Context Navigation

source: trunk/expressoAdmin1_2/inc/class.user.inc.php @ 30

Revision 30, 39.8 KB checked in by niltonneto, 17 years ago (diff)
* empty log message *
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class user
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function user()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function create($params)
36	{
37	$return['status'] = true;
38
39	// Verifica o acesso do gerente
40	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
41	{
42	// Adiciona a organização na frente do uid.
43	if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
44	{
45	$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
46
47	$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
48	$explode_dn = array_reverse($explode_dn);
49	//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
50	$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
51	}
52
53	// Pega ID do BD e incrementa de 1.
54	$id = (($this->db_functions->get_next_id()) + 1);
55
56	// Incrementa o id no BD.
57	$this->db_functions->increment_id($id,'accounts');
58
59	// Cria array para incluir no LDAP
60	$dn = 'uid=' . $params['uid'] . ',' . $params['context'];
61
62	$user_info = array();
63	$user_info['accountStatus'] = $params['accountstatus'] == 1 ? 'active' : 'desactive';
64	$user_info['cn'] = $params['givenname'] . ' ' . $params['sn'];
65	$user_info['gidNumber'] = $params['gidnumber'];
66	$user_info['givenName'] = $params['givenname'];
67	$user_info['homeDirectory'] = '/home/' . $params['uid'];
68	$user_info['mail'] = $params['mail'];
69	$user_info['objectClass'][] = 'posixAccount';
70	$user_info['objectClass'][] = 'inetOrgPerson';
71	$user_info['objectClass'][] = 'shadowAccount';
72	$user_info['objectClass'][] = 'qmailuser';
73	$user_info['objectClass'][] = 'phpgwAccount';
74	$user_info['objectClass'][] = 'top';
75	$user_info['objectClass'][] = 'person';
76	$user_info['objectClass'][] = 'organizationalPerson';
77	$user_info['phpgwAccountExpires'] = '-1';
78	$user_info['phpgwAccountType'] = 'u';
79	$user_info['sn'] = $params['sn'];
80	$user_info['uid'] = $params['uid'];
81	$user_info['uidnumber'] = $id;
82	$user_info['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
83
84	if ($params['phpgwaccountstatus'] == '1')
85	$user_info['phpgwAccountStatus'] = 'A';
86
87	if ($params['departmentnumber'] != '')
88	$user_info['departmentnumber'] = $params['departmentnumber'];
89
90	if ($params['telephonenumber'] != '')
91	$user_info['telephoneNumber'] = $params['telephonenumber'];
92
93	// Cria user_info no caso de ter alias e forwarding email.
94	if ($params['mailalternateaddress'] != '')
95	$user_info['mailAlternateAddress'] = $params['mailalternateaddress'];
96
97	if ($params['mailforwardingaddress'] != '')
98	$user_info['mailForwardingAddress'] = $params['mailforwardingaddress'];
99
100	if ($params['deliverymode'])
101	$user_info['deliveryMode'] = 'forwardOnly';
102
103	//Ocultar da pesquisa e do catálogo
104	if ($params['phpgwaccountvisible'])
105	$user_info['phpgwAccountVisible'] = '-1';
106
107	// Suporte ao SAMBA
108	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
109	{
110	//Verifica se o binario para criar as senhas do samba exite.
111	if (!is_file('/home/expressolivre/mkntpwd'))
112	{
113	$return['status'] = false;
114	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
115	}
116	else
117	{
118	$user_info['objectClass'][] = 'sambaSamAccount';
119	$user_info['loginShell'] = '/bin/bash';
120
121	//$user_info['sambaSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $id)+1000);
122	//$user_info['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $user_info['gidNumber'])+1001);
123	$user_info['sambaSID'] = $params['sambadomain'] . '-' . ((2 * $id)+1000);
124	$user_info['sambaPrimaryGroupSID'] = $params['sambadomain'] . '-' . ((2 * $user_info['gidNumber'])+1001);
125
126	$user_info['sambaAcctFlags'] = $params['sambaacctflags'];
127
128	$user_info['sambaLogonScript'] = $params['sambalogonscript'];
129	$user_info['homeDirectory'] = $params['sambahomedirectory'];
130
131	$user_info['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
132	$user_info['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
133	$user_info['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
134
135	$user_info['sambaPwdCanChange'] = strtotime("now");
136	$user_info['sambaPwdLastSet'] = strtotime("now");
137	$user_info['sambaPwdMustChange'] = '2147483647';
138	}
139	}
140	$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
141	if (!$result['status'])
142	{
143	$return['status'] = false;
144	$return['msg'] .= $result['msg'];
145	}
146
147	// Chama funcao para salvar foto no OpenLDAP.
