||||
$acct = CreateObject('phpgwapi.accounts',$defaultgroupid);
|
||||
$acct->db = $phpgw_setup->db;
|
||||
|
||||
// Check if the group account is already there
|
||||
// Since the id above is random, this will fail on a reload
|
||||
$acct_exist = $acct->exists($defaultgroupid);
|
||||
if(!$acct_exist && $defaultgroupid) {
|
||||
$acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid);
|
||||
}
|
||||
|
||||
$acl = CreateObject('phpgwapi.acl',$defaultgroupid);
|
||||
$acl->db = $phpgw_setup->db;
|
||||
$acl->read_repository();
|
||||
while ($app = each($s_apps)) {
|
||||
$acl->add($app[1],'run',1);
|
||||
}
|
||||
$acl->save_repository();
|
||||
|
||||
while ($account = each($account_info)) {
|
||||
// do some checks before we try to import the data
|
||||
if (!empty($account[1]["account_id"]) && !empty($account[1]["account_lid"]))
|
||||
$accounts = CreateObject("phpgwapi.accounts",$account[1]["account_id"]);
|
||||
$accounts->db = $phpgw_setup->db;
|
||||
|
||||
$acl = CreateObject("phpgwapi.acl",intval($account[1]["account_id"]));
|
||||
$acl->db = $phpgw_setup->db;
|
||||
$acl->read_repository();
|
||||
|
||||
// Only give them admin if we asked for them to have it
|
||||
for ($a=0;$a<count($admins);$a++) {
|
||||
if ($admins[$a] == $account[1]["account_id"]) {
|
||||
$acl->add('admin','run',1);
|
||||
}
|
||||
}
|
||||
|
||||
// Check if the account is already there
|
||||
$acct_exist = $accounts->exists($account[1]["account_id"]);
|
||||
|
||||
if(!$acct_exist && $account[1]["account_id"]) {
|
||||
$accounts->create('u', $account[1]["account_lid"], 'x',
|
||||
$account[1]["account_firstname"], $account[1]["account_lastname"],
|
||||
'A',$account[1]["account_id"]
|
||||
);
|
||||
}
|
||||
|
||||
// Now make them a member of the 'Default' group
|
||||
$acl->add("phpgw_group",$defaultgroupid,1);
|
||||
$acl->save_repository();
|
||||
}
|
||||
$setup_complete = True;
|
||||
}
|
||||
}
|
||||
|
||||
// Add a check to see if there is no users in LDAP, if not create a default user.
|
||||
|
||||
$phpgw_setup->show_header();
|
||||
|
||||
if ($error) {
|
||||
echo "<br><center><b>Error:</b> $error</center>";
|
||||
}
|
||||
if ($error) {
|
||||
echo "<br><center><b>Error:</b> $error</center>";
|
||||
}
|
||||
|
||||
if ($setup_complete) {
|
||||
$phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__);
|
||||
$phpgw_setup->db->next_record();
|
||||
echo '<br><center>Setup has been completed! Click <a href="' . $phpgw_setup->db->f("config_value")
|
||||
. '/login.php">here</a> to login</center>';
|
||||
exit;
|
||||
}
|
||||
if ($setup_complete) {
|
||||
$phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__);
|
||||
$phpgw_setup->db->next_record();
|
||||
echo '<br><center>Setup has been completed! Click <a href="' . $phpgw_setup->db->f("config_value")
|
||||
. '/login.php">here</a> to login</center>';
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
||||
<form action="ldap.php" method="POST">
|
||||
|
Loading…
Reference in New Issue
Block a user