Context Navigation

source: trunk/expressoAdmin1_2/inc/class.user.inc.php @ 16

Revision 16, 38.2 KB checked in by niltonneto, 17 years ago (diff)
* empty log message *
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class user
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function user()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function create($params)
36	{
37	$return['status'] = true;
38
39	// Verifica o acesso do gerente
40	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
41	{
42	// Adiciona a organização na frente do uid.
43	if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
44	{
45	$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
46
47	$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
48	$explode_dn = array_reverse($explode_dn);
49	//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
50	$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
51	}
52
53	// Pega ID do BD e incrementa de 1.
54	$id = (($this->db_functions->get_next_id()) + 1);
55
56	// Incrementa o id no BD.
57	$this->db_functions->increment_id($id,'accounts');
58
59	// Cria array para incluir no LDAP
60	$dn = 'uid=' . $params['uid'] . ',' . $params['context'];
61
62	$user_info = array();
63	$user_info['accountStatus'] = $params['accountstatus'] == 1 ? 'active' : 'desactive';
64	$user_info['cn'] = $params['givenname'] . ' ' . $params['sn'];
65	$user_info['gidNumber'] = $params['gidnumber'];
66	$user_info['givenName'] = $params['givenname'];
67	$user_info['homeDirectory'] = '/home/' . $params['uid'];
68	$user_info['mail'] = $params['mail'];
69	$user_info['objectClass'][] = 'posixAccount';
70	$user_info['objectClass'][] = 'inetOrgPerson';
71	$user_info['objectClass'][] = 'shadowAccount';
72	$user_info['objectClass'][] = 'qmailuser';
73	$user_info['objectClass'][] = 'phpgwAccount';
74	$user_info['objectClass'][] = 'top';
75	$user_info['objectClass'][] = 'person';
76	$user_info['objectClass'][] = 'organizationalPerson';
77	$user_info['phpgwAccountExpires'] = '-1';
78	$user_info['phpgwAccountType'] = 'u';
79	$user_info['sn'] = $params['sn'];
80	$user_info['uid'] = $params['uid'];
81	$user_info['uidnumber'] = $id;
82	$user_info['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
83
84	if ($params['phpgwaccountstatus'] == '1')
85	$user_info['phpgwAccountStatus'] = 'A';
86
87	if ($params['departmentnumber'] != '')
88	$user_info['departmentnumber'] = $params['departmentnumber'];
89
90	if ($params['telephonenumber'] != '')
91	$user_info['telephoneNumber'] = $params['telephonenumber'];
92
93	// Cria user_info no caso de ter alias e forwarding email.
94	if ($params['mailalternateaddress'] != '')
95	$user_info['mailAlternateAddress'] = $params['mailalternateaddress'];
96
97	if ($params['mailforwardingaddress'] != '')
98	$user_info['mailForwardingAddress'] = $params['mailforwardingaddress'];
99
100	if ($params['deliverymode'])
101	$user_info['deliveryMode'] = 'forwardOnly';
102
103	//Ocultar da pesquisa e do catálogo
104	if ($params['phpgwaccountvisible'])
105	$user_info['phpgwAccountVisible'] = '-1';
106
107	// Suporte ao SAMBA
108	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
109	{
110	//Verifica se o binario para criar as senhas do samba exite.
111	if (!is_file('/home/expressolivre/mkntpwd'))
112	{
113	$return['status'] = false;
114	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
115	}
116	else
117	{
118	$user_info['objectClass'][] = 'sambaSamAccount';
119
120	$user_info['loginShell'] = '/bin/bash';
121	$user_info['sambaSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $id)+1000);
122	$user_info['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $user_info['gidNumber'])+1001);
123	$user_info['sambaAcctFlags'] = $params['sambaacctflags'];
124
125	$user_info['sambaLogonScript'] = $params['sambalogonscript'];
126	$user_info['homeDirectory'] = $params['sambahomedirectory'];
127
128	$user_info['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
129	$user_info['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
130	$user_info['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
131
132	$user_info['sambaPwdCanChange'] = strtotime("now");
133	$user_info['sambaPwdLastSet'] = strtotime("now");
134	$user_info['sambaPwdMustChange'] = '2147483647';
135	}
136	}
137	$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
138	if (!$result['status'])
139	{
140	$return['status'] = false;
141	$return['msg'] .= $result['msg'];
142	}
143
144	// Chama funcao para salvar foto no OpenLDAP.