148	if ($_FILES['photo']['name'] != '')
149	{
150	$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
151	if (!$result['status'])
152	{
153	$return['status'] = false;
154	$return['msg'] .= $result['msg'];
155	}
156	}
157
158	//GROUPS
159	if ($params['groups'])
160	{
161	foreach ($params['groups'] as $gidnumber)
162	{
163	$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
164	if (!$result['status'])
165	{
166	$return['status'] = false;
167	$return['msg'] .= $result['msg'];
168	}
169	$result = $this->db_functions->add_user2group($gidnumber, $id);
170	if (!$result['status'])
171	{
172	$return['status'] = false;
173	$return['msg'] .= $result['msg'];
174	}
175	}
176	}
177
178	// Inclusao do Mail do usuário nas listas de email selecionadas.
179	if ($params['maillists'])
180	{
181	foreach($params['maillists'] as $uidnumber)
182	{
183	$result = $this->ldap_functions->add_user2maillist($uidnumber, $user_info['mail']);
184	if (!$result['status'])
185	{
186	$return['status'] = false;
187	$return['msg'] .= $result['msg'];
188	}
189	}
190	}
191
192	// APPS
193	if (count($params['apps']))
194	{
195	$result = $this->db_functions->add_id2apps($id, $params['apps']);
196	if (!$result['status'])
197	{
198	$return['status'] = false;
199	$return['msg'] .= $result['msg'];
200	}
201	}
202
203	// Chama funcao para incluir no pgsql as preferencia de alterar senha.
204	if ($params['changepassword'])
205	{
206	$result = $this->db_functions->add_pref_changepassword($id);
207	if (!$result['status'])
208	{
209	$return['status'] = false;
210	$return['msg'] .= $result['msg'];
211	}
212	}
213
214	// Chama funcao para criar mailbox do usuario, no imap-cyrus.
215	$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
216	if (!$result['status'])
217	{
218	$return['status'] = false;
219	$return['msg'] .= $result['msg'];
220	}
221
222	$this->db_functions->write_log('criado usuario','',$dn,'','');
223	}
224
225	return $return;
226	}
227
228	function save($new_values)
229	{
230	$return['status'] = true;
231
232	$old_values = $this->get_user_info($new_values['uidnumber'], $new_values['manager_context']);
233	$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);
234
235	$diff = array_diff($new_values, $old_values);
236
237	// Verifica o acesso do gerente
238	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
239	{
240	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
241	// Change user organization
242	if ($diff['context'])
243	{
244	$newrdn = 'uid=' . $new_values['uid'];
245	$newparent = $new_values['context'];
246	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
247	if (!$result['status'])
248	{
249	$return['status'] = false;
250	$return['msg'] .= $result['msg'];
251	}
252	else
253	{
254	$dn = $newrdn . ',' . $newparent;
255	$this->db_functions->write_log('alterado contexto do usuario','',$dn,'','');
256	}
257	}
258
259	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
260	// REPLACE some attributes
261	if ($diff['givenname'])
262	{
263	$ldap_mod_replace['givenname'] = $new_values['givenname'];
264	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
265	$this->db_functions->write_log("alterado givenname do usuario",'',$dn,'','');
266	}
267	if ($diff['sn'])
268	{
269	$ldap_mod_replace['sn'] = $new_values['sn'];
270	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
271	$this->db_functions->write_log("alterado sn do usuario",'',$dn,'','');
272	}
273	if ($diff['mail'])
274	{
275	$ldap_mod_replace['mail'] = $new_values['mail'];
276	$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
277	$this->db_functions->write_log("alterado mail do usuario",'',$dn,'','');
278	}
279	if (($diff['mailalternateaddress']) && ($old_values['mailalternateaddress'] != ''))
280	{
281	$ldap_mod_replace['mailalternateaddress'] = $new_values['mailalternateaddress'];
282	$this->db_functions->write_log("alterado mailalternateaddress do usuario",'',$dn,'','');
283	}
284	if (($diff['mailforwardingaddress']) && ($old_values['mailforwardingaddress'] != ''))
285	{
286	$ldap_mod_replace['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
287	$this->db_functions->write_log("alterado mailforwardingaddress do usuario",'',$dn,'','');
288	}
289	if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
290	{
291	$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
292	$this->db_functions->write_log("alterado telephonenumber do usuario",'',$dn,'','');
293	}
294	}
295
296	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
297	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
298	{
299	if ($diff['password1'])
300	{
301	$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
302	// Suporte ao SAMBA
303	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
304	{
305	$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
306	$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
307	}
308	$this->db_functions->write_log("alterado password do usuario",'',$dn,'','');
309	}
310	}
311
312	//Suporte ao SAMBA
313	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
314	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
315	{
316	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
317	{
318	if ($diff['sambaacctflags'])
319	{
320	$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
321	$this->db_functions->write_log("alterado sambaacctflags do usuario",'',$dn,'','');
322	}
323	if ($diff['sambalogonscript'])
324	{
325	$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
326	$this->db_functions->write_log("alterado sambalogonscript do usuario",'',$dn,'','');
327	}
328	if ($diff['sambahomedirectory'])
329	{
330	$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
331	$this->db_functions->write_log("alterado homedirectory do usuario",'',$dn,'','');
332	}
333	if ($diff['sambadomain'])
334	{
335	$ldap_mod_replace['sambaSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['uidnumber'])+1000);
336	$ldap_mod_replace['sambaPrimaryGroupSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['gidnumber'])+1001);
337	$this->db_functions->write_log("alterado dominio samba do usuario $dn para " . $params['sambadomain'],'',$dn,'','');
338	}
339	}
340	}
341
342	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
343	// ADD ou REMOVE some attributes
344	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
345
346	// Verifica o acesso ára adicionar ou remover tais atributos
347	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
348	{
349	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
350	// TELEPHONE
351	if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
352	{
353	$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
354	$this->db_functions->write_log("adicionado telephonenumber ao usuario",'',$dn,'','');
355	}
356	if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
357	{
358	$ldap_remove['telephonenumber'] = array();
359	$this->db_functions->write_log("removido telephonenumber do usuario",'',$dn,'','');
360	}
361	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
362	// PREF_CHANGEPASSWORD
363	if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
364	{
365	$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
366	$this->db_functions->write_log("adicionado changepassword ao usuario",'',$dn,'','');
367	}
368	if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
369	{
370	$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
371	$this->db_functions->write_log("removido changepassword do usuario",'',$dn,'','');
372	}
373	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
374	// ACCOUNT STATUS
375	if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
376	{
377	$ldap_add['phpgwaccountstatus'] = 'A';
378	$this->db_functions->write_log("ativado conta do usuario",'',$dn,'','');
379	}
380	if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
381	{
382	$ldap_remove['phpgwaccountstatus'] = array();
383	$this->db_functions->write_log("desativado conta do usuario",'',$dn,'','');
384	}
385	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
386	// ACCOUNT VISIBLE
387	if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
388	{
389	$ldap_add['phpgwaccountvisible'] = '-1';
390	$this->db_functions->write_log("adicionado phpgwaccountvisible ao usuario",'',$dn,'','');
391	}
392	if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
393	{
394	$ldap_remove['phpgwaccountvisible'] = array();
395	$this->db_functions->write_log("removido phpgwaccountvisible ao usuario",'',$dn,'','');
396	}
397	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
398	// PHOTO
399	if ($new_values['delete_photo'])
400	{
401	$this->ldap_functions->ldap_remove_photo($dn);
402	$this->db_functions->write_log("removido jpegphoto ao usuario",'',$dn,'','');
403	}
404	if ($_FILES['photo']['name'] != '')
405	{
406	if ($new_values['photo_exist'])
407	$photo_exist = true;
408	else
409	$photo_exist = false;
410	$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
411	$this->db_functions->write_log("adicionado jpegphoto ao usuario",'',$dn,'','');
412	}
413	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
414	// Mail Account STATUS
415	if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
416	{
417	$ldap_add['accountstatus'] = 'active';
418	$this->db_functions->write_log("ativado conta de email do usuario",'',$dn,'','');
419	}
420	if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
421	{
422	$ldap_remove['accountstatus'] = array();
423	$this->db_functions->write_log("desativado conta de email do usuario",'',$dn,'','');
424	}
425	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
426	// MAILALTERNATEADDRESS
427	if (($old_values['mailalternateaddress'] == '') && ($new_values['mailalternateaddress'] != ''))
428	{
429	$ldap_add['mailalternateaddress'] = $new_values['mailalternateaddress'];
430	$this->db_functions->write_log("adicionado mailalternateaddress ao usuario",'',$dn,'','');
431	}
432	if (($old_values['mailalternateaddress'] != '') && ($new_values['mailalternateaddress'] == ''))
433	{
434	$ldap_remove['mailalternateaddress'] = array();
435	$this->db_functions->write_log("removido mailalternateaddress ao usuario",'',$dn,'','');
436	}
437	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
438	// MAILFORWARDINGADDRESS
439	if (($old_values['mailforwardingaddress'] == '') && ($new_values['mailforwardingaddress'] != ''))
440	{
441	$ldap_add['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
442	$this->db_functions->write_log("adicionado mailforwardingaddress ao usuario",'',$dn,'','');
443	}
444	if (($old_values['mailforwardingaddress'] != '') && ($new_values['mailforwardingaddress'] == ''))
445	{
446	$ldap_remove['mailforwardingaddress'] = array();
447	$this->db_functions->write_log("removido mailforwardingaddress ao usuario",'',$dn,'','');
448	}
449	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
450	// Delivery Mode
451	if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
452	{
453	$ldap_add['deliverymode'] = 'forwardOnly';
454	$this->db_functions->write_log("adicionado forwardOnly ao usuario",'',$dn,'','');
455	}
456	if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
457	{
458	$ldap_remove['deliverymode'] = array();
459	$this->db_functions->write_log("removido forwardOnly ao usuario",'',$dn,'','');
460	}
461	}
462
463	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
464	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
465	{
466	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
467	// MAILQUOTA
468	if ($diff['mailquota'])
469	{
470	$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
471	$this->db_functions->write_log("alterado cota do usuario",'',$dn,'','');
472	}
473	}
474
475	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
476	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
477	{
478	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
479	// REMOVE ATTRS OF SAMBA
480	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
481	{
482	$ldap_remove['objectclass'] = 'sambaSamAccount';
483	$ldap_remove['loginShell'] = array();
484	$ldap_remove['sambaSID'] = array();
485	$ldap_remove['sambaPrimaryGroupSID'] = array();
486	$ldap_remove['sambaAcctFlags'] = array();
487	$ldap_remove['sambaLogonScript'] = array();
488	$ldap_remove['sambaLMPassword'] = array();
489	$ldap_remove['sambaNTPassword'] = array();
490	$ldap_remove['sambaPasswordHistory'] = array();
491	$ldap_remove['sambaPwdCanChange'] = array();
492	$ldap_remove['sambaPwdLastSet'] = array();
493	$ldap_remove['sambaPwdMustChange'] = array();
494	$this->db_functions->write_log("removido atributos samba do usuario.",'',$dn,'','');
495	}
496	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
497	// ADD ATTRS OF SAMBA
498	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
499	{
500	//Verifica se o binario para criar as senhas do samba exite.
501	if (!is_file('/home/expressolivre/mkntpwd'))
502	{
503	$return['status'] = false;
504	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
505	}
506	else
507	{
508	$ldap_add['objectClass'][] = 'sambaSamAccount';
509	$ldap_mod_replace['loginShell'] = '/bin/bash';
510	$ldap_add['sambaSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['uidnumber'])+1000);
511	$ldap_add['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
512	$ldap_add['sambaAcctFlags'] = $new_values['sambaacctflags'];
513	$ldap_add['sambaLogonScript'] = $new_values['sambalogonscript'];
514	$ldap_mod_replace['homeDirectory'] = $new_values['sambahomedirectory'];
515	$ldap_add['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.'senha');
516	$ldap_add['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.'senha');
517	$ldap_add['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
518	$ldap_add['sambaPwdCanChange'] = strtotime("now");
519	$ldap_add['sambaPwdLastSet'] = strtotime("now");
520	$ldap_add['sambaPwdMustChange'] = '2147483647';
521	$this->db_functions->write_log("adicionado atributos samba do usuario.",'',$dn,'','');
522	}
523	}
524	}
525
526	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
527	// GROUPS
528	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
529	{
530	if (!$new_values['groups'])
531	$new_values['groups'] = array();
532	if (!$old_values['groups'])
533	$old_values['groups'] = array();
534
535	$add_groups = array_diff($new_values['groups'], $old_values['groups']);
536	$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
537
538	if (count($add_groups)>0)
539	{
540	foreach($add_groups as $gidnumber)
541	{
542	$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
543	$this->ldap_functions->add_user2group($gidnumber, $new_values['uid']);
544	$this->db_functions->write_log("adicionado usuario ao grupo $gidnumber.",'',$dn,'','');
545	}
546	}
547	if (count($remove_groups)>0)
548	{
549	foreach($remove_groups as $gidnumber)
550	{
551	foreach($old_values['groups_info'] as $group)
552	{
553	if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
554	{
555	$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
556	$this->ldap_functions->remove_user2group($gidnumber, $new_values['uid']);
557	$this->db_functions->write_log("removido usuario do grupo $gidnumber.",'',$dn,'','');
558	}
559	}
560	}
561	}
562
563	if ($diff['gidnumber'])
564	{
565	$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
566	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
567	{
568	$ldap_mod_replace['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
569	}
570	$this->db_functions->write_log("alterado gidnumber do usuario.",'',$dn,'','');
571	}
572	}
573	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
574	// LDAP_MOD_REPLACE
575	if (count($ldap_mod_replace))
576	{
577	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
578	if (!$result['status'])
579	{
580	$return['status'] = false;
581	$return['msg'] .= $result['msg'];
582	}
583	}
584
585	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
586	// LDAP_MOD_ADD
587	if (count($ldap_add))
588	{
589
590	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
591	if (!$result['status'])
592	{
593	$return['status'] = false;
594	$return['msg'] .= $result['msg'];
595	}
596	}
597
598	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
599	// LDAP_MOD_REMOVE
600	if (count($ldap_remove))
601	{
602
603	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
604	if (!$result['status'])
605	{
606	$return['status'] = false;
607	$return['msg'] .= $result['msg'];
608	}
609	}
610	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
611
612
613	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
614	{
615	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
616	// MAILLISTS
617	if (!$new_values['maillists'])
618	$new_values['maillists'] = array();
619	if (!$old_values['maillists'])
620	$old_values['maillists'] = array();
621
622	$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
623	$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
624
625	if (count($add_maillists)>0)
626	{
627	foreach($add_maillists as $uidnumber)
628	{
629	$this->ldap_functions->add_user2maillist($uidnumber, $new_values['mail']);
630	$this->db_functions->write_log("adicionado usuario a maillist $uidnumber.",'',$dn,'','');
631	}
632	}
633	if (count($remove_maillists)>0)
634	{
635	foreach($remove_maillists as $uidnumber)
636	{
637	$this->ldap_functions->remove_user2maillist($uidnumber, $new_values['mail']);
638	$this->db_functions->write_log("removido usuario da maillist $uidnumber.",'',$dn,'','');
639	}
640	}
641
642	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
643	// APPS
644	$new_values2 = array();
645	$old_values2 = array();
646	if (count($new_values['apps'])>0)
647	{
648	foreach ($new_values['apps'] as $app=>$tmp)
649	{
650	$new_values2[] = $app;
651	}
652	}
653	if (count($old_values['apps'])>0)
654	{
655	foreach ($old_values['apps'] as $app=>$tmp)
656	{
657	$old_values2[] = $app;
658	}
659	}
660	$add_apps = array_flip(array_diff($new_values2, $old_values2));
661	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
662
663	if (count($add_apps)>0)
664	{
665	$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);
666
667	foreach ($add_apps as $app => $index)
668	$this->db_functions->write_log("Adicionado aplicativo $app ao usuário $dn",'',$dn,'','');
669	}
670	if (count($remove_apps)>0)
671	{
672	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
673	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
674
675	foreach ($remove_apps as $app => $app_index)
676	{
677	if ($manager_apps[$app] == 'run')
678	$remove_apps2[$app] = $app_index;
679	}
680	$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
681
682	foreach ($remove_apps2 as $app => $access)
683	$this->db_functions->write_log("Removido aplicativo $app do usuário $dn",'',$dn,'','');
684	}
685	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
686	}
687	return $return;
688	}
689
690
691	function get_user_info($uidnumber, $context)
692	{
693	$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber, $context);
694	$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
695	$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups'], $context);
696	$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
697	$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
698	return $user_info;
699	}
700
701	function set_user_default_password($params)
702	{
703	$return['status'] = true;
704	$uid = $params['uid'];
705	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
706
707	if (!$this->db_functions->default_user_password_is_set($uid))
708	{
709	$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
710	$this->db_functions->set_user_password($uid, $userPassword);
711	}
712	else
713	{
714	$return['status'] = false;
715	$return['msg'] = 'Senha default já cadastrada!';
716	}
717
718	$this->db_functions->write_log('Setado senha default','',$uid,'','');
719
720	return $return;
721	}
722
723	function return_user_password($params)
724	{
725	$return['status'] = true;
726	$uid = $params['uid'];
727
728	if ($this->db_functions->default_user_password_is_set($uid))
729	{
730	$userPassword = $this->db_functions->get_user_password($uid);
731	$this->ldap_functions->set_user_password($uid, $userPassword);
732	}
733	else
734	{
735	$return['status'] = false;
736	$return['msg'] = 'Senha default NÃO cadastrada!';
737	}
738
739	$this->db_functions->write_log('Retornado senha default','',$uid,'','');
740
741	return $return;
742	}
743
744	function delete($params)
745	{
746	$return['status'] = true;
747
748	// Verifica o acesso do gerente
749	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
750	{
751	$uidnumber = $params['uidnumber'];
752	$context = $params['context'];
753	$user_info = $this->get_user_info($uidnumber, $context);
754
755	//LDAP
756	$result_ldap = $this->ldap_functions->delete_user($user_info);
757	if (!$result_ldap['status'])
758	{
759	$return['status'] = false;
760	$return['msg'] .= $result_ldap['msg'];
761	}
762
763	//DB
764	$result_db = $this->db_functions->delete_user($user_info);
765	if (!$result_db['status'])
766	{
767	$return['status'] = false;
768	$return['msg'] .= $result_ldap['msg'];
769	}
770
771	//IMAP
772	$result_imap = $this->imap_functions->delete_user($user_info['uid']);
773	if (!$result_imap['status'])
774	{
775	$return['status'] = false;
776	$return['msg'] .= $result_ldap['msg'];
777	}
778
779	$this->db_functions->write_log('deletado usuario','',$user_info['uid'],'','');
780	}
781
782	return $return;
783	}
784
785
786	function rename($params)
787	{
788	$return['status'] = true;
789
790	// Verifica o acesso do gerente
791	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
792	{
793	$uid = $params['uid'];
794	$new_uid = $params['new_uid'];
795	$context = $params['context'];
796	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
797	$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];
798
799	$emailadmin_profiles = $this->db_functions->get_sieve_info();
800	$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
801	$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
802	$sieve_port = $emailadmin_profiles[0]['imapsieveport'];
803
804	$imap_admin = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
805	$imap_passwd = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
806	$imap_server = $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
807	$imap_port = $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
808	$imapDelimiter = $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
809
810	//Verifica se está sendo usuado cyrus 2.2 ou superior
811	$sk = fsockopen ($imap_server,$imap_port);
812	$server_resp = fread($sk, 100);
813	$tmp = split('v2.', $server_resp);
814	$cyrus_version = '2' . $tmp[1][0];
815	//$is_cyrus22 = strpos($server_resp, "v2.2");
816
817	if ($cyrus_version > '21')
818	{
819	// Seta senha default
820	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
821
822	// Renomeia UID no openldap
823	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
824	$new_dn = $result['new_dn'];
825	if (!$result['status'])
826	{
827	$return['status'] = false;
828	$return['msg'] .= "\n" . $result['msg'];
829	$return['msg'] .= "\nErro ao renomear usuário no LDAP. Processo abortado.";
830	return $return;
831	}
832
833	// Remove old UID do ldap
834	$user_info_mod_remove['uid'] = $uid;
835	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
836
837	//Renomeia mailbox
838	$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
839	if (!$result['status'])
840	{
841	$return['status'] = false;
842	$return['msg'] .= "\n" . $result['msg'];
843	$return['msg'] .= "\nErro ao renomear usuário no Cyrus. Processo abortado.";
844	}
845
846	// Renomeia sieve script
847	include_once('sieve-php.lib.php');
848	$sieve=new sieve($sieve_server, $sieve_port, $new_uid, $defaultUserPassword_plain);
849
850	if ($sieve->sieve_login())
851	{
852	$sieve->sieve_listscripts();
853	$myactivescript=$sieve->response["ACTIVE"];
854	$sieve->sieve_getscript($myactivescript);
855
856	$script = '';
857	foreach($sieve->response as $result)
858	{
859	$script .= $result;
860	}
861
862	$scriptname = $new_uid;
863	if($sieve->sieve_sendscript($new_uid,$script))
864	{
865	if ($sieve->sieve_setactivescript($new_uid))
866	{
867	$sieve->sieve_deletescript($myactivescript);
868	}
869	}
870	else
871	{
872	$return['status'] = false;
873	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no envio do novo script.";
874	}
875	$sieve->sieve_logout();
876	}
877	else
878	{
879	$return['status'] = false;
880	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no Login.";
881	}
882
883	// Retorna senha do usuário
884	$this->ldap_functions->set_user_password($new_uid, $user_password);
885
886	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
887
888	$return['exec_return'] = "";
889	return $return;
890	}
891	else
892	{
893	$return['status'] = false;
894	$return['msg'] .= "A renomeação de usuários só permitida com o cyrus versão 2.2 ou superior,";
895	$return['msg'] .= "\ne com a opção 'allowusermoves: yes' configurado no imapd.conf.";
896	return $return;
897	}
898
899	/*********************
900	*
901	* RENOMEAÇÃO APENAS PARA CYRUS 2.2 OU SUPERIOR
902	*
903	*********************/
904	/*
905	//Verifica se o binario para renomeacao existe.
906	if (!is_file('/home/expressolivre/imapsync'))
907	{
908	$return['status'] = false;
909	$return['msg'] .= "O arquivo binário /home/expressolivre/imapsync não existe.\\nEle é necessário para a renomeação das caixas postais.\\nInforme o administrador ExpressoLivre sobre isto.";
910	}
911
912	// Seta senha default
913	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
914
915	// Renomeia UID no openldap
916	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
917	$new_dn = $result['new_dn'];
918
919	if (!$result['status'])
920	{
921	$return['status'] = false;
922	$return['msg'] .= "Erro ao renomear usuário no LDAP. Processo abortado.";
923	return $return;
924	}
925
926	// Pega a cota do usuario
927	$quota = $this->imap_functions->get_user_info($uid);
928	$quota_limit = $quota['mailquota'];
929	if ($quota_limit == '-1')
930	$quota_limit = '40960';
931
932	//Cria a nova caixa postal
933	$this->imap_functions->create($new_uid, $quota_limit);
934
935	// Realiza a cópia das mensagens de uma caixa para outra.
936	$exec_return = array();
937	$exec_result = exec("/home/expressolivre/imapsync " .
938	"--host1 localhost " .
939	"--user1 " . $uid . ' ' .
940	"--password1 $defaultUserPassword_plain " .
941	"--host2 localhost " .
942	"--user2 " . $new_uid . ' ' .
943	"--password2 $defaultUserPassword_plain " .
944	"--syncinternaldates --exclude user.*", $exec_return, $exec_result);
945
946	$reg_total = count($exec_return);
947
948	for ($i=$reg_total; $i>($reg_total-9); $i--)
949	$return['exec_return'] .= $exec_return[$i] . "\n";
950
951	//SIEVE
952	if ($sieve_enable == 'yes')
953	{
954	include_once('sieve-php.lib.php');
955
956	$sieve_uid = new sieve("$sieve_server", "$sieve_port", "$uid", "$defaultUserPassword_plain", '', "PLAIN");
957	$sieve_new_uid = new sieve("$sieve_server", "$sieve_port", "$new_uid", "$defaultUserPassword_plain", '', "PLAIN");
958
959	if (!$sieve_uid->sieve_login())
960	{
961	$return['status'] = false;
962	$return['msg'] .= "\nNão foi possível fazer login no sieve:$uid";
963	}
964	elseif (!$sieve_new_uid->sieve_login())
965	{
966	$return['status'] = false;
967	$return['msg'] .= "\nNão foi possível fazer login no sieve:$new_uid";
968	}
969	else
970	{
971	$sieve_uid->sieve_listscripts();
972	$uid_active_script=$sieve_uid->response["ACTIVE"];
973	if(isset($uid_active_script))
974	{
975	$i=0;
976	$activescript="";
977	if($sieve_uid->sieve_getscript($uid_active_script))
978	{
979	if(is_array($sieve_uid->response))
980	{
981	foreach($sieve_uid->response as $result)
982	{
983	$activescript .= $result;
984	}
985	}
986	}
987
988	$new_script_name = $new_uid;
989	if ($sieve_new_uid->sieve_sendscript($new_script_name,$activescript))
990	{
991	$sieve_new_uid->sieve_setactivescript($new_script_name);
992	$return['exec_return'] .= "Script SIEVE transferido com êxito.\n";
993	}
994	else
995	{
996	$return['status'] = false;
997	$return['msg'] .= "Problemas na transferência do script Sieve.\\n";
998	}
999	}
1000	else
1001	$return['exec_return'] .= "\n2";
1002	}
1003	$sieve_uid->sieve_logout();
1004	$sieve_new_uid->sieve_logout();
1005	}
1006	else
1007	$return['exec_return'] .= "\n1";
1008
1009	if ($exec_result)
1010	{
1011	// Deleta caixa-postal antiga
1012	$result = $this->imap_functions->delete_user($uid);
1013	if (!$result['status'])
1014	{
1015	$return['status'] = false;
1016	$return['msg'] .= $result['msg'];
1017	}
1018	}
1019	else
1020	{
1021	$return['status'] = false;
1022	$return['msg'] .= "Problemas ao executar o imapsinc. Caixa postal $uid não excluida.";
1023	}
1024
1025	// Retorna senha do usuário
1026	$this->ldap_functions->set_user_password($uid, $user_password);
1027
1028	// Remove old UID do ldap
1029	$user_info_mod_remove['uid'] = $uid;
1030	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
1031
1032	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
1033
1034	return $return;
1035	*/
1036	}
1037	}
1038	}
1039	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: