<?php
	/**********************************************************************************\
	* Expresso Administração                 									      *
	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
	* --------------------------------------------------------------------------------*
	*  This program is free software; you can redistribute it and/or modify it		  *
	*  under the terms of the GNU General Public License as published by the		  *
	*  Free Software Foundation; either version 2 of the License, or (at your		  *
	*  option) any later version.													  *
	\**********************************************************************************/
	
	include_once('class.ldap_functions.inc.php');
	include_once('class.db_functions.inc.php');
	include_once('class.imap_functions.inc.php');
	include_once('class.functions.inc.php');
	
	class user
	{
		var $ldap_functions;
		var $db_functions;
		var $imap_functions;
		var $functions;
		var $current_config;
		
		function user()
		{
			$this->ldap_functions = new ldap_functions;
			$this->db_functions = new db_functions;
			$this->imap_functions = new imap_functions;
			$this->functions = new functions;
			$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin']; 
		}
		
		function create($params)
		{
			$return['status'] = true;
		
			// Verifica o acesso do gerente
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
			{
				// Adiciona a organização na frente do uid.
				if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
				{
					$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
				
					$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
					$explode_dn = array_reverse($explode_dn);
					//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
					$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
				}
			
				// Leio o ID a ser usado na criação do objecto. Esta função já incrementa o ID no BD.
				$next_id = ($this->db_functions->get_next_id('accounts'));
				if ((!is_numeric($next_id['id'])) || (!$next_id['status']))
				{
					$return['status'] = false;
					$return['msg'] = "Problemas obtendo ID do usuário.\n" . $id['msg'];
					return $return;
				}
				else
				{
					$id = $next_id['id'];
				}
			
				// Cria array para incluir no LDAP
				$dn = 'uid=' . $params['uid'] . ',' . $params['context'];		
			
				$user_info = array();
				$user_info['accountStatus'] 			= $params['accountstatus'] == 1 ? 'active' : 'desactive';
				$user_info['cn']						= $params['givenname'] . ' ' . $params['sn'];
				$user_info['gidNumber']					= $params['gidnumber'];
				$user_info['givenName']					= $params['givenname'];
				$user_info['homeDirectory']				= '/home/' . $params['uid'];
				$user_info['mail']						= $params['mail'];
				$user_info['objectClass'][]				= 'posixAccount';
				$user_info['objectClass'][]				= 'inetOrgPerson';
				$user_info['objectClass'][]				= 'shadowAccount';
				$user_info['objectClass'][]				= 'qmailuser';
				$user_info['objectClass'][]				= 'phpgwAccount';
				$user_info['objectClass'][]				= 'top';
				$user_info['objectClass'][]				= 'person';
				$user_info['objectClass'][]				= 'organizationalPerson';
				$user_info['phpgwAccountExpires']		= '-1';
				$user_info['phpgwAccountType']			= 'u';
				$user_info['sn']						= $params['sn'];
				$user_info['uid']						= $params['uid'];
				$user_info['uidnumber']					= $id;
				$user_info['userPassword']				= '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
				
				if ($params['passwd_expired'] == '1')
					$user_info['phpgwLastPasswdChange'] = '0';
				
				// Gerenciar senhas RFC2617
				if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
				{
					$realm		= $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
					$uid		= $user_info['uid'];
					$password	= $params['password1'];
					$user_info['userPasswordRFC2617'] = $realm . ':      ' . md5("$uid:$realm:$password");
				}
				
				if ($params['phpgwaccountstatus'] == '1')
					$user_info['phpgwAccountStatus'] = 'A';
			
				if ($params['departmentnumber'] != '')
					$user_info['departmentnumber']	= $params['departmentnumber'];
			
				if ($params['telephonenumber'] != '')
					$user_info['telephoneNumber']	= $params['telephonenumber'];
						
				// Cria user_info no caso de ter alias e forwarding email.
				foreach ($params['mailalternateaddress'] as $index=>$mailalternateaddress)
				{
					if ($mailalternateaddress != '')
						$user_info['mailAlternateAddress'][] = $mailalternateaddress;
				}
			
				foreach ($params['mailforwardingaddress'] as $index=>$mailforwardingaddress)
				{
					if ($mailforwardingaddress != '')
						$user_info['mailForwardingAddress'][] = $mailforwardingaddress;
				}
				
				if ($params['deliverymode'])
					$user_info['deliveryMode'] = 'forwardOnly';
			
				//Ocultar da pesquisa e do catálogo
				if ($params['phpgwaccountvisible'])
					$user_info['phpgwAccountVisible'] = '-1';

				// Suporte ao SAMBA
				if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
				{
					
					// Qualquer um que crie um usuário, deve ter permissão para adicionar a senha samba.
					// Verifica o acesso do gerente aos atributos samba
					//if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes'))
					//{
						//Verifica se o binario para criar as senhas do samba exite.
						if (!is_file('/home/expressolivre/mkntpwd'))
						{
							$return['status'] = false;
							$return['msg'] .= "O arquivo  binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
						}
						else
						{
							$user_info['objectClass'][] 		= 'sambaSamAccount';
							$user_info['loginShell']			= '/bin/bash';
	
							$user_info['sambaSID']				= $params['sambadomain'] . '-' . ((2 * $id)+1000);
							$user_info['sambaPrimaryGroupSID']	= $params['sambadomain'] . '-' . ((2 * $user_info['gidNumber'])+1001);

							$user_info['sambaAcctFlags']		= $params['sambaacctflags'];
			
							$user_info['sambaLogonScript']		= $params['sambalogonscript'];
							$user_info['homeDirectory']			= $params['sambahomedirectory'];
			
							$user_info['sambaLMPassword']		= exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
							$user_info['sambaNTPassword']		= exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
							$user_info['sambaPasswordHistory']	= '0000000000000000000000000000000000000000000000000000000000000000';
			
							$user_info['sambaPwdCanChange']		= strtotime("now");
							$user_info['sambaPwdLastSet']		= strtotime("now");
							$user_info['sambaPwdMustChange']	= '2147483647';
						}
					//}
				}
				
				// Verifica o acesso do gerente aos atributos corporativos
				if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information'))
				{
					//retira caracteres que não são números.
					$params['corporative_information_cpf'] = ereg_replace("[^0-9]", "", $params['corporative_information_cpf']);
					
					foreach ($params as $atribute=>$value)
					{
						$pos = strstr($atribute, 'corporative_information_');
						if ($pos !== false)
						{
							if ($params[$atribute])
							{
								$ldap_atribute = str_replace("corporative_information_", "", $atribute);
								$user_info[$ldap_atribute] = $params[$atribute];
							}
						}
					}
				}
				
				$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
				if (!$result['status'])
				{
					$return['status'] = false;
					$return['msg'] .= $result['msg'];
				}
			
				// Chama funcao para salvar foto no OpenLDAP.			
				if ( ($_FILES['photo']['name'] != '') && ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users_picture')) )
				{
					$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
					if (!$result['status'])
					{
						$return['status'] = false;
						$return['msg'] .= $result['msg'];
					}
				}
			
				//GROUPS
				if ($params['groups'])
				{
					foreach ($params['groups'] as $gidnumber)
					{
						$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
						if (!$result['status'])
						{
							$return['status'] = false;
							$return['msg'] .= $result['msg'];
						}
						$result = $this->db_functions->add_user2group($gidnumber, $id);
						if (!$result['status'])
						{
							$return['status'] = false;
							$return['msg'] .= $result['msg'];
						}
					}
				}
			
				// Inclusao do Mail do usuário nas listas de email selecionadas.
				if ($params['maillists'])
				{
					foreach($params['maillists'] as $uid)
	            	{
						$result = $this->ldap_functions->add_user2maillist($uid, $user_info['mail']);
						if (!$result['status'])
						{
							$return['status'] = false;
							$return['msg'] .= $result['msg'];
						}
	            	}
				}
                       
				// APPS
				if (count($params['apps']))
				{
					$result = $this->db_functions->add_id2apps($id, $params['apps']);
					if (!$result['status'])
					{
						$return['status'] = false;
						$return['msg'] .= $result['msg'];
					}
				}

				// Chama funcao para incluir no pgsql as preferencia de alterar senha.
				if ($params['changepassword'])
				{
					$result = $this->db_functions->add_pref_changepassword($id);
					if (!$result['status'])
					{
						$return['status'] = false;
						$return['msg'] .= $result['msg'];
					}
				}					
							
				// Chama funcao para criar mailbox do usuario, no imap-cyrus.
				$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
				if (!$result['status'])
				{
					$return['status'] = false;
				$return['msg'] .= $result['msg'];
				}

				$this->db_functions->write_log("criado usuario $dn",'','','','');
			}

			return $return;
		}
		
		function save($new_values)
		{
			$return['status'] = true;
			
			$old_values = $this->get_user_info($new_values['uidnumber']);
			
			$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);

			//retira caracteres que não são números.
			$new_values['corporative_information_cpf'] = ereg_replace("[^0-9]", "", $new_values['corporative_information_cpf']);

			$diff = array_diff($new_values, $old_values);
			
			/*
			echo '<pre>';
			echo '--- OLD: ';
			print_r($old_values);
			echo '<br>--- NEW: ';
			print_r($new_values);
			echo '<br>';
			exit;*/
			

			$manager_account_lid = $_SESSION['phpgw_session']['session_lid'];
			if ((!$this->functions->check_acl($manager_account_lid,'edit_users')) &&
				(!$this->functions->check_acl($manager_account_lid,'change_users_password')) &&
				(!$this->functions->check_acl($manager_account_lid,'edit_sambausers_attributes')) &&
				(!$this->functions->check_acl($manager_account_lid,'manipulate_corporative_information')) &&
				(!$this->functions->check_acl($manager_account_lid,'edit_users_phonenumber'))
				)
			{
				$return['status'] = false;
				$return['msg'] = 'Você não tem direito de editar informações de usuários.';
				return $return;
			}

			// Verifica o acesso do gerente
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
			{
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// Change user organization
				if ($diff['context'])
				{
					if (strcasecmp($old_values['context'], $new_values['context']) != 0)
					{
						$newrdn = 'uid=' . $new_values['uid'];
						$newparent = $new_values['context'];
						$result =  $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
						if (!$result['status'])
						{
							$return['status'] = false;
							$return['msg'] .= $result['msg'];
						}
						else
						{
							$dn = $newrdn . ',' . $newparent;
							$this->db_functions->write_log('alterado contexto do usuario' . $new_values['uid'] . ' de: ' . $old_values['context'] . ' para: ' . $new_values['context'],'',$dn,'','');
						}
					}
				}
			
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// REPLACE some attributes
				if ($diff['givenname'])
				{
					$ldap_mod_replace['givenname'] = $new_values['givenname'];
					$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
					$this->db_functions->write_log("alterado givenname do usuario $dn de ".$old_values['givenname']." para ".$new_values['givenname'],'','','','');
				}
				if ($diff['sn'])
				{
					$ldap_mod_replace['sn'] = $new_values['sn'];
					$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
					$this->db_functions->write_log("altera sn do usuario de ".$old_values['sn']." para ".$new_values['sn'],'','','','');
				}
				if ($diff['mail'])
				{
					$ldap_mod_replace['mail'] = $new_values['mail'];
					$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
					$this->ldap_functions->replace_mail_from_institutional_account($new_values['mail'], $old_values['mail']);
					$this->db_functions->write_log("alterado mail do usuario $dn de " . $old_values['mail'] . " para " . $new_values['mail'],'','','','');
				}
				/*
				if (($diff['mailalternateaddress']) && ($old_values['mailalternateaddress'] != ''))
				{
					$ldap_mod_replace['mailalternateaddress'] = $new_values['mailalternateaddress'];
					$this->db_functions->write_log("alterado mailalternateaddress do usuario",'',$dn,'','');
				}
				if (($diff['mailforwardingaddress']) && ($old_values['mailforwardingaddress'] != ''))
				{
					$ldap_mod_replace['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
					$this->db_functions->write_log("alterado mailforwardingaddress do usuario",'',$dn,'','');
				}
				*/
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// Passwd Expired - Com atributo
				if (($old_values['passwd_expired'] != '') && ($new_values['passwd_expired'] == '1'))
				{
					$ldap_mod_replace['phpgwlastpasswdchange'] = '0';
					$this->db_functions->write_log("Expirado senha do usuário $dn",'','','','');
				}
			}
			
			if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) || 
			     ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
			{
				if ($diff['password1'])
				{
					$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
					
					// Suporte ao SAMBA
					if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
					{
						$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
						$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
					}
					
					// Gerenciar senhas RFC2617
					if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
					{
						$realm		= $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
						$uid		= $new_values['uid'];
						$password	= $new_values['password1'];
						$passUserRFC2617 = $realm . ':      ' . md5("$uid:$realm:$password");
						
						if ($old_values['userPasswordRFC2617'] != '')
							$ldap_mod_replace['userPasswordRFC2617'] = $passUserRFC2617;
						else
							$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
					}
					
					$this->db_functions->write_log("alterado password do usuario $dn",'','','','');
				}
			}

			if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) || 
			     ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users_phonenumber')) )
			{
				if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
				{
					$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
					$this->db_functions->write_log("alterado telephonenumber do usuario $dn de ".$old_values['telephonenumber']." para ".$new_values['telephonenumber'],'','','','');
				}
			}
			
			// REPLACE, ADD & REMOVE COPORATIVEs ATRIBUTES
			// Verifica o acesso do gerente aos atributos corporativos
			
			if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) || 
			     ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information')) )
			{
				foreach ($new_values as $atribute=>$value)
				{
					$pos = strstr($atribute, 'corporative_information_');
					if ($pos !== false)
					{
						$ldap_atribute = str_replace("corporative_information_", "", $atribute);
						// REPLACE ATTRS OF CORPORATIVE
						if (($diff[$atribute]) && ($old_values[$atribute] != ''))
						{
							$ldap_atribute = str_replace("corporative_information_", "", $atribute);
							$ldap_mod_replace[$ldap_atribute] = $new_values[$atribute];
							$this->db_functions->write_log("alterado $ldap_atribute do usuario $dn de ".$old_values[$atribute]." para ".$new_values[$atribute],'','','','');
						}
						//ADD ATTRS OF CORPORATIVE
						elseif (($old_values[$atribute] == '') && ($new_values[$atribute] != ''))
						{
							$ldap_add[$ldap_atribute] = $new_values[$atribute];
							$this->db_functions->write_log("adicionado $ldap_atribute ao usuario $dn de ".$old_values[$atribute]." para ".$new_values[$atribute],'','','','');
						}
						//REMOVE ATTRS OF CORPORATIVE
						elseif (($old_values[$atribute] != '') && ($new_values[$atribute] == ''))
						{
							$ldap_remove[$ldap_atribute] = array();
							$this->db_functions->write_log("removido $ldap_atribute do usuario $dn de ".$old_values[$atribute]." para ".$new_values[$atribute],'','','','');	
						}
					}
				}
			}
			
			//Suporte ao SAMBA
			if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) || 
			     ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
			{
				
				if ($diff['gidnumber'])
				{
					$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
					$this->db_functions->write_log("alterado gidnumber do usuario $dn. De:".$old_values['gidnumber']." Para:".$new_values['gidnumber'],'','','','');
				}
				
				if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
				{
					if ($diff['gidnumber'])
					{
						$ldap_mod_replace['sambaPrimaryGroupSID']	= $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
						$this->db_functions->write_log("alterado sambaPrimaryGroupSID do usuario $dn.",'','','','');
					}
					
					if ($diff['sambaacctflags'])
					{
						$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
						$this->db_functions->write_log("alterado sambaacctflags do usuario $dn",'','','','');
					}
					if ($diff['sambalogonscript'])
					{
						$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
						$this->db_functions->write_log("alterado sambalogonscript do usuario $dn",'','','','');
					}
					if ($diff['sambahomedirectory'])
					{
						$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
						$this->db_functions->write_log("alterado homedirectory do usuario $dn",'','','','');
					}
					if ($diff['sambadomain'])
					{
						$ldap_mod_replace['sambaSID']				= $diff['sambadomain'] . '-' . ((2 * $old_values['uidnumber'])+1000);
						$ldap_mod_replace['sambaPrimaryGroupSID']	= $diff['sambadomain'] . '-' . ((2 * $old_values['gidnumber'])+1001);
						$this->db_functions->write_log("alterado dominio samba do usuario $dn para " . $params['sambadomain'],'','','','');
					}
				}
			}
			
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			// ADD or REMOVE some attributes
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			// PHOTO
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users_picture'))
			{
				if ($new_values['delete_photo'])
				{
					$this->ldap_functions->ldap_remove_photo($dn);
					$this->db_functions->write_log("removido jpegphoto do usuario $dn",'','','','');
				}
				elseif ($_FILES['photo']['name'] != '')
				{
					
					if ($_FILES['photo']['size'] > 10000)
					{
						$return['status'] = false;
						$return['msg'] .= 'Foto do usuário não foi salva, pois excede o tamanho máximo de 10 kb.';
					}
					else
					{
						if ($new_values['photo_exist'])
						{
							$photo_exist = true;
							$this->db_functions->write_log("substituido jpegphoto do usuario $dn",'','','','');
						}
						else
						{
							$photo_exist = false;
							$this->db_functions->write_log("adicionado jpegphoto ao usuario $dn",'','','','');
						}				
						$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
					}
				}	
			}
			
			// Verifica o acesso ára adicionar ou remover tais atributos
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
			{
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// TELEPHONE
				if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
				{
					$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
					$this->db_functions->write_log("adicionado telephonenumber ao usuario $dn",'','','','');
				}
				if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
				{
					$ldap_remove['telephonenumber'] = array();
					$this->db_functions->write_log("removido telephonenumber do usuario $dn",'','','','');
				}
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// Passwd Expired - Sem atributo
				if (($old_values['passwd_expired'] == '') && ($new_values['passwd_expired'] == '1'))
				{
					$ldap_add['phpgwlastpasswdchange'] = '0';
					$this->db_functions->write_log("Expirado senha do usuário $dn",'','','','');
				}
				if (($old_values['passwd_expired'] == '0') && ($new_values['passwd_expired'] == ''))
				{
					$ldap_remove['phpgwlastpasswdchange'] = array();
					$this->db_functions->write_log("Removido expiração da senha do usuário $dn",'','','','');
				}
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// PREF_CHANGEPASSWORD
				if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
				{
					$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
					$this->db_functions->write_log("adicionado changepassword ao usuario $dn",'','','','');
				}
				if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
				{
					$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
					$this->db_functions->write_log("removido changepassword do usuario $dn",'','','','');
				}
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// ACCOUNT STATUS
				if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
				{
					$ldap_add['phpgwaccountstatus'] = 'A';
					$this->db_functions->write_log("ativado conta do usuario $dn",'','','','');
				}
				if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
				{
					$ldap_remove['phpgwaccountstatus'] = array();
					$this->db_functions->write_log("desativado conta do usuario $dn",'','','','');
				}
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// ACCOUNT VISIBLE
				if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
				{
					$ldap_add['phpgwaccountvisible'] = '-1';
					$this->db_functions->write_log("adicionado phpgwaccountvisible ao usuario $dn",'','','','');
				}
				if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
				{
					$ldap_remove['phpgwaccountvisible'] = array();
					$this->db_functions->write_log("removido phpgwaccountvisible ao usuario $dn",'','','','');
				}
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// Mail Account STATUS
				if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
				{
					$ldap_add['accountstatus'] = 'active';
					$this->db_functions->write_log("ativado conta de email do usuario $dn",'','','','');
				}
				if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
				{
					$ldap_remove['accountstatus'] = array();
					$this->db_functions->write_log("desativado conta de email do usuario $dn",'','','','');
				}
				/*
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// MAILALTERNATEADDRESS
				if (($old_values['mailalternateaddress'] == '') && ($new_values['mailalternateaddress'] != ''))
				{
					$ldap_add['mailalternateaddress'] = $new_values['mailalternateaddress'];
					$this->db_functions->write_log("adicionado mailalternateaddress ao usuario",'',$dn,'','');
				}
				if (($old_values['mailalternateaddress'] != '') && ($new_values['mailalternateaddress'] == ''))
				{
					$ldap_remove['mailalternateaddress'] = array();
					$this->db_functions->write_log("removido mailalternateaddress ao usuario",'',$dn,'','');
				}
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// MAILFORWARDINGADDRESS
				if (($old_values['mailforwardingaddress'] == '') && ($new_values['mailforwardingaddress'] != ''))
				{
					$ldap_add['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
					$this->db_functions->write_log("adicionado mailforwardingaddress ao usuario",'',$dn,'','');
				}
				if (($old_values['mailforwardingaddress'] != '') && ($new_values['mailforwardingaddress'] == ''))
				{
					$ldap_remove['mailforwardingaddress'] = array();
					$this->db_functions->write_log("removido mailforwardingaddress ao usuario",'',$dn,'','');
				}
				*/
				
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// MAILALTERNATEADDRESS
				if (!$new_values['mailalternateaddress'])
					$new_values['mailalternateaddress'] = array();
				if (!$old_values['mailalternateaddress'])
					$old_values['mailalternateaddress'] = array();
				$add_mailalternateaddress = array_diff($new_values['mailalternateaddress'], $old_values['mailalternateaddress']);
				$remove_mailalternateaddress = array_diff($old_values['mailalternateaddress'], $new_values['mailalternateaddress']);
				foreach ($add_mailalternateaddress as $index=>$mailalternateaddress)
				{
					if ($mailalternateaddress != '')
					{
						$ldap_add['mailalternateaddress'][] = $mailalternateaddress;
						$this->db_functions->write_log("adicionado mailalternateaddress $mailalternateaddress ao usuario $dn",'',$dn,'','');
					}
				}
				foreach ($remove_mailalternateaddress as $index=>$mailalternateaddress)
				{
					if ($mailalternateaddress != '')
					{
						if ($index !== 'count')
						{
							$ldap_remove['mailalternateaddress'][] = $mailalternateaddress;
							$this->db_functions->write_log("removido mailalternateaddress $mailalternateaddress do usuario $dn",'',$dn,'','');
						}
					}
				}
				
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// MAILFORWARDINGADDRESS
				if (!$new_values['mailforwardingaddress'])
					$new_values['mailforwardingaddress'] = array();
				if (!$old_values['mailforwardingaddress'])
					$old_values['mailforwardingaddress'] = array();
				$add_mailforwardingaddress = array_diff($new_values['mailforwardingaddress'], $old_values['mailforwardingaddress']);
				$remove_mailforwardingaddress = array_diff($old_values['mailforwardingaddress'], $new_values['mailforwardingaddress']);
				foreach ($add_mailforwardingaddress as $index=>$mailforwardingaddress)
				{
					if ($mailforwardingaddress != '')
					{
						$ldap_add['mailforwardingaddress'][] = $mailforwardingaddress;
						$this->db_functions->write_log("adicionado mailforwardingaddress $mailforwardingaddress ao usuario $dn",'',$dn,'','');
					}
				}
				foreach ($remove_mailforwardingaddress as $index=>$mailforwardingaddress)
				{
					if ($mailforwardingaddress != '')
					{
						if ($index !== 'count')
						{
							$ldap_remove['mailforwardingaddress'][] = $mailforwardingaddress;
							$this->db_functions->write_log("removido mailforwardingaddress $mailforwardingaddress do usuario $dn",'',$dn,'','');
						}
					}
				}
				
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// Delivery Mode
				if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
				{
					$ldap_add['deliverymode'] = 'forwardOnly';
					$this->db_functions->write_log("adicionado forwardOnly ao usuario $dn",'','','','');
				}
				if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
				{
					$ldap_remove['deliverymode'] = array();
					$this->db_functions->write_log("removido forwardOnly ao usuario $dn",'','','','');
				}
			}
			
			if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) || 
			     ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
			{
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// MAILQUOTA
				if ($diff['mailquota'])
				{
					$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
					$this->db_functions->write_log("alterado cota do usuario $dn",'','','','');
				}
			}

			if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) || 
			     ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
			{
				//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// REMOVE ATTRS OF SAMBA
				if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
				{
					$ldap_remove['objectclass'] 			= 'sambaSamAccount';	
					$ldap_remove['loginShell']				= array();
					$ldap_remove['sambaSID']				= array();
					$ldap_remove['sambaPrimaryGroupSID']	= array();
					$ldap_remove['sambaAcctFlags']			= array();
					$ldap_remove['sambaLogonScript']		= array();
					$ldap_remove['sambaLMPassword']			= array();
					$ldap_remove['sambaNTPassword']			= array();
					$ldap_remove['sambaPasswordHistory']	= array();
					$ldap_remove['sambaPwdCanChange']		= array();
					$ldap_remove['sambaPwdLastSet']			= array();
					$ldap_remove['sambaPwdMustChange']		= array();
					$this->db_functions->write_log("removido atributos samba do usuario $dn.",'','','','');
				}
				//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// ADD ATTRS OF SAMBA
				if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
				{
					//Verifica se o binario para criar as senhas do samba exite.
					if (!is_file('/home/expressolivre/mkntpwd'))
					{
						$return['status'] = false;
						$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
					}
					else
					{
						$ldap_add['objectClass'][] 			= 'sambaSamAccount';
						$ldap_mod_replace['loginShell']		= '/bin/bash';
						$ldap_add['sambaSID']				= $new_values['sambadomain'] . '-' . ((2 * $new_values['uidnumber'])+1000);
						$ldap_add['sambaPrimaryGroupSID']	= $new_values['sambadomain'] . '-' . ((2 * $new_values['gidnumber'])+1001);
						$ldap_add['sambaAcctFlags']			= $new_values['sambaacctflags'];
						$ldap_add['sambaLogonScript']		= $new_values['sambalogonscript'];
						$ldap_mod_replace['homeDirectory']	= $new_values['sambahomedirectory'];
						$ldap_add['sambaLMPassword']		= exec('/home/expressolivre/mkntpwd -L '.'senha');
						$ldap_add['sambaNTPassword']		= exec('/home/expressolivre/mkntpwd -N '.'senha');
						$ldap_add['sambaPasswordHistory']	= '0000000000000000000000000000000000000000000000000000000000000000';
						$ldap_add['sambaPwdCanChange']		= strtotime("now");
						$ldap_add['sambaPwdLastSet']		= strtotime("now");
						$ldap_add['sambaPwdMustChange']	= '2147483647';
						$this->db_functions->write_log("adicionado atributos samba ao usuario $dn.",'','','','');
					}
				}
			}
			
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			// GROUPS
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups')) 
			{
				// If the manager does not have the suficient access, the new_values.uid is empty. 
				if (empty($new_values['uid']))
					$user_uid = $old_values['uid'];
				else
					$user_uid = $new_values['uid'];
				
				if (!$new_values['groups'])
					$new_values['groups'] = array();
				if (!$old_values['groups'])
					$old_values['groups'] = array();
			
				$add_groups = array_diff($new_values['groups'], $old_values['groups']);
				$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
			
				if (count($add_groups)>0)
				{
					foreach($add_groups as $gidnumber)
					{
						$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
						$this->ldap_functions->add_user2group($gidnumber, $user_uid);
						$this->db_functions->write_log("adicionado usuario $dn ao grupo $gidnumber.",'','','','');
					}
				}
				
				if (count($remove_groups)>0)
				{
					foreach($remove_groups as $gidnumber)
					{
						foreach($old_values['groups_info'] as $group)
						{
							if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
							{
								$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
								$this->ldap_functions->remove_user2group($gidnumber, $user_uid);
								$this->db_functions->write_log("removido usuario $dn do grupo $gidnumber.",'','','','');
							}
						}
					}
				}
				/* GIDNUMBER agora é um atributo samba e pode ser alterado por gerentes com este perfil
				/*
				if ($diff['gidnumber'])
				{
					$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
					if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
					{
						$ldap_mod_replace['sambaPrimaryGroupSID']	= $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
					}
					$this->db_functions->write_log("alterado gidnumber do usuario.",'',$dn,'','');
				}
				*/
			}
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			// LDAP_MOD_REPLACE
			if (count($ldap_mod_replace))
			{
				$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
				if (!$result['status'])
				{
					$return['status'] = false;
					$return['msg'] .= $result['msg'];
				}
			}
			
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			// LDAP_MOD_ADD
			if (count($ldap_add))
			{
				echo 'ldap-add<br>';
				print_r($ldap_add);
				$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
				if (!$result['status'])
				{
					$return['status'] = false;
					$return['msg'] .= $result['msg'];
				}
			}
			
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			// LDAP_MOD_REMOVE			
			if (count($ldap_remove))
			{
				echo 'ldap-remove<br>';
				print_r($ldap_remove);
				$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
				if (!$result['status'])
				{
					$return['status'] = false;
					$return['msg'] .= $result['msg'];
				}
			}
			////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) 
			{
				////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// MAILLISTS
				if (!$new_values['maillists'])
					$new_values['maillists'] = array();
				if (!$old_values['maillists'])
					$old_values['maillists'] = array();

				$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
				$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
				
				if (count($add_maillists)>0)
				{
					foreach($add_maillists as $uid)
					{
						$this->ldap_functions->add_user2maillist($uid, $new_values['mail']);
						$this->db_functions->write_log("adicionado usuario $dn a maillist $uid.",'','','','');
					}
				}
				/*
				echo '<pre>';
				print_r($old_values['maillists']);
				print_r($new_values['maillists']);
				*/
				
				if (count($remove_maillists)>0)
				{
					foreach($remove_maillists as $uid)
					{
						$this->ldap_functions->remove_user2maillist($uid, $new_values['mail']);
						$this->db_functions->write_log("removido usuario $dn da maillist $uid.",'','','','');
					}
				}
			
				//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
				// APPS
				$new_values2 = array();
				$old_values2 = array();
				if (count($new_values['apps'])>0)
				{
					foreach ($new_values['apps'] as $app=>$tmp)
					{
						$new_values2[] = $app;
					}
				}
				if (count($old_values['apps'])>0)
				{
					foreach ($old_values['apps'] as $app=>$tmp)
					{
						$old_values2[] = $app;
					}
				}
				$add_apps    = array_flip(array_diff($new_values2, $old_values2));
				$remove_apps = array_flip(array_diff($old_values2, $new_values2));

				if (count($add_apps)>0)
				{
					$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);

					foreach ($add_apps as $app => $index)
						$this->db_functions->write_log("Adicionado aplicativo $app ao usuário $dn",'',$dn,'','');
				}
				if (count($remove_apps)>0)
				{
					//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
					$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
					
					foreach ($remove_apps as $app => $app_index)
					{
						if ($manager_apps[$app] == 'run')
							$remove_apps2[$app] = $app_index;
					}
					$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
					
					foreach ($remove_apps2 as $app => $access)
						$this->db_functions->write_log("Removido aplicativo $app do usuário $dn",'',$dn,'','');
				}
				//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
			}			
			return $return;
		}		
		
		function get_user_info($uidnumber)
		{
			$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber);
			$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
			$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups']);
			$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
			$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
			return $user_info;
		}
		
		function set_user_default_password($params)
		{
			$return['status'] = true;
			$uid = $params['uid'];
			$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
			
			if (!$this->db_functions->default_user_password_is_set($uid))
			{
				$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
				$this->db_functions->set_user_password($uid, $userPassword);
			}
			else
			{
				$return['status'] = false;
				$return['msg'] = 'Senha default já cadastrada!';
			}
			
			$this->db_functions->write_log("Setado senha default para $uid",'','','','');
			
			return $return;
		}

		function return_user_password($params)
		{
			$return['status'] = true;
			$uid = $params['uid'];
			
			if ($this->db_functions->default_user_password_is_set($uid))
			{
				$userPassword = $this->db_functions->get_user_password($uid);
				$this->ldap_functions->set_user_password($uid, $userPassword);
			}
			else
			{
				$return['status'] = false;
				$return['msg'] = 'Senha default NÃO cadastrada!';
			}
			
			$this->db_functions->write_log("Retornado senha default de $uid",'','','','');
			
			return $return;
		}
		
		function delete($params)
		{
			$return['status'] = true;
			
			// Verifica o acesso do gerente
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
			{
				$uidnumber = $params['uidnumber'];
				$user_info = $this->get_user_info($uidnumber);
			
				//LDAP
				$result_ldap = $this->ldap_functions->delete_user($user_info);
				if (!$result_ldap['status'])
				{
					$return['status'] = false;
					$return['msg'] .= $result_ldap['msg'];
				}
				else
				{
					//DB
					$result_db = $this->db_functions->delete_user($user_info);
					if (!$result_db['status'])
					{
						$return['status'] = false;
						$return['msg'] .= $result_ldap['msg'];
					}
			
					//IMAP
					$result_imap = $this->imap_functions->delete_user($user_info['uid']);
					if (!$result_imap['status'])
					{
						$return['status'] = false;
						$return['msg'] .= $result_ldap['msg'];
					}
					$this->db_functions->write_log('deletado usuario ' . $user_info['uid'],'','','','');
				}
			}
			
			return $return;
		}


		function rename($params)
		{
			$return['status'] = true;
			
			// Verifica acesso do gerente (OU) ao tentar renomear um usuário.			
			if ( ! $this->ldap_functions->check_access_to_renamed($params['uid']) )
			{
				$return['status'] = false;
				$return['msg'] .= 'Você não tem acesso para deletar este usuário.';
				return $return;
			}

			// Check if the new_uid alrteady is in use.			
			if ( ! $this->ldap_functions->check_rename_new_uid($params['new_uid']) )
			{
				$return['status'] = false;
				$return['msg'] = 'Novo login já está em uso.';
				return $return;
			}

			// Verifica o acesso do gerente
			if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
			{
				$uid 		= $params['uid'];
				$new_uid	= $params['new_uid'];
				$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
				$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];

				$emailadmin_profiles = $this->db_functions->get_sieve_info();
				$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
				$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
				$sieve_port   = $emailadmin_profiles[0]['imapsieveport'];

				$imap_admin		= $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
				$imap_passwd	= $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
				$imap_server	= $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
				$imap_port		= $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
				$imapDelimiter	= $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
			
				//Verifica se está sendo usuado cyrus 2.2 ou superior
				$sk = fsockopen ($imap_server,$imap_port);
				$server_resp = fread($sk, 100);
        		$tmp = split('v2.', $server_resp);
	        	$cyrus_version = '2' . $tmp[1][0];
			
	    	    if ($cyrus_version < '22')
    	    	{
					$return['status'] = false;
					$return['msg'] = "A renomeação de usuários só permitida com o cyrus versão 2.2 ou superior,";
					$return['msg'] .= "\ne com a opção 'allowusermoves: yes' configurado no imapd.conf.";
					return $return;
	        	}

				// Renomeia UID no openldap
				$result = $this->ldap_functions->rename_uid($uid, $new_uid);
				if (!$result['status'])
				{
					$return['status'] = false;
					$return['msg'] = "Erro ao renomear usuário no LDAP. Processo abortado.";
					return $return;
				}
				
        		//Renomeia mailbox
   	    		$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
				if (!$result['status'])
				{
					// Back user uid.
					$result = $this->ldap_functions->rename_uid($new_uid, $uid);
					
					$return['status'] = false;
					$return['msg'] = "Erro ao renomear usuário no Cyrus. Processo abortado.";
					return $return;
				}
        			

				// Seta senha default
				$user_password = $this->ldap_functions->set_user_password($new_uid, $defaultUserPassword);

       			// Renomeia sieve script
       			include_once('sieve-php.lib.php');
       			$sieve=new sieve($sieve_server, $sieve_port, $new_uid, $defaultUserPassword_plain);
        			
				if ($sieve->sieve_login())
				{
					$sieve->sieve_listscripts();
					$myactivescript=$sieve->response["ACTIVE"];
					$sieve->sieve_getscript($myactivescript);

					$script = '';
					if (!empty($sieve->response))
					{
						foreach($sieve->response as $result)
						{
							$script .= $result;
						}
					}

       				$scriptname = $new_uid;
					if($sieve->sieve_sendscript($new_uid,$script))
					{
						if ($sieve->sieve_setactivescript($new_uid))
						{
							$sieve->sieve_deletescript($myactivescript);
						}
					}
					else 
					{
						$return['status'] = false;
						$return['msg'] .= $result['msg'] . "Erro ao renomear script sieve, falha no envio do novo script." .
															"\nCaixa postal e login alterados.";
					}
					$sieve->sieve_logout();
				}
				else
				{
						$return['status'] = false;
						$return['msg'] .= $result['msg'] . "Erro ao renomear script sieve, falha no Login." .
															"\nCaixa postal e login alterados.";
				}

				// Back user password.
				$this->ldap_functions->set_user_password($new_uid, $user_password);
		
				$this->db_functions->write_log("renomeado login do usuario $uid para $new_uid.",'','','','');

				$return['exec_return'] = "";

	        	return $return;
			}
		}
		
		function write_log_from_ajax($params)
		{
			$this->db_functions->write_log($params['_action'],'',$params['userinfo'],'','');
			return true;
		}
	}
?>