145	if ($_FILES['photo']['name'] != '')
146	{
147	$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
148	if (!$result['status'])
149	{
150	$return['status'] = false;
151	$return['msg'] .= $result['msg'];
152	}
153	}
154
155	//GROUPS
156	if ($params['groups'])
157	{
158	foreach ($params['groups'] as $gidnumber)
159	{
160	$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
161	if (!$result['status'])
162	{
163	$return['status'] = false;
164	$return['msg'] .= $result['msg'];
165	}
166	$result = $this->db_functions->add_user2group($gidnumber, $id);
167	if (!$result['status'])
168	{
169	$return['status'] = false;
170	$return['msg'] .= $result['msg'];
171	}
172	}
173	}
174
175	// Inclusao do Mail do usuário nas listas de email selecionadas.
176	if ($params['maillists'])
177	{
178	foreach($params['maillists'] as $uidnumber)
179	{
180	$result = $this->ldap_functions->add_user2maillist($uidnumber, $user_info['mail']);
181	if (!$result['status'])
182	{
183	$return['status'] = false;
184	$return['msg'] .= $result['msg'];
185	}
186	}
187	}
188
189	// APPS
190	if (count($params['apps']))
191	{
192	$result = $this->db_functions->add_id2apps($id, $params['apps']);
193	if (!$result['status'])
194	{
195	$return['status'] = false;
196	$return['msg'] .= $result['msg'];
197	}
198	}
199
200	// Chama funcao para incluir no pgsql as preferencia de alterar senha.
201	if ($params['changepassword'])
202	{
203	$result = $this->db_functions->add_pref_changepassword($id);
204	if (!$result['status'])
205	{
206	$return['status'] = false;
207	$return['msg'] .= $result['msg'];
208	}
209	}
210
211	// Chama funcao para criar mailbox do usuario, no imap-cyrus.
212	$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
213	if (!$result['status'])
214	{
215	$return['status'] = false;
216	$return['msg'] .= $result['msg'];
217	}
218
219	$this->db_functions->write_log('criado usuario','',$dn,'','');
220	}
221
222	return $return;
223	}
224
225	function save($new_values)
226	{
227	$return['status'] = true;
228
229	$old_values = $this->get_user_info($new_values['uidnumber'], $new_values['manager_context']);
230	$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);
231
232	$diff = array_diff($new_values, $old_values);
233
234	// Verifica o acesso do gerente
235	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
236	{
237	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
238	// Change user organization
239	if ($diff['context'])
240	{
241	$newrdn = 'uid=' . $new_values['uid'];
242	$newparent = $new_values['context'];
243	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
244	if (!$result['status'])
245	{
246	$return['status'] = false;
247	$return['msg'] .= $result['msg'];
248	}
249	else
250	{
251	$dn = $newrdn . ',' . $newparent;
252	$this->db_functions->write_log('alterado contexto do usuario','',$dn,'','');
253	}
254	}
255
256	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
257	// REPLACE some attributes
258	if ($diff['givenname'])
259	{
260	$ldap_mod_replace['givenname'] = $new_values['givenname'];
261	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
262	$this->db_functions->write_log("alterado givenname do usuario",'',$dn,'','');
263	}
264	if ($diff['sn'])
265	{
266	$ldap_mod_replace['sn'] = $new_values['sn'];
267	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
268	$this->db_functions->write_log("alterado sn do usuario",'',$dn,'','');
269	}
270	if ($diff['mail'])
271	{
272	$ldap_mod_replace['mail'] = $new_values['mail'];
273	$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
274	$this->db_functions->write_log("alterado mail do usuario",'',$dn,'','');
275	}
276	if (($diff['mailalternateaddress']) && ($old_values['mailalternateaddress'] != ''))
277	{
278	$ldap_mod_replace['mailalternateaddress'] = $new_values['mailalternateaddress'];
279	$this->db_functions->write_log("alterado mailalternateaddress do usuario",'',$dn,'','');
280	}
281	if (($diff['mailforwardingaddress']) && ($old_values['mailforwardingaddress'] != ''))
282	{
283	$ldap_mod_replace['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
284	$this->db_functions->write_log("alterado mailforwardingaddress do usuario",'',$dn,'','');
285	}
286	if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
287	{
288	$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
289	$this->db_functions->write_log("alterado telephonenumber do usuario",'',$dn,'','');
290	}
291	}
292
293	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
294	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
295	{
296	if ($diff['password1'])
297	{
298	$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
299	// Suporte ao SAMBA
300	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
301	{
302	$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
