forked from extern/egroupware
rewrite of the accounts classes:
- new cleaner AND documented interfaces - old interfaces are still availible, but depricated - LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema - LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros) - password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
This commit is contained in:
parent
3821544b6d
commit
98d8b30761
File diff suppressed because it is too large
Load Diff
@ -1,345 +0,0 @@
|
||||
<?php
|
||||
/**************************************************************************\
|
||||
* eGroupWare API - Accounts manager for the contacts class *
|
||||
* This file written by Miles Lott <milosch@groupwhere.org> *
|
||||
* View and manipulate account records using the contacts class *
|
||||
* Copyright (C) 2000, 2001 Miles Lott *
|
||||
* -------------------------------------------------------------------------*
|
||||
* This library is part of the eGroupWare API *
|
||||
* http://www.egroupware.org/api *
|
||||
* ------------------------------------------------------------------------ *
|
||||
* This library is free software; you can redistribute it and/or modify it *
|
||||
* under the terms of the GNU Lesser General Public License as published by *
|
||||
* the Free Software Foundation; either version 2.1 of the License, *
|
||||
* or any later version. *
|
||||
* This library is distributed in the hope that it will be useful, but *
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
||||
* See the GNU Lesser General Public License for more details. *
|
||||
* You should have received a copy of the GNU Lesser General Public License *
|
||||
* along with this library; if not, write to the Free Software Foundation, *
|
||||
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
|
||||
\**************************************************************************/
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
|
||||
/*
|
||||
THIS NEEDS WORK!!!!!!!!! - Milosch
|
||||
But it is a lot closer now...
|
||||
*/
|
||||
$GLOBALS['egw_info']['server']['global_denied_users'] = array(
|
||||
'root' => True, 'bin' => True, 'daemon' => True,
|
||||
'adm' => True, 'lp' => True, 'sync' => True,
|
||||
'shutdown' => True, 'halt' => True, 'ldap' => True,
|
||||
'mail' => True, 'news' => True, 'uucp' => True,
|
||||
'operator' => True, 'games' => True, 'gopher' => True,
|
||||
'nobody' => True, 'xfs' => True, 'pgsql' => True,
|
||||
'mysql' => True, 'postgres' => True, 'oracle' => True,
|
||||
'ftp' => True, 'gdm' => True, 'named' => True,
|
||||
'alias' => True, 'web' => True, 'sweep' => True,
|
||||
'cvs' => True, 'qmaild' => True, 'qmaill' => True,
|
||||
'qmaillog' => True, 'qmailp' => True, 'qmailq' => True,
|
||||
'qmailr' => True, 'qmails' => True, 'rpc' => True,
|
||||
'rpcuser' => True, 'amanda' => True, 'apache' => True,
|
||||
'pvm' => True, 'squid' => True, 'ident' => True,
|
||||
'nscd' => True, 'mailnull' => True, 'cyrus' => True,
|
||||
'backup' => True
|
||||
);
|
||||
|
||||
$GLOBALS['egw_info']['server']['global_denied_groups'] = array(
|
||||
'root' => True, 'bin' => True, 'daemon' => True,
|
||||
'sys' => True, 'adm' => True, 'tty' => True,
|
||||
'disk' => True, 'lp' => True, 'mem' => True,
|
||||
'kmem' => True, 'wheel' => True, 'mail' => True,
|
||||
'uucp' => True, 'man' => True, 'games' => True,
|
||||
'dip' => True, 'ftp' => True, 'nobody' => True,
|
||||
'floppy' => True, 'xfs' => True, 'console' => True,
|
||||
'utmp' => True, 'pppusers' => True, 'popusers' => True,
|
||||
'slipusers' => True, 'slocate' => True, 'mysql' => True,
|
||||
'dnstools' => True, 'web' => True, 'named' => True,
|
||||
'dba' => True, 'oinstall' => True, 'oracle' => True,
|
||||
'gdm' => True, 'sweep' => True, 'cvs' => True,
|
||||
'postgres' => True, 'qmail' => True, 'nofiles' => True,
|
||||
'ldap' => True, 'backup' => True
|
||||
);
|
||||
|
||||
class accounts_
|
||||
{
|
||||
var $db;
|
||||
var $contacts;
|
||||
var $account_id;
|
||||
var $data;
|
||||
var $debug = False;
|
||||
var $qcols = array(
|
||||
'fn' => 'fn',
|
||||
'n_given' => 'n_given',
|
||||
'n_family' => 'n_family',
|
||||
'account_lastlogin' => 'account_lastlogin',
|
||||
'account_lastloginfrom' => 'account_lastloginfrom',
|
||||
'account_lastpwd_change' => 'account_lastpwd_change',
|
||||
'account_status' => 'account_status',
|
||||
'account_expires' => 'account_expires'
|
||||
);
|
||||
|
||||
function accounts_()
|
||||
{
|
||||
$this->db = $GLOBALS['egw']->db;
|
||||
$this->contacts =& CreateObject('phpgwapi.contacts',0);
|
||||
}
|
||||
|
||||
function makeobj()
|
||||
{
|
||||
if(!$this->contacts)
|
||||
{
|
||||
$this->contacts =& CreateObject('phpgwapi.contacts','0');
|
||||
}
|
||||
}
|
||||
|
||||
function read_repository()
|
||||
{
|
||||
$this->makeobj();
|
||||
|
||||
$allValues = $this->contacts->read_single_entry($this->account_id,$this->qcols);
|
||||
|
||||
/* Now dump it into the array */
|
||||
$this->data['userid'] = $allValues[0]['lid'];
|
||||
$this->data['account_id'] = $allValues[0]['id'];
|
||||
$this->data['account_lid'] = $allValues[0]['lid'];
|
||||
$this->data['account_type'] = $allValues[0]['tid'];
|
||||
$this->data['firstname'] = $allValues[0]['n_given'];
|
||||
$this->data['lastname'] = $allValues[0]['n_family'];
|
||||
$this->data['fullname'] = $allValues[0]['fn'];
|
||||
$this->data['lastlogin'] = $allValues[0]['account_lastlogin'];
|
||||
$this->data['lastloginfrom'] = $allValues[0]['account_lastloginfrom'];
|
||||
$this->data['lastpasswd_change'] = $allValues[0]['account_lastpwd_change'];
|
||||
$this->data['status'] = $allValues[0]['account_status'];
|
||||
$this->data['expires'] = $allValues[0]['account_expires'];
|
||||
|
||||
return $this->data;
|
||||
}
|
||||
|
||||
function save_repository()
|
||||
{
|
||||
$this->makeobj();
|
||||
|
||||
$entry['id'] = $this->data['account_id'];
|
||||
$entry['lid'] = $this->data['account_lid'];
|
||||
$entry['tid'] = $this->data['account_type'];
|
||||
$entry['fn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']);
|
||||
$entry['n_family'] = $this->data['lastname'];
|
||||
$entry['n_given'] = $this->data['firstname'];
|
||||
$entry['account_lastlogin'] = $this->data['lastlogin'];
|
||||
$entry['account_lastloginfrom'] = $this->data['lastloginfrom'];
|
||||
$entry['account_lastpasswd_change'] = $this->data['lastpwd_change'];
|
||||
$entry['account_status'] = $this->data['status'];
|
||||
$entry['account_expires'] = $this->data['expires'];
|
||||
|
||||
if($this->debug) { echo '<br>Updating entry:<br>' . var_dump($entry); }
|
||||
$this->contacts->update($entry['id'],0,$entry,'public','',$entry['tid']);
|
||||
}
|
||||
|
||||
function add($account_name, $account_type, $first_name, $last_name, $passwd = False)
|
||||
{
|
||||
$this->create($account_name, $account_type, $first_name, $last_name, $passwd);
|
||||
}
|
||||
|
||||
function delete($accountid = '')
|
||||
{
|
||||
$this->makeobj();
|
||||
|
||||
if($this->debug) { echo '<br>Deleting entry:<br>' . $account_id; }
|
||||
$account_id = get_account_id($accountid);
|
||||
$this->contacts->delete($account_id);
|
||||
}
|
||||
|
||||
function get_list($_type='both')
|
||||
{
|
||||
$this->makeobj();
|
||||
|
||||
switch($_type)
|
||||
{
|
||||
case 'accounts':
|
||||
$filter = 'tid=u';
|
||||
break;
|
||||
case 'groups':
|
||||
$filter = 'tid=g';
|
||||
break;
|
||||
default:
|
||||
$filter = 'tid=u,tid=g';
|
||||
}
|
||||
|
||||
$allValues = $this->contacts->read(0,0,$this->qcols,'',$filter);
|
||||
|
||||
/* get user information for each user/group */
|
||||
for($i=0;$i<count($allValues);$i++)
|
||||
{
|
||||
$accounts[] = Array(
|
||||
'account_id' => $allValues[$i]['id'],
|
||||
'account_lid' => $allValues[$i]['lid'],
|
||||
'account_type' => $allValues[$i]['tid'],
|
||||
'account_firstname' => $allValues[$i]['n_given'],
|
||||
'account_lastname' => $allValues[$i]['n_family'],
|
||||
'account_status' => $allValues[$i]['account_status'],
|
||||
'account_expires' => $allValues[$i]['account_expires']
|
||||
);
|
||||
}
|
||||
|
||||
return $accounts;
|
||||
}
|
||||
|
||||
function name2id($account_lid)
|
||||
{
|
||||
$qcols = array('id' => 'id');
|
||||
$this->makeobj();
|
||||
$allValues = $this->contacts->read(0,0,$qcols,'',"lid=".$account_lid);
|
||||
|
||||
if($allValues[0]['id'])
|
||||
{
|
||||
return (int)$allValues[0]['id'];
|
||||
}
|
||||
else
|
||||
{
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
function id2name($account_id)
|
||||
{
|
||||
$this->makeobj();
|
||||
|
||||
$allValues = $this->contacts->read_single_entry($account_id);
|
||||
if($this->debug) { echo '<br>id2name: '.$allValues[0]['lid']; }
|
||||
|
||||
if($allValues[0]['lid'])
|
||||
{
|
||||
return $allValues[0]['lid'];
|
||||
}
|
||||
else
|
||||
{
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
function get_type($accountid = '')
|
||||
{
|
||||
$this->makeobj();
|
||||
$account_id = get_account_id($accountid);
|
||||
|
||||
$allValues = $this->contacts->read_single_entry($account_id);
|
||||
|
||||
if ($allValues[0]['tid'])
|
||||
{
|
||||
return $allValues[0]['tid'];
|
||||
}
|
||||
else
|
||||
{
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
function exists($account_lid)
|
||||
{
|
||||
$this->makeobj();
|
||||
if(is_int($account_lid))
|
||||
{
|
||||
$account_id = $account_lid;
|
||||
settype($account_lid,'string');
|
||||
$account_lid = $this->id2name($account_id);
|
||||
}
|
||||
|
||||
$allValues = $this->contacts->read(0,0,array('n_given' => 'n_given'),'','lid='.$account_lid);
|
||||
|
||||
if ($allValues[0]['id'])
|
||||
{
|
||||
return True;
|
||||
}
|
||||
else
|
||||
{
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
function create($account_info)
|
||||
{
|
||||
$this->makeobj();
|
||||
|
||||
if (!$$account_info['account_id'])
|
||||
{
|
||||
$account_info['account_id'] = $this->get_nextid();
|
||||
}
|
||||
$owner = $GLOBALS['egw_info']['user']['account_id'];
|
||||
$entry['id'] = $account_info['account_id'];
|
||||
$entry['lid'] = $account_info['account_lid'];
|
||||
$entry['n_given'] = $account_info['account_firstname'];
|
||||
$entry['n_family'] = $account_info['account_lastname'];
|
||||
$entry['password'] = $account_info['account_passwd'];
|
||||
$entry['account_status'] = $account_info['account_status'];
|
||||
$entry['account_expires'] = $account_info['account_expires'];
|
||||
|
||||
if($this->debug) { echo '<br>Adding entry:<br>' . var_dump($entry); }
|
||||
/* 'public' access, no category id, tid set to account_type */
|
||||
$this->contacts->add(0,$entry,'public','',$account_info['account_type']);
|
||||
return;
|
||||
}
|
||||
|
||||
function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
|
||||
{
|
||||
if (! $expiredate)
|
||||
{
|
||||
// expire in 30 days by default
|
||||
$expiredate = time() + ( ( 60 * 60 ) * (30 * 24) );
|
||||
}
|
||||
|
||||
$default_group_id = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']);
|
||||
if (!$default_group_id)
|
||||
{
|
||||
$default_group_id = (int) $this->name2id('Default');
|
||||
}
|
||||
$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
|
||||
$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
|
||||
(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
|
||||
|
||||
$acct_info = array(
|
||||
'account_lid' => $accountname,
|
||||
'account_type' => 'u',
|
||||
'account_passwd' => $passwd,
|
||||
'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
|
||||
'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
|
||||
'account_status' => $account_status,
|
||||
'account_expires' => mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate)),
|
||||
'account_primary_group' => $primary_group,
|
||||
);
|
||||
if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
|
||||
{
|
||||
$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
|
||||
}
|
||||
elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) == True && $GLOBALS['egw_info']['server']['mail_suffix'] != '')
|
||||
{
|
||||
$acct_info['account_email'] = $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
|
||||
}
|
||||
|
||||
$this->create($acct_info);
|
||||
$accountid = $this->name2id($accountname);
|
||||
|
||||
if ($accountid)
|
||||
{
|
||||
/* If we have a primary_group, add it as "regular" eGW group (via ACL) too. */
|
||||
if ($primary_group)
|
||||
{
|
||||
$GLOBALS['egw']->acl->add_repository('phpgw_group', $primary_group,$accountid,1);
|
||||
}
|
||||
// call hook to notify other apps about the new account
|
||||
$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
|
||||
$GLOBALS['hook_values']['account_id'] = $accountid;
|
||||
$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
|
||||
$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
|
||||
$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
|
||||
$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
|
||||
$GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array(
|
||||
'location' => 'addaccount'
|
||||
),False,True); /* called for every app now, not only enabled ones */
|
||||
}
|
||||
return $accountid;
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -1,139 +1,238 @@
|
||||
<?php
|
||||
/**************************************************************************\
|
||||
* eGroupWare API - Accounts manager for SQL *
|
||||
* Written by Joseph Engo <jengo@phpgroupware.org> *
|
||||
* and Dan Kuykendall <seek3r@phpgroupware.org> *
|
||||
* and Bettina Gille [ceb@phpgroupware.org] *
|
||||
* View and manipulate account records using SQL *
|
||||
* Copyright (C) 2000 - 2002 Joseph Engo *
|
||||
* Copyright (C) 2003 Joseph Engo, Bettina Gille *
|
||||
* ------------------------------------------------------------------------ *
|
||||
* This library is part of the eGroupWare API *
|
||||
* http://www.egroupware.org *
|
||||
* ------------------------------------------------------------------------ *
|
||||
* This library is free software; you can redistribute it and/or modify it *
|
||||
* under the terms of the GNU Lesser General Public License as published by *
|
||||
* the Free Software Foundation; either version 2.1 of the License, *
|
||||
* or any later version. *
|
||||
* This library is distributed in the hope that it will be useful, but *
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
||||
* See the GNU Lesser General Public License for more details. *
|
||||
* You should have received a copy of the GNU Lesser General Public License *
|
||||
* along with this library; if not, write to the Free Software Foundation, *
|
||||
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
|
||||
\**************************************************************************/
|
||||
/* $Id$ */
|
||||
|
||||
/**
|
||||
* Class for handling user and group accounts in SQL
|
||||
/**
|
||||
* API - accounts SQL backend
|
||||
*
|
||||
* The SQL backend stores the group memberships via the ACL class (location 'phpgw_group')
|
||||
*
|
||||
* The (positive) account_id's of groups are mapped in this class to negative numeric
|
||||
* account_id's, to conform wit the way we handle groups in LDAP!
|
||||
*
|
||||
* @link http://www.egroupware.org
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de> complete rewrite in 6/2006 and
|
||||
* earlier to use the new DB functions
|
||||
*
|
||||
* This class replaces the former accounts_sql class written by
|
||||
* Joseph Engo <jengo@phpgroupware.org>, Dan Kuykendall <seek3r@phpgroupware.org>
|
||||
* and Bettina Gille <ceb@phpgroupware.org>.
|
||||
* Copyright (C) 2000 - 2002 Joseph Engo
|
||||
* Copyright (C) 2003 Lars Kneschke, Bettina Gille
|
||||
*
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @package api
|
||||
* @subpackage accounts
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
/**
|
||||
* SQL Backend for accounts
|
||||
*
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @package api
|
||||
* @subpackage accounts
|
||||
* @access internal only use the interface provided by the accounts class
|
||||
*/
|
||||
class accounts_backend
|
||||
{
|
||||
/**
|
||||
* instance of the db class
|
||||
*
|
||||
* @var object
|
||||
*/
|
||||
class accounts_
|
||||
{
|
||||
var $db;
|
||||
var $account_id;
|
||||
var $data;
|
||||
var $total;
|
||||
/**
|
||||
* table name for the accounts
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $table = 'egw_accounts';
|
||||
/**
|
||||
* total number of found entries from get_list method
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
var $total;
|
||||
|
||||
function accounts_()
|
||||
function accounts_backend()
|
||||
{
|
||||
if (is_object($GLOBALS['egw_setup']->db))
|
||||
{
|
||||
$this->db = clone($GLOBALS['egw_setup']->db);
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->db = clone($GLOBALS['egw']->db);
|
||||
}
|
||||
$this->db->set_app('phpgwapi'); // to load the right table-definitions for insert, select, update, ...
|
||||
}
|
||||
|
||||
function list_methods($_type='xmlrpc')
|
||||
/**
|
||||
* Reads the data of one account
|
||||
*
|
||||
* @param int $account_id numeric account-id
|
||||
* @return array/boolean array with account data (keys: account_id, account_lid, ...) or false if account not found
|
||||
*/
|
||||
function read($account_id)
|
||||
{
|
||||
if (is_array($_type))
|
||||
if (!(int)$account_id) return false;
|
||||
|
||||
$this->db->select($this->table,'*',array('account_id' => abs($account_id)),__LINE__,__FILE__);
|
||||
if (!($data = $this->db->row(true)))
|
||||
{
|
||||
$_type = $_type['type'] ? $_type['type'] : $_type[0];
|
||||
return false;
|
||||
}
|
||||
if ($data['account_type'] == 'g')
|
||||
{
|
||||
$data['account_id'] = -$data['account_id'];
|
||||
}
|
||||
$data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
switch($_type)
|
||||
/**
|
||||
* Saves / adds the data of one account
|
||||
*
|
||||
* If no account_id is set in data the account is added and the new id is set in $data.
|
||||
*
|
||||
* @param array $data array with account-data
|
||||
* @return int/boolean the account_id or false on error
|
||||
*/
|
||||
function save(&$data)
|
||||
{
|
||||
case 'xmlrpc':
|
||||
$xml_functions = array(
|
||||
'get_list' => array(
|
||||
'function' => 'get_list',
|
||||
'signature' => array(array(xmlrpcStruct)),
|
||||
'docstring' => lang('Returns a full list of accounts on the system. Warning: This is return can be quite large')
|
||||
),
|
||||
'list_methods' => array(
|
||||
'function' => 'list_methods',
|
||||
'signature' => array(array(xmlrpcStruct,xmlrpcString)),
|
||||
'docstring' => lang('Read this list of methods.')
|
||||
)
|
||||
);
|
||||
return $xml_functions;
|
||||
break;
|
||||
case 'soap':
|
||||
return $this->soap_functions;
|
||||
break;
|
||||
default:
|
||||
return array();
|
||||
break;
|
||||
echo "<p>accounts_sql::save(".print_r($data,true).")</p>\n";
|
||||
$to_write = $data;
|
||||
unset($to_write['account_id']);
|
||||
unset($to_write['account_passwd']);
|
||||
|
||||
// encrypt password if given or unset it if not
|
||||
if ($data['account_passwd'])
|
||||
{
|
||||
$to_write['account_pwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']);
|
||||
}
|
||||
if (!(int)$data['account_id'])
|
||||
{
|
||||
if (!in_array($to_write['account_type'],array('u','g')) ||
|
||||
!$this->db->insert($this->table,$to_write,false,__LINE__,__FILE__)) return false;
|
||||
|
||||
$data['account_id'] = $this->db->get_last_insert_id($this->table,'account_id');
|
||||
if ($data['account_type'] == 'g') $data['account_id'] *= -1;
|
||||
}
|
||||
elseif (!$this->db->update($this->table,$to_write,array('account_id' => abs($data['account_id'])),__LINE__,__FILE__))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return $data['account_id'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete one account, deletes also all acl-entries for that account
|
||||
*
|
||||
* @param int $id numeric account_id
|
||||
* @return boolean true on success, false otherwise
|
||||
*/
|
||||
function delete($account_id)
|
||||
{
|
||||
if (!(int)$account_id) return false;
|
||||
|
||||
return !!$this->db->delete($this->table,array('account_id' => abs($account_id)),__LINE__,__FILE__);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all memberships of an account $accountid / groups the account is a member off
|
||||
*
|
||||
* @param int $account_id numeric account-id
|
||||
* @return array/boolean array with account_id => account_lid pairs or false if account not found
|
||||
*/
|
||||
function memberships($account_id)
|
||||
{
|
||||
if (!(int)$account_id) return false;
|
||||
|
||||
$memberships = array();
|
||||
if(($gids = $GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id)))
|
||||
{
|
||||
foreach($gids as $gid)
|
||||
{
|
||||
$memberships[(string) $gid] = $this->id2name($gid);
|
||||
}
|
||||
}
|
||||
//echo "accounts::memberships($account_id)"; _debug_array($memberships);
|
||||
return $memberships;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the memberships of the account this class is instanciated for
|
||||
*
|
||||
* @param array $groups array with gidnumbers
|
||||
* @param int $account_id numerical account-id
|
||||
*/
|
||||
function set_memberships($groups,$account_id)
|
||||
{
|
||||
if (!(int)$account_id) return;
|
||||
|
||||
$acl =& CreateObject('phpgwapi.acl',$account_id);
|
||||
$acl->read_repository();
|
||||
$acl->delete('phpgw_group',false);
|
||||
|
||||
foreach($groups as $group)
|
||||
{
|
||||
$acl->add('phpgw_group',$group,1);
|
||||
}
|
||||
$acl->save_repository();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all members of the group $accountid
|
||||
*
|
||||
* @param int/string $account_id numeric account-id
|
||||
* @return array with account_id => account_lid pairs
|
||||
*/
|
||||
function members($account_id)
|
||||
{
|
||||
if (!($uids = $GLOBALS['egw']->acl->get_ids_for_location($account_id, 1, 'phpgw_group')))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
$members = array();
|
||||
foreach ($uids as $uid)
|
||||
{
|
||||
$members[$uid] = $this->id2name($uid);
|
||||
}
|
||||
//echo "accounts::members($accountid)"; _debug_array($members);
|
||||
return $members;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the members of a group
|
||||
*
|
||||
* @param array $members array with uidnumber or uid's
|
||||
* @param int $gid gidnumber of group to set
|
||||
*/
|
||||
function set_members($members,$gid)
|
||||
{
|
||||
//echo "<p>accounts::set_members(".print_r($members,true).",$gid)</p>\n";
|
||||
$GLOBALS['egw']->acl->delete_repository('phpgw_group',$gid);
|
||||
foreach($members as $id)
|
||||
{
|
||||
$GLOBALS['egw']->acl->add_repository('phpgw_group',$gid,$id,1);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* grabs the records from the data store
|
||||
* Searches users and/or groups
|
||||
*
|
||||
*/
|
||||
function read_repository()
|
||||
{
|
||||
$this->db->select($this->table,'*',array('account_id'=>abs($this->account_id)),__LINE__,__FILE__);
|
||||
|
||||
$this->data['account_id'] = $this->db->next_record() ? $this->account_id : null;
|
||||
$this->data['account_lid'] = $this->data['userid'] = $this->db->f('account_lid');
|
||||
$this->data['firstname'] = $this->db->f('account_firstname');
|
||||
$this->data['lastname'] = $this->db->f('account_lastname');
|
||||
$this->data['fullname'] = $this->db->f('account_firstname') . ' ' . $this->db->f('account_lastname');
|
||||
$this->data['lastlogin'] = $this->db->f('account_lastlogin');
|
||||
$this->data['lastloginfrom'] = $this->db->f('account_lastloginfrom');
|
||||
$this->data['lastpasswd_change'] = $this->db->f('account_lastpwd_change');
|
||||
$this->data['status'] = $this->db->f('account_status');
|
||||
$this->data['expires'] = $this->db->f('account_expires');
|
||||
$this->data['person_id'] = $this->db->f('person_id');
|
||||
$this->data['account_primary_group'] = $this->db->f('account_primary_group');
|
||||
$this->data['email'] = $this->db->f('account_email');
|
||||
|
||||
return $this->data;
|
||||
}
|
||||
|
||||
/**
|
||||
* saves the records to the data store
|
||||
* ToDo: implement a search like accounts::search
|
||||
*
|
||||
* @param string $_type
|
||||
* @param int $start=null
|
||||
* @param string $sort=''
|
||||
* @param string $order=''
|
||||
* @param string $query
|
||||
* @param int $offset=null
|
||||
* @param string $query_type
|
||||
* @return array
|
||||
*/
|
||||
function save_repository()
|
||||
{
|
||||
$data = array(
|
||||
'account_firstname' => $this->data['firstname'],
|
||||
'account_lastname' => $this->data['lastname'],
|
||||
'account_status' => $this->data['status'],
|
||||
'account_expires' => $this->data['expires'],
|
||||
'account_lid' => $this->data['account_lid'],
|
||||
'account_primary_group' => $this->data['account_primary_group'],
|
||||
'account_email' => $this->data['email'],
|
||||
);
|
||||
// overwrite person_id only if it's set in this->data!
|
||||
if (isset($this->data['person_id']))
|
||||
{
|
||||
$data['person_id'] = $this->data['person_id'];
|
||||
}
|
||||
$this->db->update($this->table,$data,array(
|
||||
'account_id' => abs($this->account_id)
|
||||
),__LINE__,__FILE__);
|
||||
}
|
||||
|
||||
function delete($accountid = '')
|
||||
{
|
||||
$account_id = get_account_id($accountid);
|
||||
|
||||
/* Do this last since we are depending upon this record to get the account_lid above */
|
||||
$this->db->lock(Array($this->table));
|
||||
$this->db->delete($this->table,array('account_id'=>abs($account_id)),__LINE__,__FILE__);
|
||||
$this->db->unlock();
|
||||
}
|
||||
|
||||
function get_list($_type='both',$start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
|
||||
function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = null, $query_type='')
|
||||
{
|
||||
if (! $sort)
|
||||
{
|
||||
@ -229,234 +328,37 @@
|
||||
}
|
||||
|
||||
/**
|
||||
* converts a name / unique value from the accounts-table (account_lid,account_email) to an id
|
||||
* convert an alphanumeric account-value (account_lid, account_email) to the account_id
|
||||
*
|
||||
* Please note:
|
||||
* - if a group and an user have the same account_lid the group will be returned (LDAP only)
|
||||
* - if multiple user have the same email address, the returned user is undefined
|
||||
*
|
||||
* @param string $name value to convert
|
||||
* @param string $which='account_lid' type of $name: account_lid (default), account_email, person_id, account_fullname
|
||||
* @param string $account_type u = user, g = group, default null = try both
|
||||
* @return int/false numeric account_id or false on error ($name not found)
|
||||
*/
|
||||
function name2id($name,$which='account_lid')
|
||||
function name2id($name,$which='account_lid',$account_type=null)
|
||||
{
|
||||
$where = $which == 'account_fullname' ? '('.$this->db->concat('account_firstname',"' '",'account_lastname').')='.$this->db->quote($name) :
|
||||
array($which => $name);
|
||||
$this->db->select($this->table,'account_id,account_type',$where,__LINE__,__FILE__);
|
||||
if($this->db->next_record())
|
||||
{
|
||||
return ($this->db->f('account_type') == 'g' ? -1 : 1) * $this->db->f('account_id');
|
||||
}
|
||||
return False;
|
||||
}
|
||||
|
||||
/**
|
||||
* converts an id to the corresponding value of the accounts-table (account_lid,account_email,account_firstname,...)
|
||||
*/
|
||||
function id2name($account_id,$which='account_lid')
|
||||
{
|
||||
$this->db->select($this->table,$this->db->name_quote($which),array('account_id'=>abs($account_id)),__LINE__,__FILE__);
|
||||
if($this->db->next_record())
|
||||
{
|
||||
return $this->db->f(0);
|
||||
}
|
||||
return False;
|
||||
}
|
||||
|
||||
function exists($account_lid)
|
||||
{
|
||||
static $by_id, $by_lid;
|
||||
|
||||
$where = array();
|
||||
if(is_numeric($account_lid))
|
||||
switch($which)
|
||||
{
|
||||
if(@isset($by_id[$account_lid]) && $by_id[$account_lid] != '')
|
||||
{
|
||||
return $by_id[$account_lid];
|
||||
}
|
||||
$where['account_id'] = abs($account_lid);
|
||||
}
|
||||
else
|
||||
{
|
||||
if(@isset($by_lid[$account_lid]) && $by_lid[$account_lid] != '')
|
||||
{
|
||||
return $by_lid[$account_lid];
|
||||
}
|
||||
$where['account_lid'] = $account_lid;
|
||||
}
|
||||
case 'account_fullname':
|
||||
$where[] = '('.$this->db->concat('account_firstname',"' '",'account_lastname').')='.$this->db->quote($name);
|
||||
break;
|
||||
|
||||
$this->db->select($this->table,'count(*)',$where,__LINE__,__FILE__);
|
||||
$this->db->next_record();
|
||||
$ret_val = $this->db->f(0) > 0;
|
||||
if(is_numeric($account_lid))
|
||||
default:
|
||||
$where[$which] = $name;
|
||||
}
|
||||
if ($account_type)
|
||||
{
|
||||
$by_id[$account_lid] = $ret_val;
|
||||
$by_lid[$this->id2name($account_lid)] = $ret_val;
|
||||
}
|
||||
else
|
||||
{
|
||||
$by_lid[$account_lid] = $ret_val;
|
||||
$by_id[$this->name2id($account_lid)] = $ret_val;
|
||||
}
|
||||
return $ret_val;
|
||||
$where['account_type'] = $account_type;
|
||||
}
|
||||
$this->db->select($this->table,'account_id,account_type',$where,__LINE__,__FILE__);
|
||||
if(!$this->db->next_record()) return false;
|
||||
|
||||
function create($account_info)
|
||||
{
|
||||
$account_data = array(
|
||||
'account_lid' => $account_info['account_lid'],
|
||||
'account_pwd' => $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd'],True),
|
||||
'account_firstname' => $account_info['account_firstname'],
|
||||
'account_lastname' => $account_info['account_lastname'],
|
||||
'account_status' => $account_info['account_status'],
|
||||
'account_expires' => $account_info['account_expires'],
|
||||
'account_type' => $account_info['account_type'],
|
||||
'person_id' => $account_info['person_id'],
|
||||
'account_primary_group' => $account_info['account_primary_group'],
|
||||
'account_email' => $account_info['account_email'],
|
||||
);
|
||||
if (isset($account_info['account_id']) && (int)$account_info['account_id'] && !$this->id2name($account_info['account_id']))
|
||||
{
|
||||
// only use account_id, if it's not already used
|
||||
$account_data['account_id'] = abs($account_info['account_id']);
|
||||
}
|
||||
if (!$this->db->insert($this->table,$account_data,False,__LINE__,__FILE__))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
$id = $account_data['account_id'] ? $account_data['account_id'] : $this->db->get_last_insert_id($this->table,'account_id');
|
||||
|
||||
if ($account_info['account_type'] == 'g' && $id > 0) // create negative id for groups
|
||||
{
|
||||
$id = -$id;
|
||||
}
|
||||
return $id;
|
||||
}
|
||||
|
||||
function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
|
||||
{
|
||||
if ($expiredate == 0)
|
||||
{
|
||||
if(isset($GLOBALS['egw_info']['server']['auto_create_expire']) == True)
|
||||
{
|
||||
if($GLOBALS['egw_info']['server']['auto_create_expire'] == 'never')
|
||||
{
|
||||
$expires = -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$expiredate = time() + $GLOBALS['egw_info']['server']['auto_create_expire'];
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* expire in 30 days by default */
|
||||
$expiredate = time() + ((60 * 60) * (30 * 24));
|
||||
}
|
||||
|
||||
if ($expires != -1)
|
||||
{
|
||||
$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
|
||||
}
|
||||
|
||||
$default_group_id = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']);
|
||||
if (!$default_group_id)
|
||||
{
|
||||
$default_group_id = (int) $this->name2id('Default');
|
||||
}
|
||||
$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
|
||||
$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
|
||||
(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
|
||||
|
||||
$acct_info = array(
|
||||
'account_id' => (int) $GLOBALS['auto_create_acct']['id'],
|
||||
'account_lid' => $accountname,
|
||||
'account_type' => 'u',
|
||||
'account_passwd' => $passwd,
|
||||
'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
|
||||
'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
|
||||
'account_status' => $account_status,
|
||||
'account_expires' => $expires,
|
||||
'account_primary_group' => $primary_group,
|
||||
);
|
||||
|
||||
/* attempt to set an email address */
|
||||
if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
|
||||
{
|
||||
$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
|
||||
}
|
||||
elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) == True && $GLOBALS['egw_info']['server']['mail_suffix'] != '')
|
||||
{
|
||||
$acct_info['account_email'] = $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
|
||||
}
|
||||
|
||||
$this->db->transaction_begin();
|
||||
|
||||
$accountid = $this->create($acct_info); /* create the account */
|
||||
|
||||
if ($accountid) /* begin account setup */
|
||||
{
|
||||
/* If we have a primary_group, add it as "regular" eGW group (via ACL) too. */
|
||||
if ($primary_group)
|
||||
{
|
||||
$GLOBALS['egw']->acl->add_repository('phpgw_group', $primary_group,$accountid,1);
|
||||
}
|
||||
|
||||
/* if we have an mail address set it in the users' email preference */
|
||||
if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
|
||||
{
|
||||
$GLOBALS['egw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
|
||||
$GLOBALS['egw']->preferences->preferences($accountid);
|
||||
$GLOBALS['egw']->preferences->read_repository();
|
||||
$GLOBALS['egw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
|
||||
$GLOBALS['egw']->preferences->save_repository();
|
||||
}
|
||||
/* use the default mail domain to set the uesrs' email preference */
|
||||
elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) && $GLOBALS['egw_info']['server']['mail_suffix'] != '')
|
||||
{
|
||||
$GLOBALS['egw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
|
||||
$GLOBALS['egw']->preferences->preferences($accountid);
|
||||
$GLOBALS['egw']->preferences->read_repository();
|
||||
$GLOBALS['egw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix']);
|
||||
$GLOBALS['egw']->preferences->save_repository();
|
||||
}
|
||||
|
||||
/* commit the new account transaction */
|
||||
$this->db->transaction_commit();
|
||||
|
||||
// call hook to notify interested apps about the new account
|
||||
$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
|
||||
$GLOBALS['hook_values']['account_id'] = $accountid;
|
||||
$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
|
||||
$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
|
||||
$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
|
||||
$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
|
||||
$GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array(
|
||||
'location' => 'addaccount',
|
||||
// at login-time only the hooks from the following apps will be called
|
||||
'order' => array('felamimail','fudforum'),
|
||||
),False,True); /* called for every app now, not only enabled ones */
|
||||
|
||||
} /* end account setup */
|
||||
else /* if no account id abort the account creation */
|
||||
{
|
||||
$this->db->transaction_abort();
|
||||
}
|
||||
|
||||
/*
|
||||
* If we succeeded in creating the account (above), return the accountid, else,
|
||||
* return the error value from $this->name2id($accountname)
|
||||
*/
|
||||
return $accountid;
|
||||
|
||||
} /* end auto_add() */
|
||||
|
||||
function get_account_name($accountid,&$lid,&$fname,&$lname)
|
||||
{
|
||||
$this->db->select($this->table,'account_lid,account_firstname,account_lastname',array('account_id'=>abs($accountid)),__LINE__,__FILE__);
|
||||
if (!$this->db->next_record())
|
||||
{
|
||||
return False;
|
||||
}
|
||||
$lid = $this->db->f('account_lid');
|
||||
$fname = $this->db->f('account_firstname');
|
||||
$lname = $this->db->f('account_lastname');
|
||||
|
||||
return True;
|
||||
return ($this->db->f('account_type') == 'g' ? -1 : 1) * $this->db->f('account_id');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -480,4 +382,4 @@
|
||||
|
||||
return $previous_login;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -151,8 +151,8 @@
|
||||
{
|
||||
$this->acl();
|
||||
}
|
||||
$acl_acc_list = array_values((array)$this->get_location_list_for_id('phpgw_group', 1, $this->account_id));
|
||||
array_unshift($acl_acc_list,$this->account_id,0);
|
||||
$acl_acc_list = $GLOBALS['egw']->accounts->memberships($this->account_id,true);
|
||||
array_unshift($acl_acc_list,$this->account_id);
|
||||
$this->db->select($this->table_name,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__);
|
||||
|
||||
$this->data = Array();
|
||||
@ -210,7 +210,7 @@
|
||||
* Delete ACL record in the repository of the class
|
||||
*
|
||||
* @param string $appname appname or '' for $GLOBALS['egw_info']['flags']['currentapp']
|
||||
* @param string $location location
|
||||
* @param string/boolean $location location or false for all locations
|
||||
* @return array all ACL records from $this->data.
|
||||
*/
|
||||
function delete($appname,$location)
|
||||
@ -219,7 +219,9 @@
|
||||
|
||||
foreach($this->data as $idx => $value)
|
||||
{
|
||||
if ($this->data[$idx]['appname'] == $appname && $this->data[$idx]['location'] == $location && $this->data[$idx]['account'] == $this->account_id)
|
||||
if ($this->data[$idx]['appname'] == $appname &&
|
||||
($location === false || $this->data[$idx]['location'] == $location) &&
|
||||
$this->data[$idx]['account'] == $this->account_id)
|
||||
{
|
||||
unset($this->data[$idx]);
|
||||
}
|
||||
|
@ -166,7 +166,32 @@
|
||||
return $e_password;
|
||||
}
|
||||
|
||||
/* Create a password for storage in the accounts table */
|
||||
/**
|
||||
* Create an ldap hash from an sql hash
|
||||
*
|
||||
* @param string $hash
|
||||
*/
|
||||
function hash_sql2ldap($hash)
|
||||
{
|
||||
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
|
||||
{
|
||||
case '': // not set sql_encryption_type
|
||||
case 'md5':
|
||||
$hash = '{md5}' . base64_encode(pack("H*",$hash));
|
||||
break;
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
break;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a password for storage in the accounts table
|
||||
*
|
||||
* @param string $password
|
||||
* @return string hash
|
||||
*/
|
||||
function encrypt_sql($password)
|
||||
{
|
||||
/* Grab configured type, or default to md5() (old method) */
|
||||
@ -249,7 +274,7 @@
|
||||
* but as pecl dosn't run on any platform and isn't GPL'd
|
||||
* i haven't implemented it yet
|
||||
* Windows compatible check is: 7 char lenth, 1 Up, 1 Low, 1 Num and 1 Special
|
||||
* @author cornelius weiss<egw at von-und-zu-weiss.de>
|
||||
* @author cornelius weiss <egw at von-und-zu-weiss.de>
|
||||
* @return mixed false if password is considered "safe" or a string $message if "unsafe"
|
||||
*/
|
||||
function crackcheck($passwd)
|
||||
@ -278,11 +303,11 @@
|
||||
}
|
||||
|
||||
/**
|
||||
@function smd5_compare
|
||||
@abstract compare SMD5-encrypted passwords for authentication
|
||||
@param $form_val user input value for comparison
|
||||
@param $db_val stored value (from database)
|
||||
@return boolean True on successful comparison
|
||||
* compare SMD5-encrypted passwords for authentication
|
||||
*
|
||||
* @param string $form_val user input value for comparison
|
||||
* @param string $db_val stored value (from database)
|
||||
* @return boolean True on successful comparison
|
||||
*/
|
||||
function smd5_compare($form_val,$db_val)
|
||||
{
|
||||
@ -304,11 +329,11 @@
|
||||
}
|
||||
|
||||
/**
|
||||
@function sha_compare
|
||||
@abstract compare SHA-encrypted passwords for authentication
|
||||
@param $form_val user input value for comparison
|
||||
@param $db_val stored value (from database)
|
||||
@return boolean True on successful comparison
|
||||
* compare SHA-encrypted passwords for authentication
|
||||
*
|
||||
* @param string $form_val user input value for comparison
|
||||
* @param string $db_val stored value (from database)
|
||||
* @return boolean True on successful comparison
|
||||
*/
|
||||
function sha_compare($form_val,$db_val)
|
||||
{
|
||||
@ -325,11 +350,11 @@
|
||||
}
|
||||
|
||||
/**
|
||||
@function ssha_compare
|
||||
@abstract compare SSHA-encrypted passwords for authentication
|
||||
@param $form_val user input value for comparison
|
||||
@param $db_val stored value (from database)
|
||||
@return boolean True on successful comparison
|
||||
* compare SSHA-encrypted passwords for authentication
|
||||
*
|
||||
* @param string $form_val user input value for comparison
|
||||
* @param string $db_val stored value (from database)
|
||||
* @return boolean True on successful comparison
|
||||
*/
|
||||
function ssha_compare($form_val,$db_val)
|
||||
{
|
||||
@ -349,12 +374,12 @@
|
||||
}
|
||||
|
||||
/**
|
||||
@function crypt_compare
|
||||
@abstract compare crypted passwords for authentication whether des,ext_des,md5, or blowfish crypt
|
||||
@param $form_val user input value for comparison
|
||||
@param $db_val stored value (from database)
|
||||
@param $type crypt() type
|
||||
@return boolean True on successful comparison
|
||||
* compare crypted passwords for authentication whether des,ext_des,md5, or blowfish crypt
|
||||
*
|
||||
* @param string $form_val user input value for comparison
|
||||
* @param string $db_val stored value (from database)
|
||||
* @param string $type crypt() type
|
||||
* @return boolean True on successful comparison
|
||||
*/
|
||||
function crypt_compare($form_val,$db_val,$type)
|
||||
{
|
||||
@ -378,12 +403,12 @@
|
||||
}
|
||||
|
||||
/**
|
||||
@function md5_hmac_compare
|
||||
@abstract compare md5_hmac-encrypted passwords for authentication (see RFC2104)
|
||||
@param $form_val user input value for comparison
|
||||
@param $db_val stored value (from database)
|
||||
@param $key key for md5_hmac-encryption (username for imported smf users)
|
||||
@return boolean True on successful comparison
|
||||
* compare md5_hmac-encrypted passwords for authentication (see RFC2104)
|
||||
*
|
||||
* @param string $form_val user input value for comparison
|
||||
* @param string $db_val stored value (from database)
|
||||
* @param string $key key for md5_hmac-encryption (username for imported smf users)
|
||||
* @return boolean True on successful comparison
|
||||
*/
|
||||
function md5_hmac_compare($form_val,$db_val,$key)
|
||||
{
|
||||
|
@ -42,6 +42,9 @@
|
||||
{
|
||||
return False;
|
||||
}
|
||||
// allow non-ascii in username & password
|
||||
$username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8');
|
||||
$passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8');
|
||||
|
||||
if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host']))
|
||||
{
|
||||
@ -61,29 +64,30 @@
|
||||
return False;
|
||||
}
|
||||
/* find the dn for this uid, the uid is not always in the dn */
|
||||
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
|
||||
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire');
|
||||
|
||||
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
|
||||
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
|
||||
|
||||
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
|
||||
{
|
||||
$filter = "(&$filter(phpgwaccountstatus=A))";
|
||||
$filter = "(&$filter(objectclass=posixaccount))";
|
||||
}
|
||||
|
||||
$sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes);
|
||||
$allValues = ldap_get_entries($ldap, $sri);
|
||||
|
||||
if ($allValues['count'] > 0)
|
||||
{
|
||||
if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true)
|
||||
{
|
||||
if($allValues[0]['uid'][0] != $username)
|
||||
if ($GLOBALS['egw_info']['server']['case_sensitive_username'] == true &&
|
||||
$allValues[0]['uid'][0] != $username)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap' &&
|
||||
isset($allValues[0]['shawdowexpire']) && $allValues[0]['shawdowexpire'][0]*24*3600 < time())
|
||||
{
|
||||
return false; // account is expired
|
||||
}
|
||||
/* we only care about the first dn */
|
||||
$userDN = $allValues[0]['dn'];
|
||||
/*
|
||||
generate a bogus password to pass if the user doesn't give us one
|
||||
@ -93,12 +97,11 @@
|
||||
{
|
||||
$passwd = crypt(microtime());
|
||||
}
|
||||
/* try to bind as the user with user suplied password */
|
||||
// try to bind as the user with user suplied password
|
||||
if (@ldap_bind($ldap, $userDN, $passwd))
|
||||
{
|
||||
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
|
||||
{
|
||||
$account =& CreateObject('phpgwapi.accounts',$username,'u');
|
||||
if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'])
|
||||
{
|
||||
// create a global array with all availible info about that account
|
||||
@ -106,7 +109,7 @@
|
||||
foreach(array(
|
||||
'givenname' => 'firstname',
|
||||
'sn' => 'lastname',
|
||||
'uidnumber' => 'id',
|
||||
'uidnumber' => 'account_id',
|
||||
'mail' => 'email',
|
||||
'gidnumber' => 'primary_group',
|
||||
) as $ldap_name => $acct_name)
|
||||
@ -116,19 +119,22 @@
|
||||
}
|
||||
return True;
|
||||
}
|
||||
$data = $account->read_repository();
|
||||
return $data['status'] == 'A';
|
||||
return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) &&
|
||||
$GLOBALS['egw']->accounts->id2name($id,'account_status') == 'A';
|
||||
}
|
||||
return True;
|
||||
}
|
||||
}
|
||||
/* dn not found or password wrong */
|
||||
// dn not found or password wrong
|
||||
return False;
|
||||
}
|
||||
|
||||
/**
|
||||
* changes password in LDAP
|
||||
*
|
||||
* If $old_passwd is given, the password change is done binded as user and NOT with the
|
||||
* "root" dn given in the configurations.
|
||||
*
|
||||
* @param string $old_passwd must be cleartext or empty to not to be checked
|
||||
* @param string $new_passwd must be cleartext
|
||||
* @param int $account_id account id of user whose passwd should be changed
|
||||
@ -142,7 +148,8 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
$username = $GLOBALS['egw']->accounts->id2name($account_id);
|
||||
$username = $GLOBALS['egw']->translation->convert($GLOBALS['egw']->accounts->id2name($account_id),
|
||||
$GLOBALS['egw']->translation->charset(),'utf-8');
|
||||
}
|
||||
//echo "<p>auth_ldap::change_password('$old_password','$new_passwd',$account_id) username='$username'</p>\n";
|
||||
|
||||
@ -156,6 +163,10 @@
|
||||
$entry['userpassword'] = $this->encrypt_password($new_passwd);
|
||||
$dn = $allValues[0]['dn'];
|
||||
|
||||
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw
|
||||
{
|
||||
$ds = $GLOBALS['egw']->common->ldapConnect('',$dn,$old_passwd);
|
||||
}
|
||||
if (!@ldap_modify($ds, $dn, $entry))
|
||||
{
|
||||
return false;
|
||||
|
@ -548,7 +548,7 @@
|
||||
$GLOBALS['egw']->crypto->init(array($this->key,$this->iv));
|
||||
|
||||
$this->read_repositories(False);
|
||||
if ($this->user['expires'] != -1 && $this->user['expires'] < time())
|
||||
if ($GLOBALS['egw']->accounts->is_expired($this->user))
|
||||
{
|
||||
if(is_object($GLOBALS['egw']->log))
|
||||
{
|
||||
|
@ -14,7 +14,7 @@
|
||||
/* Basic information about this app */
|
||||
$setup_info['phpgwapi']['name'] = 'phpgwapi';
|
||||
$setup_info['phpgwapi']['title'] = 'eGroupWare API';
|
||||
$setup_info['phpgwapi']['version'] = '1.3.006';
|
||||
$setup_info['phpgwapi']['version'] = '1.3.007';
|
||||
$setup_info['phpgwapi']['versions']['current_header'] = '1.28';
|
||||
$setup_info['phpgwapi']['enable'] = 3;
|
||||
$setup_info['phpgwapi']['app_order'] = 1;
|
||||
|
@ -135,4 +135,87 @@
|
||||
|
||||
return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.3.006';
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
$test[] = '1.3.006';
|
||||
function phpgwapi_upgrade1_3_006()
|
||||
{
|
||||
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
|
||||
'config_app' => 'phpgwapi',
|
||||
"(config_name LIKE '%ldap%' OR config_name IN ('auth_type','account_repository'))",
|
||||
),__LINE__,__FILE__);
|
||||
while (($row = $GLOBALS['egw_setup']->db->row(true)))
|
||||
{
|
||||
$config[$row['config_name']] = $row['config_value'];
|
||||
}
|
||||
// the update is only for accounts in ldap
|
||||
if ($config['account_repository'] == 'ldap' || !$config['account_repository'] && $config['auth_type'] == 'ldap')
|
||||
{
|
||||
$GLOBALS['egw_setup']->setup_account_object();
|
||||
if (!is_object($GLOBALS['egw']->acl))
|
||||
{
|
||||
$GLOBALS['egw']->acl =& CreateObject('phpgwapi.acl');
|
||||
}
|
||||
$ds = $GLOBALS['egw']->common->ldapConnect();
|
||||
$phpgwAccountAttributes = array(
|
||||
'phpgwaccounttype','phpgwaccountexpires','phpgwaccountstatus',
|
||||
'phpgwaccountlastlogin','phpgwaccountlastloginfrom','phpgwaccountlastpasswdchange',
|
||||
);
|
||||
foreach(array($config['ldap_context'],$config['ldap_group_context']) as $context)
|
||||
{
|
||||
if (!$context) continue;
|
||||
|
||||
$sri = ldap_search($ds,$context,'(objectclass=phpgwaccount)',
|
||||
array_merge(array('gidnumber','objectclass'),$phpgwAccountAttributes));
|
||||
|
||||
foreach(ldap_get_entries($ds, $sri) as $key => $entry)
|
||||
{
|
||||
if ($key === 'count') continue;
|
||||
|
||||
// remove the phpgwAccounts objectclass
|
||||
$objectclass = $entry['objectclass'];
|
||||
unset($objectclass['count']);
|
||||
foreach($objectclass as $n => $class) $objectclass[$n] = strtolower($class);
|
||||
unset($objectclass[array_search('phpgwaccount',$objectclass)]);
|
||||
if ($entry['phpgwaccounttype'][0] == 'g')
|
||||
{
|
||||
if (!in_array('posixgroup',$objectclass)) $objectclass[] = 'posixgroup';
|
||||
$to_write = array('objectclass' => array_values($objectclass));
|
||||
// make sure all group-memberships are correctly set in LDAP
|
||||
if (($uids = $GLOBALS['egw']->acl->get_ids_for_location($entry['gidnumber'][0],1,'phpgw_group')))
|
||||
{
|
||||
foreach ($uids as $uid)
|
||||
{
|
||||
$to_write['memberuid'] = $GLOBALS['egw']->accounts->id2name($uid);
|
||||
}
|
||||
}
|
||||
}
|
||||
else // user
|
||||
{
|
||||
if (!in_array('posixaccount',$objectclass)) $objectclass[] = 'posixaccount';
|
||||
if (!in_array('shadowaccount',$objectclass)) $objectclass[] = 'shadowaccount';
|
||||
$to_write = array('objectclass' => array_values($objectclass));
|
||||
// store the important values of the phpgwaccount schema in the shadowAccount schema
|
||||
if (!$entry['phpgwaccountstatus'][0] || $entry['phpgwaccountexpires'][0] != -1)
|
||||
{
|
||||
$to_write['shadowexpire'] = $entry['phpgwaccountexpires'][0] != -1 &&
|
||||
($entry['phpgwaccountstatus'][0] ||
|
||||
!$entry['phpgwaccountstatus'][0] && $entry['phpgwaccountexpires'][0] < time()) ?
|
||||
$entry['phpgwaccountexpires'][0] / (24*3600) : 0;
|
||||
}
|
||||
if ($entry['phpgwlastpasswdchange'][0])
|
||||
{
|
||||
$to_write['shadowlastchange'] = $entry['phpgwlastpasswdchange'][0] / (24*3600);
|
||||
}
|
||||
}
|
||||
foreach($phpgwAccountAttributes as $attr)
|
||||
{
|
||||
if (isset($entry[$attr])) $to_write[$attr] = array();
|
||||
}
|
||||
echo $entry['dn']; _debug_array($to_write);
|
||||
ldap_modify($ds,$entry['dn'],$to_write);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.3.007';
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user