home *** CD-ROM | disk | FTP | other *** search
Wrap
<?php /* Copyright Intermesh 2003 Author: Merijn Schering <mschering@intermesh.nl> Version: 1.0 Release date: 08 July 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. */ require_once($GO_CONFIG->class_path.'profiles.class.inc'); class users extends db { var $user_id; var $ldap; var $ldap_um = false; var $profile; var $userlist; var $userlist_index; function users() { global $GO_CONFIG; $this->db(); if ($GO_CONFIG->auth_db_type == "ldap" ) { $this->ldap = new ldap(); $this->ldap->connect(); // TODO: Probably we could connect with our own ldap-uid and not as admin // (or whatever is configured in GO as rootdn), so that we definitely can // only see what we are allowed by LDAP access rights. So we cannot change // attributes of other users. Probably administrator should bind with // rootdn. $this->ldap->bind($_SESSION['GO_SESSION']['user_id'], $_SESSION['GO_SESSION']['user_auth_id']); if ( $GO_CONFIG->auth_db_ldap_um ) $this->ldap_um = true; } if (isset($_SESSION['GO_SESSION']['user_id'])) { $this->logged_in=true; $this->user_id=$_SESSION['GO_SESSION']['user_id']; } } function search($query, $field, $user_id, $start=0, $offset=0) { if ( $this->ldap_um ) { $query = substr( $query, 1, strlen( $query ) - 2 ); switch( $field ) { default: case "name": $filter="(&(cn=*".utf8_encode($query)."*)(mail=*))"; break; } $this->ldap->search($filter, $this->ldap->PeopleDN ); //, array( "uidNumber", "uid", "cn")); $this->ldap->sort( "sn" ); $ldapentries = $this->ldap->num_entries(); $entries = $this->ldap->get_entries(); $profile = new profiles(); for ( $i=0; $i<$entries["count"]; $i++ ) $this->userlist[] = $profile->convert_profile_ldap( $entries[$i] ); $this->userlist_index = 0; return count($this->userlist); } else { $sql = "SELECT DISTINCT users.* FROM users, users_groups INNER ". "JOIN acl ON users.acl_id= acl.acl_id WHERE ". "((acl.group_id = users_groups.group_id AND users_groups.user_id = ". $user_id.") OR (acl.user_id = ".$user_id." )) AND $field LIKE '". smart_addslashes($query)."' ORDER BY first_name ASC, last_name ASC"; if ($offset != 0) $sql .= " LIMIT $start, $offset"; $this->query($sql); return $this->num_rows(); } } function authorize($requesting_user_id, $authcode, $accepting_user_id) { global $GO_SECURITY; $this->query("SELECT acl_id, id FROM users WHERE authcode='".smart_addslashes($authcode)."' AND id='$requesting_user_id'"); if ($this->next_record()) { $acl_id = $this->f("acl_id"); if (!$GO_SECURITY->user_in_acl($accepting_user_id, $acl_id)) { if (!$GO_SECURITY->add_user_to_acl($accepting_user_id,$acl_id)) { return false; } } $this->query("SELECT acl_id FROM users WHERE id='$accepting_user_id'"); if ($this->next_record()) { $acl_id = $this->f("acl_id"); if (!$GO_SECURITY->user_in_acl($requesting_user_id, $acl_id)) { if (!$GO_SECURITY->add_user_to_acl($requesting_user_id,$acl_id)) { return false; } } } return true; }else { return false; } } function delete_samba_account($user_id) { global $GO_CONFIG; $sql = "UPDATE users SET samba_user='0' WHERE id='$user_id'"; if ($user = $this->get_user($user_id)) { exec($GO_CONFIG->sudo." ".$GO_CONFIG->smbdeluser." \"".$user['username']."\""); $this->query($sql); } if ($this->ldap) { $this->ldap->search("uidNumber=$user_id", $this->ldap->PeopleDN); if ($this->ldap->num_entries() > 0) { $this->ldap->next_entry(); if (($this->ldap->in_values("objectClass", "sambaSamAccount")) || ($this->ldap->in_values("objectClass", "sambaAccount" ))) { // TODO: delete the corresponding attributes if they are // not present in any other objectClass... } } } } function create_samba_account($user_id) { global $GO_CONFIG; $sql = "UPDATE users SET samba_user='1' WHERE id='$user_id'"; if ($user = $this->get_user($user_id)) { exec($GO_CONFIG->sudo.' '.$GO_CONFIG->auto_smbadduser.' "'.$user['username'].'" "'.$user['password'].'"'); $this->query($sql); } if ($this->ldap) { $this->ldap->search("uidNumber=$user_id", $this->ldap->PeopleDN); if ($this->ldap->num_entries() > 0) { $this->ldap->next_entry(); // TODO: add objectClass sambaAccount or sambaSamAccount (if present) // and corresponding attributes } } } function get_users($sort="name",$direction="ASC", $start=0, $offset=0) { if ($sort == 'name') { $sort = 'first_name '.$direction.', last_name'; } $sqlrows=0; $this->query("SELECT COUNT(*) FROM users"); if ($this->next_record()) { $sqlrows = $this->f(0); } if ($sqlrows > 0) { $sql = "SELECT * FROM users ORDER BY ".$sort." ".$direction; if ($offset != 0) { $sql .= " LIMIT $start,$offset"; } $this->query($sql); } // No need to use LDAP here, since each LDAP user is automatically created in // SQL after his first login. If you do further work with the result of this // search you will NOT have LDAP attributes in the records. I'm not sure if this // could be a problem at the moment... if ( $this->ldap_um ) { // Since we user LDAP User Management there is no need to store User Accounts in SQL. // while ( parent::next_record() ) { // $this->userlist[] = $this->Record; // } $this->ldap->search("(&(uid=*)(mail=*))", $this->ldap->PeopleDN ); //, array( "uidNumber", "uid", "cn")); $this->ldap->sort( "sn" ); $ldapentries = $this->ldap->num_entries(); $entries = $this->ldap->get_entries(); $profile = new profiles(); if ( $offset == 0 ) { $offset = $entries["count"]; } for ( $i=$start; ( $i<$entries["count"] ) && ( $i<$start+$offset ); $i++ ) { $this->userlist[] = $profile->convert_profile_ldap( $entries[$i] ); } // sort( $this->userlist ); $this->userlist_index = 0; return $entries["count"]; } return $sqlrows; } function get_authorized_users($user_id, $sort="name",$direction="ASC") { if ($sort == 'users.name' || $sort=='name') { $sort = 'users.first_name AND users.last_name'; } $sql = "SELECT DISTINCT users.* FROM users, users_groups INNER JOIN acl ON users.acl_id= acl.acl_id WHERE ". "((acl.group_id = users_groups.group_id AND users_groups.user_id = ".$user_id.") OR (". "acl.user_id = ".$user_id." )) ORDER BY ".$sort." ".$direction; $this->query($sql); return $this->num_rows(); } function next_record() { if ( $this->ldap_um ) { if ( count( $this->userlist ) > $this->userlist_index ) { $this->Record = $this->userlist[$this->userlist_index++]; return $this->Record; } else { return false; } } else { return parent::next_record(); } } function get_profile_by_email($email) { if ( $uid = $this->get_user_id_by_email( $email ) ) { $profile = new profiles(); //MS: update $this->Record to so it won't break when function f() is called // from the db class $this->Record = $profile->get_profile( $uid ); return $this->Record; } return false; } function get_user_id_by_email($email) { $sql = "SELECT id FROM users WHERE email='".smart_addslashes($email)."'"; $this->query($sql); if ($this->next_record()) { return $this->f("id"); }else if ($this->ldap) { // I'm not sure if we really need this, because each LDAP user should be in // SQL too. But in LDAP you have the possibility to specify more than one // email address. $this->ldap->search("mail=$email", $this->ldap->PeopleDN); if ( $this->ldap->num_entries() > 0 ) { $this->ldap->next_entry(); return $this->ldap->first_value("uidnumber"); } } return false; } function check_password($password) { if ($_SESSION['GO_SESSION']['auth_src']=="ldap") { if ($this->ldap) { // rebinding is not an optimal solution. hints for doing better are welcome... $ok = false; if ($this->ldap->bind("uid=".$_SESSION['GO_SESSION']['username'].",".$this->ldap->PeopleDN, $password)) { $ok = true; } $this->ldap->bind(); return $ok; } }else { $this->query("SELECT id FROM users WHERE password='".md5($password)."' AND id='$this->user_id'"); if ($this->num_rows() > 0) return true; } return false; } function get_user($user_id) { $profile = new profiles(); //MS: update $this->Record to so it won't break when function f() is called // from the db class $this->Record = $profile->get_profile( $user_id ); return $this->Record; } function update_profile($user_id, $first_name, $middle_name, $last_name, $initials, $title, $sex, $birthday, $email,$work_phone, $home_phone, $fax, $cellular, $country, $state, $city, $zip, $address, $company, $work_country, $work_state, $work_city, $work_zip, $work_address, $work_fax, $homepage, $department, $function) { $middle_name = trim($middle_name); $sql = "UPDATE users SET first_name='".smart_addslashes($first_name)."', middle_name='".smart_addslashes($middle_name)."', last_name='".smart_addslashes($last_name)."', initials='".smart_addslashes($initials)."', title='".smart_addslashes($title)."', sex='$sex', birthday='".smart_addslashes($birthday)."', email='".smart_addslashes($email)."', work_phone='".smart_addslashes($work_phone)."', home_phone='".smart_addslashes($home_phone)."', fax='".smart_addslashes($fax)."', cellular='".smart_addslashes($cellular)."', country='".smart_addslashes($country)."', state='".smart_addslashes($state)."'"; $sql .= ", city='".smart_addslashes($city)."', zip='".smart_addslashes($zip)."', address='".smart_addslashes($address)."',company='".smart_addslashes($company)."', department='".smart_addslashes($department)."', function='".smart_addslashes($function)."', work_country='".smart_addslashes($work_country)."', work_state='".smart_addslashes($work_state)."', work_city='".smart_addslashes($work_city)."', work_zip='".smart_addslashes($work_zip)."', work_address='".smart_addslashes($work_address)."', work_fax='".smart_addslashes($work_fax)."', homepage='".smart_addslashes($homepage)."' WHERE id='$user_id'"; if ($this->query($sql)) { if ($user_id == $this->user_id) { $middle_name = $middle_name == '' ? '' : $middle_name.' '; $_SESSION['GO_SESSION']['name'] = $first_name.' '.$middle_name.$last_name; $_SESSION['GO_SESSION']['first_name'] = $first_name; $_SESSION['GO_SESSION']['middle_name'] = $middle_name; $_SESSION['GO_SESSION']['last_name'] = $last_name; $_SESSION['GO_SESSION']['email'] = $email; } if ($this->ldap) { $this->ldap->search("uidNumber=".$this->user_id, $this->ldap->PeopleDN); if ($this->ldap->num_entries() > 0) { $this->ldap->next_entry(); // TODO: update ldap attributes if we are able to write. This needs // to be intelligent code because LDAP structure is mostly different. } } return true; } return false; } function update_password($user_id, $password,$old_password=null) { global $GO_CONFIG,$GO_CRYPTO,$GO_SESSION; if($profile = $this->get_user($user_id)) { $sql = "UPDATE users SET password='".md5($password)."' WHERE id='$user_id'"; if ($this->query($sql)) { if (!$old_password) $old_password=$_SESSION['GO_SESSION']['old_password']; #echo "changing passwd: $old_password,$password <br>"; $GO_CRYPTO->re_encrypt_email($user_id,$old_password,$password); if ($GO_CONFIG->enable_system_accounts) { if ($profile["samba_user"] == '1' && $GO_CONFIG->enable_samba_accounts) { exec($GO_CONFIG->sudo.' '.$GO_CONFIG->auto_smbpasswd.' "'.$profile["username"].'" "'.$password.'"'); } exec("echo '".$profile["username"].":".$password."' | ".$GO_CONFIG->sudo." ".$GO_CONFIG->chpasswd); $sql = "UPDATE emAccounts SET password='".$GO_CRYPTO->encrypt($password,$password)."' WHERE host='".$GO_CONFIG->local_email_host."' AND username='".smart_addslashes($profile["username"])."'"; $this->query($sql); } $_SESSION['GO_SESSION']['old_password']=$_SESSION['GO_SESSION']['password']=$password; return true; } } return false; } function update_authcode($authcode) { $sql = "UPDATE users SET authcode='$authcode' WHERE id='$this->user_id'"; if ($this->query($sql)) { return true; }else { return false; } } function get_profile_by_username($username) { $uid = -1; if ($this->ldap) { $this->ldap->search("uid=$username", $this->ldap->PeopleDN); if ( $this->ldap->num_entries() > 0 ) { $this->ldap->next_entry(); $uid = $this->ldap->get_first_value( "uidNumber" ); } } if ( $uid < 0 ) { $sql = "SELECT * FROM users WHERE username='$username'"; $this->query($sql); $this->next_record(); $uid = $this->f( 'id' ); } $profile = new profiles(); //MS: update $this->Record to so it won't break when function f() is called // from the db class $this->record = $profile->get_profile( $uid ); return $this->Record; } function email_exists($email) { $sql = "SELECT id FROM users WHERE email='".smart_addslashes($email)."'"; $this->query($sql); if ($this->num_rows() > 0) { return true; } else if ($this->ldap) { $this->ldap->search("mail=$email", $this->ldap->PeopleDN); if ($this->ldap->num_entries() > 0) { return true; } } return false; } function add_user($username, $password, $first_name, $middle_name, $last_name, $initials, $title, $sex, $birthday, $email, $authcode, $work_phone, $home_phone, $fax, $cellular, $country, $state, $city, $zip, $address, $company, $work_country, $work_state, $work_city, $work_zip, $work_address, $work_fax, $homepage, $department, $function, $language='', $theme='', $acl_id, $create_samba_user=false, $user_id=-1) { global $GO_CONFIG; if ($language == '') { $language=$GO_CONFIG->language; } if ($theme == '') { $theme=$GO_CONFIG->theme; } if ($create_samba_user) { $smb = '1'; }else { $smb = '0'; } if ($user_id < 0) { $user_id = $this->nextid("users"); } if ($user_id > 0) { $sql = "INSERT INTO users (id, username, password, first_name, middle_name, last_name, initials, title, sex, birthday, email, authcode, work_phone, home_phone, fax, cellular, country, state, city, zip, address, company, work_country, work_state, work_city, work_zip, work_address, work_fax, homepage, department, function, acl_id, registration_time, samba_user, currency, max_rows_list, timezone, date_format, time_format, language, theme, first_weekday)"; $sql .= " VALUES ('$user_id', '".smart_addslashes($username)."','".md5($password)."', '".smart_addslashes($first_name)."', '".smart_addslashes($middle_name)."', '".smart_addslashes($last_name)."', '".smart_addslashes($initials)."', '".smart_addslashes($title)."', '$sex', '".smart_addslashes($birthday)."', '".smart_addslashes($email)."', '".smart_addslashes($authcode)."', '".smart_addslashes($work_phone)."', '".smart_addslashes($home_phone)."', '".smart_addslashes($fax)."', '".smart_addslashes($cellular)."', '".smart_addslashes($country)."','".smart_addslashes($state)."', '".smart_addslashes($city)."', '".smart_addslashes($zip)."', '".smart_addslashes($address)."', '".smart_addslashes($company)."', '".smart_addslashes($work_country)."', '".smart_addslashes($work_state)."', '".smart_addslashes($work_city)."', '".smart_addslashes($work_zip)."', '".smart_addslashes($work_address)."', '".smart_addslashes($work_fax)."', '".smart_addslashes($homepage)."', '".smart_addslashes($department)."', '".smart_addslashes($function)."', '$acl_id', '".get_gmt_time()."','$smb', 'Ç', '15', '$GO_CONFIG->timezone_offset', '".$GO_CONFIG->date_formats[0]."', '".$GO_CONFIG->time_formats[0]."', '$language', '$theme', '".$GO_CONFIG->first_weekday."')"; if ($this->query($sql)) { if ($GO_CONFIG->enable_system_accounts) { system($GO_CONFIG->sudo." ".$GO_CONFIG->useradd." \"".$username."\" -s ".$GO_CONFIG->shell." -p ".crypt($password,substr($password,0,2))); if ($GO_CONFIG->enable_samba_accounts && $create_samba_user) { exec($GO_CONFIG->sudo.' '.$GO_CONFIG->auto_smbadduser.' "'.$username.'" "'.$password.'"'); } } return $user_id; }else { return -1; } } } function max_users_reached() { global $GO_CONFIG; if($this->get_users() < $GO_CONFIG->max_users || $GO_CONFIG->max_users == 0) { return false; }else { return true; } } function set_preferences($user_id, $date_format, $time_format, $thousands_seperator, $decimal_seperator, $currency, $mail_client, $max_rows_list, $timezone_offset, $start_module, $language, $theme, $first_weekday) { if($this->query("UPDATE users SET time_format='".smart_addslashes($time_format)."', ". "date_format='".smart_addslashes($date_format)."', ". "thousands_seperator='".smart_addslashes($thousands_seperator)."', ". "decimal_seperator='".smart_addslashes($decimal_seperator)."', ". "currency='".smart_addslashes($currency)."', ". "mail_client='$mail_client', max_rows_list='$max_rows_list', ". "timezone='$timezone_offset', ". "start_module='$start_module', ". "theme='$theme', ". "language='$language', ". "first_weekday='$first_weekday' ". "WHERE id='$user_id'")) { $_SESSION['GO_SESSION']['thousands_seperator'] = $thousands_seperator; $_SESSION['GO_SESSION']['decimal_seperator'] = $decimal_seperator; $_SESSION['GO_SESSION']['date_format']= $date_format; $_SESSION['GO_SESSION']['time_format']= $time_format; $_SESSION['GO_SESSION']['currency'] = $currency; $_SESSION['GO_SESSION']['mail_client'] = $mail_client; $_SESSION['GO_SESSION']['max_rows_list'] = $max_rows_list; $_SESSION['GO_SESSION']['timezone'] = $timezone_offset; $_SESSION['GO_SESSION']['start_module'] = $start_module; $_SESSION['GO_SESSION']['theme'] = $theme; $_SESSION['GO_SESSION']['language'] = $language; $_SESSION['GO_SESSION']['first_weekday'] = $first_weekday; } } function delete_user($user_id) { global $GO_CONFIG,$GO_SECURITY, $GO_MODULES; if($user = $this->get_user($user_id)) { $acl_id = $this->f("acl_id"); $username = $this->f("username"); if ($this->f("samba_user") == '1') { $samba_user = true; }else { $samba_user = false; } $sql = "DELETE FROM users WHERE id='$user_id'"; if ($this->query($sql)) { if ($GO_CONFIG->enable_system_accounts) { system($GO_CONFIG->sudo." ".$GO_CONFIG->userdel." -r \"".$username."\""); if ($samba_user) { exec($GO_CONFIG->sudo." ".$GO_CONFIG->smbdeluser." \"".$username."\""); } } $GO_SECURITY->delete_acl($acl_id); $GO_SECURITY->delete_user($acl_id); if ($GO_MODULES->get_module('email')) { require_once($GO_CONFIG->class_path."email.class.inc"); $email = new email(); $email->delete_user($user_id); } if ($GO_MODULES->get_module('addressbook')) { require_once($GO_CONFIG->class_path."addressbook.class.inc"); $ab = new addressbook(); $ab->delete_user($user_id); } if ($GO_MODULES->get_module('scheduler')) { require_once($GO_CONFIG->class_path."scheduler.class.inc"); $scheduler = new scheduler(); $scheduler->delete_user($user_id); } if ($GO_MODULES->get_module('calendar')) { require_once($GO_CONFIG->class_path."calendar.class.inc"); $calendar = new calendar(); $calendar->delete_user($user_id); } if ($GO_MODULES->get_module('filesystem')) { require_once($GO_CONFIG->class_path."filesystem.class.inc"); $filesystem = new filesystem(); $filesystem->delete_user($user_id); } if ($GO_MODULES->get_module('projects')) { require_once($GO_CONFIG->class_path."projects.class.inc"); $projects = new projects(); $projects->delete_user($user_id); } if ($GO_MODULES->get_module('cms')) { require_once($GO_CONFIG->class_path."cms.class.inc"); $cms = new cms(); $cms->delete_user($user_id); } if ($GO_MODULES->get_module('notes')) { require_once($GO_CONFIG->class_path."notes.class.inc"); $notes = new notes(); $notes->delete_user($user_id); } require_once($GO_CONFIG->class_path."bookmarks.class.inc"); $bookmarks = new bookmarks(); $bookmarks->delete_user($user_id); require_once($GO_CONFIG->class_path."groups.class.inc"); $groups = new groups(); $groups->delete_user($user_id); $sql = "SELECT * FROM acl_items WHERE user_id='$user_id'"; $this->query($sql); while($this->next_record()) { $GO_SECURITY->delete_acl($this->f('id')); } system('rm -Rf '.$GO_CONFIG->file_storage_path.$username); return true; } } return false; } function random_password($characters_allow = 'a-z,1-9',$characters_disallow = 'i,o',$password_length = 8,$repeat = 0) { // Generate array of allowable characters. $characters_allow = explode( ',', $characters_allow ); for ( $i = 0; $i < count( $characters_allow ); $i++ ) { if ( substr_count( $characters_allow[$i], '-' ) > 0 ) { $character_range = explode( '-', $characters_allow[$i] ); for ($j=ord($character_range[0]);$j <= ord( $character_range[1] ); $j++) { $array_allow[] = chr( $j ); } }else { $array_allow[] = $characters_allow[$i]; } } // Generate array of disallowed characters. $characters_disallow = explode( ',', $characters_disallow ); for ( $i = 0; $i < count( $characters_disallow ); $i++ ) { if ( substr_count( $characters_disallow[$i], '-' ) > 0 ) { $character_range = explode( '-', $characters_disallow[$i] ); for ( $j = ord( $character_range[0] ); $j <= ord( $character_range[1] ); $j++ ) { $array_disallow[] = chr( $j ); } }else { $array_disallow[] = $characters_disallow[$i]; } } mt_srand( ( double ) microtime() * 1000000 ); // Generate array of allowed characters by removing disallowed // characters from array. $array_allow = array_diff( $array_allow, $array_disallow ); // Resets the keys since they won't be consecutive after // removing the disallowed characters. reset( $array_allow ); $new_key = 0; while( list( $key, $val ) = each( $array_allow ) ) { $array_allow_tmp[$new_key] = $val; $new_key++; } $array_allow = $array_allow_tmp; $password = ''; while ( strlen( $password ) < $password_length ) { $character = mt_rand( 0, count( $array_allow ) - 1 ); // If characters are not allowed to repeat, // only add character if not found in partial password string. if ( $repeat == 0 ) { if (substr_count($password, $array_allow[$character])== 0) { $password .= $array_allow[$character]; } }else { $password .= $array_allow[$character]; } } return $password; } } ?>