303	$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
304	}
305	$this->db_functions->write_log("alterado password do usuario",'',$dn,'','');
306	}
307	}
308
309	//Suporte ao SAMBA
310	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
311	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
312	{
313	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
314	{
315	if ($diff['sambaacctflags'])
316	{
317	$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
318	$this->db_functions->write_log("alterado sambaacctflags do usuario",'',$dn,'','');
319	}
320	if ($diff['sambalogonscript'])
321	{
322	$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
323	$this->db_functions->write_log("alterado sambalogonscript do usuario",'',$dn,'','');
324	}
325	if ($diff['sambahomedirectory'])
326	{
327	$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
328	$this->db_functions->write_log("alterado homedirectory do usuario",'',$dn,'','');
329	}
330	}
331	}
332
333	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
334	// ADD ou REMOVE some attributes
335	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
336
337	// Verifica o acesso ára adicionar ou remover tais atributos
338	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
339	{
340	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
341	// TELEPHONE
342	if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
343	{
344	$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
345	$this->db_functions->write_log("adicionado telephonenumber ao usuario",'',$dn,'','');
346	}
347	if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
348	{
349	$ldap_remove['telephonenumber'] = array();
350	$this->db_functions->write_log("removido telephonenumber do usuario",'',$dn,'','');
351	}
352	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
353	// PREF_CHANGEPASSWORD
354	if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
355	{
356	$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
357	$this->db_functions->write_log("adicionado changepassword ao usuario",'',$dn,'','');
358	}
359	if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
360	{
361	$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
362	$this->db_functions->write_log("removido changepassword do usuario",'',$dn,'','');
363	}
364	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
365	// ACCOUNT STATUS
366	if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
367	{
368	$ldap_add['phpgwaccountstatus'] = 'A';
369	$this->db_functions->write_log("ativado conta do usuario",'',$dn,'','');
370	}
371	if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
372	{
373	$ldap_remove['phpgwaccountstatus'] = array();
374	$this->db_functions->write_log("desativado conta do usuario",'',$dn,'','');
375	}
376	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
377	// ACCOUNT VISIBLE
378	if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
379	{
380	$ldap_add['phpgwaccountvisible'] = '-1';
381	$this->db_functions->write_log("adicionado phpgwaccountvisible ao usuario",'',$dn,'','');
382	}
383	if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
384	{
385	$ldap_remove['phpgwaccountvisible'] = array();
386	$this->db_functions->write_log("removido phpgwaccountvisible ao usuario",'',$dn,'','');
387	}
388	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
389	// PHOTO
390	if ($new_values['delete_photo'])
391	{
392	$this->ldap_functions->ldap_remove_photo($dn);
393	$this->db_functions->write_log("removido jpegphoto ao usuario",'',$dn,'','');
394	}
395	if ($_FILES['photo']['name'] != '')
396	{
397	if ($new_values['photo_exist'])
398	$photo_exist = true;
399	else
400	$photo_exist = false;
401	$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
402	$this->db_functions->write_log("adicionado jpegphoto ao usuario",'',$dn,'','');
403	}
404	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
405	// Mail Account STATUS
406	if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
407	{
408	$ldap_add['accountstatus'] = 'active';
409	$this->db_functions->write_log("ativado conta de email do usuario",'',$dn,'','');
410	}
411	if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
412	{
413	$ldap_remove['accountstatus'] = array();
414	$this->db_functions->write_log("desativado conta de email do usuario",'',$dn,'','');
415	}
416	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
417	// MAILALTERNATEADDRESS
418	if (($old_values['mailalternateaddress'] == '') && ($new_values['mailalternateaddress'] != ''))
419	{
420	$ldap_add['mailalternateaddress'] = $new_values['mailalternateaddress'];
421	$this->db_functions->write_log("adicionado mailalternateaddress ao usuario",'',$dn,'','');
422	}
423	if (($old_values['mailalternateaddress'] != '') && ($new_values['mailalternateaddress'] == ''))
424	{
425	$ldap_remove['mailalternateaddress'] = array();
426	$this->db_functions->write_log("removido mailalternateaddress ao usuario",'',$dn,'','');
427	}
428	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
429	// MAILFORWARDINGADDRESS
430	if (($old_values['mailforwardingaddress'] == '') && ($new_values['mailforwardingaddress'] != ''))
431	{
432	$ldap_add['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
433	$this->db_functions->write_log("adicionado mailforwardingaddress ao usuario",'',$dn,'','');
434	}
435	if (($old_values['mailforwardingaddress'] != '') && ($new_values['mailforwardingaddress'] == ''))
436	{
437	$ldap_remove['mailforwardingaddress'] = array();
438	$this->db_functions->write_log("removido mailforwardingaddress ao usuario",'',$dn,'','');
439	}
440	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
441	// Delivery Mode
442	if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
443	{
444	$ldap_add['deliverymode'] = 'forwardOnly';
445	$this->db_functions->write_log("adicionado forwardOnly ao usuario",'',$dn,'','');
446	}
447	if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
448	{
449	$ldap_remove['deliverymode'] = array();
450	$this->db_functions->write_log("removido forwardOnly ao usuario",'',$dn,'','');
451	}
452	}
453
454	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
455	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
456	{
457	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
458	// MAILQUOTA
459	if ($diff['mailquota'])
460	{
461	$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
462	$this->db_functions->write_log("alterado cota do usuario",'',$dn,'','');
463	}
464	}
465
466	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
467	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
468	{
469	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
470	// REMOVE ATTRS OF SAMBA
471	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
472	{
473	$ldap_remove['objectclass'] = 'sambaSamAccount';
474	$ldap_remove['loginShell'] = array();
475	$ldap_remove['sambaSID'] = array();
476	$ldap_remove['sambaPrimaryGroupSID'] = array();
477	$ldap_remove['sambaAcctFlags'] = array();
478	$ldap_remove['sambaLogonScript'] = array();
479	$ldap_remove['sambaLMPassword'] = array();
480	$ldap_remove['sambaNTPassword'] = array();
481	$ldap_remove['sambaPasswordHistory'] = array();
482	$ldap_remove['sambaPwdCanChange'] = array();
483	$ldap_remove['sambaPwdLastSet'] = array();
484	$ldap_remove['sambaPwdMustChange'] = array();
485	$this->db_functions->write_log("removido atributos samba do usuario.",'',$dn,'','');
486	}
487	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
488	// ADD ATTRS OF SAMBA
489	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
490	{
491	//Verifica se o binario para criar as senhas do samba exite.
492	if (!is_file('/home/expressolivre/mkntpwd'))
493	{
494	$return['status'] = false;
495	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
496	}
497	else
498	{
499	$ldap_add['objectClass'][] = 'sambaSamAccount';
500	$ldap_mod_replace['loginShell'] = '/bin/bash';
501	$ldap_add['sambaSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['uidnumber'])+1000);
502	$ldap_add['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
503	$ldap_add['sambaAcctFlags'] = $new_values['sambaacctflags'];
504	$ldap_add['sambaLogonScript'] = $new_values['sambalogonscript'];
505	$ldap_mod_replace['homeDirectory'] = $new_values['sambahomedirectory'];
506	$ldap_add['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.'senha');
507	$ldap_add['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.'senha');
508	$ldap_add['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
509	$ldap_add['sambaPwdCanChange'] = strtotime("now");
510	$ldap_add['sambaPwdLastSet'] = strtotime("now");
511	$ldap_add['sambaPwdMustChange'] = '2147483647';
512	$this->db_functions->write_log("adicionado atributos samba do usuario.",'',$dn,'','');
513	}
514	}
515	}
516
517	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
518	// GROUPS
519	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
520	{
521	if (!$new_values['groups'])
522	$new_values['groups'] = array();
523	if (!$old_values['groups'])
524	$old_values['groups'] = array();
525
526	$add_groups = array_diff($new_values['groups'], $old_values['groups']);
527	$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
528
529	if (count($add_groups)>0)
530	{
531	foreach($add_groups as $gidnumber)
532	{
533	$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
534	$this->ldap_functions->add_user2group($gidnumber, $new_values['uid']);
535	$this->db_functions->write_log("adicionado usuario ao grupo $gidnumber.",'',$dn,'','');
536	}
537	}
538	if (count($remove_groups)>0)
539	{
540	foreach($remove_groups as $gidnumber)
541	{
542	foreach($old_values['groups_info'] as $group)
543	{
544	if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
545	{
546	$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
547	$this->ldap_functions->remove_user2group($gidnumber, $new_values['uid']);
548	$this->db_functions->write_log("removido usuario do grupo $gidnumber.",'',$dn,'','');
549	}
550	}
551	}
552	}
553
554	if ($diff['gidnumber'])
555	{
556	$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
557	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
558	{
559	$ldap_mod_replace['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
560	}
561	$this->db_functions->write_log("alterado gidnumber do usuario.",'',$dn,'','');
562	}
563	}
564	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
565	// LDAP_MOD_REPLACE
566	if (count($ldap_mod_replace))
567	{
568	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
569	if (!$result['status'])
570	{
571	$return['status'] = false;
572	$return['msg'] .= $result['msg'];
573	}
574	}
575
576	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
577	// LDAP_MOD_ADD
578	if (count($ldap_add))
579	{
580
581	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
582	if (!$result['status'])
583	{
584	$return['status'] = false;
585	$return['msg'] .= $result['msg'];
586	}
587	}
588
589	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
590	// LDAP_MOD_REMOVE
591	if (count($ldap_remove))
592	{
593
594	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
595	if (!$result['status'])
596	{
597	$return['status'] = false;
598	$return['msg'] .= $result['msg'];
599	}
600	}
601	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
602
603
604	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
605	{
606	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
607	// MAILLISTS
608	if (!$new_values['maillists'])
609	$new_values['maillists'] = array();
610	if (!$old_values['maillists'])
611	$old_values['maillists'] = array();
612
613	$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
614	$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
615
616	if (count($add_maillists)>0)
617	{
618	foreach($add_maillists as $uidnumber)
619	{
620	$this->ldap_functions->add_user2maillist($uidnumber, $new_values['mail']);
621	$this->db_functions->write_log("adicionado usuario a maillist $uidnumber.",'',$dn,'','');
622	}
623	}
624	if (count($remove_maillists)>0)
625	{
626	foreach($remove_maillists as $uidnumber)
627	{
628	$this->ldap_functions->remove_user2maillist($uidnumber, $new_values['mail']);
629	$this->db_functions->write_log("removido usuario da maillist $uidnumber.",'',$dn,'','');
630	}
631	}
632
633	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
634	// APPS
635	$new_values2 = array();
636	$old_values2 = array();
637	if (count($new_values['apps'])>0)
638	{
639	foreach ($new_values['apps'] as $app=>$tmp)
640	{
641	$new_values2[] = $app;
642	}
643	}
644	if (count($old_values['apps'])>0)
645	{
646	foreach ($old_values['apps'] as $app=>$tmp)
647	{
648	$old_values2[] = $app;
649	}
650	}
651	$add_apps = array_flip(array_diff($new_values2, $old_values2));
652	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
653
654	if (count($add_apps)>0)
655	{
656	$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);
657
658	foreach ($add_apps as $app => $index)
659	$this->db_functions->write_log("Adicionado aplicativo $app ao usuário $dn",'',$dn,'','');
660	}
661	if (count($remove_apps)>0)
662	{
663	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
664	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
665
666	foreach ($remove_apps as $app => $app_index)
667	{
668	if ($manager_apps[$app] == 'run')
669	$remove_apps2[$app] = $app_index;
670	}
671	$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
672
673	foreach ($remove_apps2 as $app => $access)
674	$this->db_functions->write_log("Removido aplicativo $app do usuário $dn",'',$dn,'','');
675	}
676	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
677	}
678	return $return;
679	}
680
681
682	function get_user_info($uidnumber, $context)
683	{
684	$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber, $context);
685	$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
686	$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups'], $context);
687	$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
688	$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
689	return $user_info;
690	}
691
692	function set_user_default_password($params)
693	{
694	$return['status'] = true;
695	$uid = $params['uid'];
696	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
697
698	if (!$this->db_functions->default_user_password_is_set($uid))
699	{
700	$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
701	$this->db_functions->set_user_password($uid, $userPassword);
702	}
703	else
704	{
705	$return['status'] = false;
706	$return['msg'] = 'Senha default já cadastrada!';
707	}
708
709	$this->db_functions->write_log('Setado senha default','',$uid,'','');
710
711	return $return;
712	}
713
714	function return_user_password($params)
715	{
716	$return['status'] = true;
717	$uid = $params['uid'];
718
719	if ($this->db_functions->default_user_password_is_set($uid))
720	{
721	$userPassword = $this->db_functions->get_user_password($uid);
722	$this->ldap_functions->set_user_password($uid, $userPassword);
723	}
724	else
725	{
726	$return['status'] = false;
727	$return['msg'] = 'Senha default NÃO cadastrada!';
728	}
729
730	$this->db_functions->write_log('Retornado senha default','',$uid,'','');
731
732	return $return;
733	}
734
735	function delete($params)
736	{
737	$return['status'] = true;
738
739	// Verifica o acesso do gerente
740	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
741	{
742	$uidnumber = $params['uidnumber'];
743	$context = $params['context'];
744	$user_info = $this->get_user_info($uidnumber, $context);
745
746	//LDAP
747	$result_ldap = $this->ldap_functions->delete_user($user_info);
748	if (!$result_ldap['status'])
749	{
750	$return['status'] = false;
751	$return['msg'] .= $result_ldap['msg'];
752	}
753
754	//DB
755	$result_db = $this->db_functions->delete_user($user_info);
756	if (!$result_db['status'])
757	{
758	$return['status'] = false;
759	$return['msg'] .= $result_ldap['msg'];
760	}
761
762	//IMAP
763	$result_imap = $this->imap_functions->delete_user($user_info['uid']);
764	if (!$result_imap['status'])
765	{
766	$return['status'] = false;
767	$return['msg'] .= $result_ldap['msg'];
768	}
769
770	$this->db_functions->write_log('deletado usuario','',$user_info['uid'],'','');
771	}
772
773	return $return;
774	}
775
776
777	function rename($params)
778	{
779	$return['status'] = true;
780
781	// Verifica o acesso do gerente
782	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
783	{
784	$uid = $params['uid'];
785	$new_uid = $params['new_uid'];
786	$context = $params['context'];
787	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
788	$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];
789
790	$emailadmin_profiles = $this->db_functions->get_sieve_info();
791	$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
792	$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
793	$sieve_port = $emailadmin_profiles[0]['imapsieveport'];
794
795	$imap_admin = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
796	$imap_passwd = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
797	$imap_server = $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
798	$imap_port = $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
799	$imapDelimiter = $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
800
801	//Verifica se está sendo usuado cyrus 2.2 ou superior
802	$sk = fsockopen ($imap_server,$imap_port);
803	$server_resp = fread($sk, 100);
804	$tmp = split('v2.', $server_resp);
805	$cyrus_version = '2' . $tmp[1][0];
806	//$is_cyrus22 = strpos($server_resp, "v2.2");
807
808	if ($cyrus_version > '21')
809	{
810	// Seta senha default
811	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
812
813	// Renomeia UID no openldap
814	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
815	$new_dn = $result['new_dn'];
816	if (!$result['status'])
817	{
818	$return['status'] = false;
819	$return['msg'] .= "\n" . $result['msg'];
820	$return['msg'] .= "\nErro ao renomear usuário no LDAP. Processo abortado.";
821	return $return;
822	}
823
824	// Remove old UID do ldap
825	$user_info_mod_remove['uid'] = $uid;
826	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
827
828	//Renomeia mailbox e sieve
829	$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
830	if (!$result['status'])
831	{
832	$return['status'] = false;
833	$return['msg'] .= "\n" . $result['msg'];
834	$return['msg'] .= "\nErro ao renomear usuário no Cyrus. Processo abortado.";
835	}
836
837	// Retorna senha do usuário
838	$this->ldap_functions->set_user_password($new_uid, $user_password);
839
840	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
841
842	$return['exec_return'] = "";
843	return $return;
844	}
845	else
846	{
847	$return['status'] = false;
848	$return['msg'] .= "A renomeação de usuários só permitida com o cyrus versão 2.2 ou superior,";
849	$return['msg'] .= "\ne com a opção 'allowusermoves: yes' configurado no imapd.conf.";
850	return $return;
851	}
852
853	/*********************
854	*
855	* RENOMEAÇÃO APENAS PARA CYRUS 2.2 OU SUPERIOR
856	*
857	*********************/
858	/*
859	//Verifica se o binario para renomeacao existe.
860	if (!is_file('/home/expressolivre/imapsync'))
861	{
862	$return['status'] = false;
863	$return['msg'] .= "O arquivo binário /home/expressolivre/imapsync não existe.\\nEle é necessário para a renomeação das caixas postais.\\nInforme o administrador ExpressoLivre sobre isto.";
864	}
865
866	// Seta senha default
867	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
868
869	// Renomeia UID no openldap
870	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
871	$new_dn = $result['new_dn'];
872
873	if (!$result['status'])
874	{
875	$return['status'] = false;
876	$return['msg'] .= "Erro ao renomear usuário no LDAP. Processo abortado.";
877	return $return;
878	}
879
880	// Pega a cota do usuario
881	$quota = $this->imap_functions->get_user_info($uid);
882	$quota_limit = $quota['mailquota'];
883	if ($quota_limit == '-1')
884	$quota_limit = '40960';
885
886	//Cria a nova caixa postal
887	$this->imap_functions->create($new_uid, $quota_limit);
888
889	// Realiza a cópia das mensagens de uma caixa para outra.
890	$exec_return = array();
891	$exec_result = exec("/home/expressolivre/imapsync " .
892	"--host1 localhost " .
893	"--user1 " . $uid . ' ' .
894	"--password1 $defaultUserPassword_plain " .
895	"--host2 localhost " .
896	"--user2 " . $new_uid . ' ' .
897	"--password2 $defaultUserPassword_plain " .
898	"--syncinternaldates --exclude user.*", $exec_return, $exec_result);
899
900	$reg_total = count($exec_return);
901
902	for ($i=$reg_total; $i>($reg_total-9); $i--)
903	$return['exec_return'] .= $exec_return[$i] . "\n";
904
905	//SIEVE
906	if ($sieve_enable == 'yes')
907	{
908	include_once('sieve-php.lib.php');
909
910	$sieve_uid = new sieve("$sieve_server", "$sieve_port", "$uid", "$defaultUserPassword_plain", '', "PLAIN");
911	$sieve_new_uid = new sieve("$sieve_server", "$sieve_port", "$new_uid", "$defaultUserPassword_plain", '', "PLAIN");
912
913	if (!$sieve_uid->sieve_login())
914	{
915	$return['status'] = false;
916	$return['msg'] .= "\nNão foi possível fazer login no sieve:$uid";
917	}
918	elseif (!$sieve_new_uid->sieve_login())
919	{
920	$return['status'] = false;
921	$return['msg'] .= "\nNão foi possível fazer login no sieve:$new_uid";
922	}
923	else
924	{
925	$sieve_uid->sieve_listscripts();
926	$uid_active_script=$sieve_uid->response["ACTIVE"];
927	if(isset($uid_active_script))
928	{
929	$i=0;
930	$activescript="";
931	if($sieve_uid->sieve_getscript($uid_active_script))
932	{
933	if(is_array($sieve_uid->response))
934	{
935	foreach($sieve_uid->response as $result)
936	{
937	$activescript .= $result;
938	}
939	}
940	}
941
942	$new_script_name = $new_uid;
943	if ($sieve_new_uid->sieve_sendscript($new_script_name,$activescript))
944	{
945	$sieve_new_uid->sieve_setactivescript($new_script_name);
946	$return['exec_return'] .= "Script SIEVE transferido com êxito.\n";
947	}
948	else
949	{
950	$return['status'] = false;
951	$return['msg'] .= "Problemas na transferência do script Sieve.\\n";
952	}
953	}
954	else
955	$return['exec_return'] .= "\n2";
956	}
957	$sieve_uid->sieve_logout();
958	$sieve_new_uid->sieve_logout();
959	}
960	else
961	$return['exec_return'] .= "\n1";
962
963	if ($exec_result)
964	{
965	// Deleta caixa-postal antiga
966	$result = $this->imap_functions->delete_user($uid);
967	if (!$result['status'])
968	{
969	$return['status'] = false;
970	$return['msg'] .= $result['msg'];
971	}
972	}
973	else
974	{
975	$return['status'] = false;
976	$return['msg'] .= "Problemas ao executar o imapsinc. Caixa postal $uid não excluida.";
977	}
978
979	// Retorna senha do usuário
980	$this->ldap_functions->set_user_password($uid, $user_password);
981
982	// Remove old UID do ldap
983	$user_info_mod_remove['uid'] = $uid;
984	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
985
986	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
987
988	return $return;
989	*/
990	}
991	}
992	}
993	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: