Context Navigation

source: trunk/expressoAdmin1_2/inc/class.user.inc.php @ 414

Revision 414, 42.8 KB checked in by niltonneto, 16 years ago (diff)
Alterações feitas por João Alfredo. Email: jakjr@…
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class user
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25	function user()
26	{
27	$this->ldap_functions = new ldap_functions;
28	$this->db_functions = new db_functions;
29	$this->imap_functions = new imap_functions;
30	$this->functions = new functions;
31	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
32	}
33
34	function create($params)
35	{
36	$return['status'] = true;
37
38	// Verifica o acesso do gerente
39	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
40	{
41	// Adiciona a organização na frente do uid.
42	if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
43	{
44	$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
45
46	$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
47	$explode_dn = array_reverse($explode_dn);
48	//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
49	$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
50	}
51
52	// Leio o ID a ser usado na criação do objecto. Esta função já incrementa o ID no BD.
53	$next_id = ($this->db_functions->get_next_id('accounts'));
54	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
55	{
56	$return['status'] = false;
57	$return['msg'] = "Problemas obtendo ID do usuário.\n" . $id['msg'];
58	return $return;
59	}
60	else
61	{
62	$id = $next_id['id'];
63	}
64
65	// Cria array para incluir no LDAP
66	$dn = 'uid=' . $params['uid'] . ',' . $params['context'];
67
68	$user_info = array();
69	$user_info['accountStatus'] = $params['accountstatus'] == 1 ? 'active' : 'desactive';
70	$user_info['cn'] = $params['givenname'] . ' ' . $params['sn'];
71	$user_info['gidNumber'] = $params['gidnumber'];
72	$user_info['givenName'] = $params['givenname'];
73	$user_info['homeDirectory'] = '/home/' . $params['uid'];
74	$user_info['mail'] = $params['mail'];
75	$user_info['objectClass'][] = 'posixAccount';
76	$user_info['objectClass'][] = 'inetOrgPerson';
77	$user_info['objectClass'][] = 'shadowAccount';
78	$user_info['objectClass'][] = 'qmailuser';
79	$user_info['objectClass'][] = 'phpgwAccount';
80	$user_info['objectClass'][] = 'top';
81	$user_info['objectClass'][] = 'person';
82	$user_info['objectClass'][] = 'organizationalPerson';
83	$user_info['phpgwAccountExpires'] = '-1';
84	$user_info['phpgwAccountType'] = 'u';
85	$user_info['sn'] = $params['sn'];
86	$user_info['uid'] = $params['uid'];
87	$user_info['uidnumber'] = $id;
88	$user_info['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
89
90	if ($params['passwd_expired'] == '1')
91	$user_info['phpgwLastPasswdChange'] = '0';
92
93	// Gerenciar senhas RFC2617
94	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
95	{
96	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
97	$uid = $user_info['uid'];
98	$password = $params['password1'];
99	$user_info['userPasswordRFC2617'] = $realm . ': ' . md5("$uid:$realm:$password");
100	}
101
102	if ($params['phpgwaccountstatus'] == '1')
103	$user_info['phpgwAccountStatus'] = 'A';
104
105	if ($params['departmentnumber'] != '')
106	$user_info['departmentnumber'] = $params['departmentnumber'];
107
108	if ($params['telephonenumber'] != '')
109	$user_info['telephoneNumber'] = $params['telephonenumber'];
110
111	// Cria user_info no caso de ter alias e forwarding email.
112	foreach ($params['mailalternateaddress'] as $index=>$mailalternateaddress)
113	{
114	if ($mailalternateaddress != '')
115	$user_info['mailAlternateAddress'][] = $mailalternateaddress;
116	}
117
118	foreach ($params['mailforwardingaddress'] as $index=>$mailforwardingaddress)
119	{
120	if ($mailforwardingaddress != '')
121	$user_info['mailForwardingAddress'][] = $mailforwardingaddress;
122	}
123
124	if ($params['deliverymode'])
125	$user_info['deliveryMode'] = 'forwardOnly';
126
127	//Ocultar da pesquisa e do catálogo
128	if ($params['phpgwaccountvisible'])
129	$user_info['phpgwAccountVisible'] = '-1';
130
131	// Suporte ao SAMBA
132	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
133	{
134
135	// Qualquer um que crie um usuário, deve ter permissão para adicionar a senha samba.
136	// Verifica o acesso do gerente aos atributos samba
137	//if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes'))
138	//{
139	//Verifica se o binario para criar as senhas do samba exite.
140	if (!is_file('/home/expressolivre/mkntpwd'))
141	{
142	$return['status'] = false;
143	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
144	}
145	else
146	{
147	$user_info['objectClass'][] = 'sambaSamAccount';
148	$user_info['loginShell'] = '/bin/bash';
149
150	$user_info['sambaSID'] = $params['sambadomain'] . '-' . ((2 * $id)+1000);
151	$user_info['sambaPrimaryGroupSID'] = $params['sambadomain'] . '-' . ((2 * $user_info['gidNumber'])+1001);
152
153	$user_info['sambaAcctFlags'] = $params['sambaacctflags'];
154
155	$user_info['sambaLogonScript'] = $params['sambalogonscript'];
156	$user_info['homeDirectory'] = $params['sambahomedirectory'];
157
158	$user_info['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
159	$user_info['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
160	$user_info['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
161
162	$user_info['sambaPwdCanChange'] = strtotime("now");
163	$user_info['sambaPwdLastSet'] = strtotime("now");
164	$user_info['sambaPwdMustChange'] = '2147483647';
165	}
166	//}
167	}
168
169	// Verifica o acesso do gerente aos atributos corporativos
170	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information'))
171	{
172	//retira caracteres que não são números.
173	$params['corporative_information_cpf'] = ereg_replace("[^0-9]", "", $params['corporative_information_cpf']);
174
175	foreach ($params as $atribute=>$value)
176	{
177	$pos = strstr($atribute, 'corporative_information_');
178	if ($pos !== false)
179	{
180	if ($params[$atribute])
181	{
182	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
183	$user_info[$ldap_atribute] = $params[$atribute];
184	}
185	}
186	}
187	}
188
189	$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
190	if (!$result['status'])
191	{
192	$return['status'] = false;
193	$return['msg'] .= $result['msg'];
194	}
195
196	// Chama funcao para salvar foto no OpenLDAP.
197	if ( ($_FILES['photo']['name'] != '') && ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users_picture')) )
198	{
199	$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
200	if (!$result['status'])
201	{
202	$return['status'] = false;
203	$return['msg'] .= $result['msg'];
204	}
205	}
206
207	//GROUPS
208	if ($params['groups'])
209	{
210	foreach ($params['groups'] as $gidnumber)
211	{
212	$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
213	if (!$result['status'])
214	{
215	$return['status'] = false;
216	$return['msg'] .= $result['msg'];
217	}
218	$result = $this->db_functions->add_user2group($gidnumber, $id);
219	if (!$result['status'])
220	{
221	$return['status'] = false;
222	$return['msg'] .= $result['msg'];
223	}
224	}
225	}
226
227	// Inclusao do Mail do usuário nas listas de email selecionadas.
228	if ($params['maillists'])
229	{
230	foreach($params['maillists'] as $uid)
231	{
232	$result = $this->ldap_functions->add_user2maillist($uid, $user_info['mail']);
233	if (!$result['status'])
234	{
235	$return['status'] = false;
236	$return['msg'] .= $result['msg'];
237	}
238	}
239	}
240
241	// APPS
242	if (count($params['apps']))
243	{
244	$result = $this->db_functions->add_id2apps($id, $params['apps']);
245	if (!$result['status'])
246	{
247	$return['status'] = false;
248	$return['msg'] .= $result['msg'];
249	}
250	}
251
252	// Chama funcao para incluir no pgsql as preferencia de alterar senha.
253	if ($params['changepassword'])
254	{
255	$result = $this->db_functions->add_pref_changepassword($id);
256	if (!$result['status'])
257	{
258	$return['status'] = false;
259	$return['msg'] .= $result['msg'];
260	}
261	}
262
263	// Chama funcao para criar mailbox do usuario, no imap-cyrus.
264	$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
265	if (!$result['status'])
266	{
267	$return['status'] = false;
268	$return['msg'] .= $result['msg'];
269	}
270
271	$this->db_functions->write_log("created user",$dn);
272	}
273
274	return $return;
275	}
276
277	function save($new_values)
278	{
279	$return['status'] = true;
280
281	$old_values = $this->get_user_info($new_values['uidnumber']);
282
283	$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);
284
285	//retira caracteres que não são números.
286	$new_values['corporative_information_cpf'] = ereg_replace("[^0-9]", "", $new_values['corporative_information_cpf']);
287
288	$diff = array_diff($new_values, $old_values);
289
290	/*
291	echo '<pre>';
292	echo '--- OLD: ';
293	print_r($old_values);
294	echo '<br>--- NEW: ';
295	print_r($new_values);
296	echo '<br>';
297	exit;*/
298
299
300	$manager_account_lid = $_SESSION['phpgw_session']['session_lid'];
301	if ((!$this->functions->check_acl($manager_account_lid,'edit_users')) &&
302	(!$this->functions->check_acl($manager_account_lid,'change_users_password')) &&
303	(!$this->functions->check_acl($manager_account_lid,'edit_sambausers_attributes')) &&
304	(!$this->functions->check_acl($manager_account_lid,'manipulate_corporative_information')) &&
305	(!$this->functions->check_acl($manager_account_lid,'edit_users_phonenumber'))
306	)
307	{
308	$return['status'] = false;
309	$return['msg'] = lang('You do not have access to edit user informations') . '.';
310	return $return;
311	}
312
313	// Verifica o acesso do gerente
314	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
315	{
316	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
317	// Change user organization
318	if ($diff['context'])
319	{
320	if (strcasecmp($old_values['context'], $new_values['context']) != 0)
321	{
322	$newrdn = 'uid=' . $new_values['uid'];
323	$newparent = $new_values['context'];
324	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
325	if (!$result['status'])
326	{
327	$return['status'] = false;
328	$return['msg'] .= $result['msg'];
329	}
330	else
331	{
332	$dn = $newrdn . ',' . $newparent;
333	$this->db_functions->write_log('modified user context', $dn . ': ' . $old_values['uid'] . '->' . $new_values['context']);
334	}
335	}
336	}
337
338	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
339	// REPLACE some attributes
340	if ($diff['givenname'])
341	{
342	$ldap_mod_replace['givenname'] = $new_values['givenname'];
343	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
344	$this->db_functions->write_log("modified first name", "$dn: " . $old_values['givenname'] . "->" . $new_values['givenname']);
345	}
346	if ($diff['sn'])
347	{
348	$ldap_mod_replace['sn'] = $new_values['sn'];
349	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
350	$this->db_functions->write_log("modified last name", "$dn: " . $old_values['sn'] . "->" . $new_values['sn']);
351	}
352	if ($diff['mail'])
353	{
354	$ldap_mod_replace['mail'] = $new_values['mail'];
355	$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
356	$this->ldap_functions->replace_mail_from_institutional_account($new_values['mail'], $old_values['mail']);
357	$this->db_functions->write_log("modified user email", "$dn: " . $old_values['mail'] . "->" . $new_values['mail']);
358	}
359	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
360	// Passwd Expired - Com atributo
361	if (($old_values['passwd_expired'] != 0) && ($new_values['passwd_expired'] == '1'))
362	{
363	$ldap_mod_replace['phpgwlastpasswdchange'] = '0';
364	$this->db_functions->write_log("Expired user password","$dn");
365	}
366	}
367
368	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
369	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
370	{
371	if ($diff['password1'])
372	{
373	$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
374
375	// Suporte ao SAMBA
376	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
377	{
378	$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
379	$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
380	}
381
382	// Gerenciar senhas RFC2617
383	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
384	{
385	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
386	$uid = $new_values['uid'];
387	$password = $new_values['password1'];
388	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
389
390	if ($old_values['userPasswordRFC2617'] != '')
391	$ldap_mod_replace['userPasswordRFC2617'] = $passUserRFC2617;
392	else
393	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
394	}
395
396	$this->db_functions->write_log("modified user password",$dn);
397	}
398	}
399
400	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
401	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users_phonenumber')) )
402	{
403	if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
404	{
405	$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
406	$this->db_functions->write_log('modified user telephonenumber', $dn . ': ' . $old_values['telephonenumber'] . '->' . $new_values['telephonenumber']);
407	}
408	}
409
410	// REPLACE, ADD & REMOVE COPORATIVEs ATRIBUTES
411	// Verifica o acesso do gerente aos atributos corporativos
412
413	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
414	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information')) )
415	{
416	foreach ($new_values as $atribute=>$value)
417	{
418	$pos = strstr($atribute, 'corporative_information_');
419	if ($pos !== false)
420	{
421	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
422	// REPLACE CORPORATIVE ATTRIBUTES
423	if (($diff[$atribute]) && ($old_values[$atribute] != ''))
424	{
425	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
426	$ldap_mod_replace[$ldap_atribute] = utf8_encode($new_values[$atribute]);
427	$this->db_functions->write_log('modified user attribute', $dn . ': ' . $ldap_atribute . ': ' . $old_values[$atribute] . '->' . $new_values[$atribute]);
428	}
429	//ADD CORPORATIVE ATTRIBUTES
430	elseif (($old_values[$atribute] == '') && ($new_values[$atribute] != ''))
431	{
432	$ldap_add[$ldap_atribute] = utf8_encode($new_values[$atribute]);
433	$this->db_functions->write_log('added user attribute', $dn . ': ' . $ldap_atribute . ': ' . $old_values[$atribute] . '->' . $new_values[$atribute]);
434	}
435	//REMOVE CORPORATIVE ATTRIBUTES
436	elseif (($old_values[$atribute] != '') && ($new_values[$atribute] == ''))
437	{
438	$ldap_remove[$ldap_atribute] = array();
439	$this->db_functions->write_log('removed user attribute', $dn . ': ' . $ldap_atribute . ': ' . $old_values[$atribute] . '->' . $new_values[$atribute]);
440	}
441	}
442	}
443	}
444
445	//Suporte ao SAMBA
446	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
447	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
448	{
449
450	if ($diff['gidnumber'])
451	{
452	$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
453	$this->db_functions->write_log('modified user primary group', $dn . ': ' . $old_values['gidnumber'] . '->' . $new_values['gidnumber']);
454	}
455
456	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
457	{
458	if ($diff['gidnumber'])
459	{
460	$ldap_mod_replace['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
461	$this->db_functions->write_log('modified user sambaPrimaryGroupSID', $dn);
462	}
463
464	if ($diff['sambaacctflags'])
465	{
466	$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
467	$this->db_functions->write_log("modified user sambaacctflags",$dn);
468	}
469	if ($diff['sambalogonscript'])
470	{
471	$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
472	$this->db_functions->write_log("modified user sambalogonscript",$dn);
473	}
474	if ($diff['sambahomedirectory'])
475	{
476	$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
477	$this->db_functions->write_log("modified user homedirectory",$dn);
478	}
479	if ($diff['sambadomain'])
480	{
481	$ldap_mod_replace['sambaSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['uidnumber'])+1000);
482	$ldap_mod_replace['sambaPrimaryGroupSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['gidnumber'])+1001);
483	$this->db_functions->write_log('modified user samba domain', $dn . ': ' . $old_values['sambadomain'] . '->' . $new_values['sambadomain']);
484	}
485	}
486	}
487
488	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
489	// ADD or REMOVE some attributes
490	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
491
492	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
493	// PHOTO
494	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users_picture'))
495	{
496	if ($new_values['delete_photo'])
497	{
498	$this->ldap_functions->ldap_remove_photo($dn);
499	$this->db_functions->write_log("removed user photo",$dn);
500	}
501	elseif ($_FILES['photo']['name'] != '')
502	{
503
504	if ($_FILES['photo']['size'] > 10000)
505	{
506	$return['status'] = false;
507	$return['msg'] .= lang('User photo could not be save because is bigger the 10 kb') . '.';
508	}
509	else
510	{
511	if ($new_values['photo_exist'])
512	{
513	$photo_exist = true;
514	$this->db_functions->write_log("mofified user photo",$dn);
515	}
516	else
517	{
518	$photo_exist = false;
519	$this->db_functions->write_log("added user photo",$dn);
520	}
521	$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
522	}
523	}
524	}
525
526	// Verifica o acesso ára adicionar ou remover tais atributos
527	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
528	{
529	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
530	// TELEPHONE
531	if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
532	{
533	$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
534	$this->db_functions->write_log("added user phone",$dn);
535	}
536	if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
537	{
538	$ldap_remove['telephonenumber'] = array();
539	$this->db_functions->write_log("removed user phone",$dn);
540	}
541	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
542	// Passwd Expired - Sem atributo
543	if (($old_values['passwd_expired'] == '') && ($new_values['passwd_expired'] == '1'))
544	{
545	$ldap_add['phpgwlastpasswdchange'] = '0';
546	$this->db_functions->write_log("expired user password",$dn);
547	}
548	if (($old_values['passwd_expired'] == '0') && ($new_values['passwd_expired'] == ''))
549	{
550	$ldap_remove['phpgwlastpasswdchange'] = array();
551	$this->db_functions->write_log("removed expiry from user password",$dn);
552	}
553	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
554	// PREF_CHANGEPASSWORD
555	if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
556	{
557	$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
558	$this->db_functions->write_log("turn on changepassword",$dn);
559	}
560	if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
561	{
562	$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
563	$this->db_functions->write_log("turn of changepassword",$dn);
564	}
565	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
566	// ACCOUNT STATUS
567	if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
568	{
569	$ldap_add['phpgwaccountstatus'] = 'A';
570	$this->db_functions->write_log("turn on user account",$dn);
571	}
572	if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
573	{
574	$ldap_remove['phpgwaccountstatus'] = array();
575	$this->db_functions->write_log("turn off user account",$dn);
576	}
577	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
578	// ACCOUNT VISIBLE
579	if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
580	{
581	$ldap_add['phpgwaccountvisible'] = '-1';
582	$this->db_functions->write_log("turn on phpgwaccountvisible",$dn);
583	}
584	if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
585	{
586	$ldap_remove['phpgwaccountvisible'] = array();
587	$this->db_functions->write_log("turn off phpgwaccountvisible",$dn);
588	}
589	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
590	// Mail Account STATUS
591	if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
592	{
593	$ldap_add['accountstatus'] = 'active';
594	$this->db_functions->write_log("turn on user account email",$dn);
595	}
596	if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
597	{
598	$ldap_remove['accountstatus'] = array();
599	$this->db_functions->write_log("turn off user account email",$dn);
600	}
601	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
602	// MAILALTERNATEADDRESS
603	if (!$new_values['mailalternateaddress'])
604	$new_values['mailalternateaddress'] = array();
605	if (!$old_values['mailalternateaddress'])
606	$old_values['mailalternateaddress'] = array();
607	$add_mailalternateaddress = array_diff($new_values['mailalternateaddress'], $old_values['mailalternateaddress']);
608	$remove_mailalternateaddress = array_diff($old_values['mailalternateaddress'], $new_values['mailalternateaddress']);
609	foreach ($add_mailalternateaddress as $index=>$mailalternateaddress)
610	{
611	if ($mailalternateaddress != '')
612	{
613	$ldap_add['mailalternateaddress'][] = $mailalternateaddress;
614	$this->db_functions->write_log("added mailalternateaddress","$dn: $mailalternateaddress");
615	}
616	}
617	foreach ($remove_mailalternateaddress as $index=>$mailalternateaddress)
618	{
619	if ($mailalternateaddress != '')
620	{
621	if ($index !== 'count')
622	{
623	$ldap_remove['mailalternateaddress'][] = $mailalternateaddress;
624	$this->db_functions->write_log("removed mailalternateaddress","$dn: $mailalternateaddress");
625	}
626	}
627	}
628
629	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
630	// MAILFORWARDINGADDRESS
631	if (!$new_values['mailforwardingaddress'])
632	$new_values['mailforwardingaddress'] = array();
633	if (!$old_values['mailforwardingaddress'])
634	$old_values['mailforwardingaddress'] = array();
635	$add_mailforwardingaddress = array_diff($new_values['mailforwardingaddress'], $old_values['mailforwardingaddress']);
636	$remove_mailforwardingaddress = array_diff($old_values['mailforwardingaddress'], $new_values['mailforwardingaddress']);
637	foreach ($add_mailforwardingaddress as $index=>$mailforwardingaddress)
638	{
639	if ($mailforwardingaddress != '')
640	{
641	$ldap_add['mailforwardingaddress'][] = $mailforwardingaddress;
642	$this->db_functions->write_log("added mailforwardingaddress","$dn: $mailforwardingaddress");
643	}
644	}
645	foreach ($remove_mailforwardingaddress as $index=>$mailforwardingaddress)
646	{
647	if ($mailforwardingaddress != '')
648	{
649	if ($index !== 'count')
650	{
651	$ldap_remove['mailforwardingaddress'][] = $mailforwardingaddress;
652	$this->db_functions->write_log("removed mailforwardingaddress","$dn: $mailforwardingaddress");
653	}
654	}
655	}
656
657	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
658	// Delivery Mode
659	if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
660	{
661	$ldap_add['deliverymode'] = 'forwardOnly';
662	$this->db_functions->write_log("added forwardOnly", $dn);
663	}
664	if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
665	{
666	$ldap_remove['deliverymode'] = array();
667	$this->db_functions->write_log("removed forwardOnly", $dn);
668	}
669	}
670
671	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
672	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
673	{
674	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
675	// MAILQUOTA
676	if ($diff['mailquota'])
677	{
678	$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
679	$this->db_functions->write_log("modified user email quota", $dn);
680	}
681	}
682
683	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
684	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
685	{
686	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
687	// REMOVE ATTRS OF SAMBA
688	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
689	{
690	$ldap_remove['objectclass'] = 'sambaSamAccount';
691	$ldap_remove['loginShell'] = array();
692	$ldap_remove['sambaSID'] = array();
693	$ldap_remove['sambaPrimaryGroupSID'] = array();
694	$ldap_remove['sambaAcctFlags'] = array();
695	$ldap_remove['sambaLogonScript'] = array();
696	$ldap_remove['sambaLMPassword'] = array();
697	$ldap_remove['sambaNTPassword'] = array();
698	$ldap_remove['sambaPasswordHistory'] = array();
699	$ldap_remove['sambaPwdCanChange'] = array();
700	$ldap_remove['sambaPwdLastSet'] = array();
701	$ldap_remove['sambaPwdMustChange'] = array();
702	$this->db_functions->write_log("removed user samba attributes", $dn);
703	}
704	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
705	// ADD ATTRS OF SAMBA
706	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
707	{
708	if (!is_file('/home/expressolivre/mkntpwd'))
709	{
710	$return['status'] = false;
711	$return['msg'] .= lang("The file /home/expressolivre/mkntpwd does not exist") . ".\n";
712	$return['msg'] .= lang("It is necessery to create samba passwords") . ".\n";
713	$return['msg'] .= lang("Inform your system administrator about this") . ".\n";
714	}
715	else
716	{
717	$ldap_add['objectClass'][] = 'sambaSamAccount';
718	$ldap_mod_replace['loginShell'] = '/bin/bash';
719	$ldap_add['sambaSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['uidnumber'])+1000);
720	$ldap_add['sambaPrimaryGroupSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['gidnumber'])+1001);
721	$ldap_add['sambaAcctFlags'] = $new_values['sambaacctflags'];
722	$ldap_add['sambaLogonScript'] = $new_values['sambalogonscript'];
723	$ldap_mod_replace['homeDirectory'] = $new_values['sambahomedirectory'];
724	$ldap_add['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.'senha');
725	$ldap_add['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.'senha');
726	$ldap_add['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
727	$ldap_add['sambaPwdCanChange'] = strtotime("now");
728	$ldap_add['sambaPwdLastSet'] = strtotime("now");
729	$ldap_add['sambaPwdMustChange'] = '2147483647';
730	$this->db_functions->write_log("added user samba attribute", $dn);
731	}
732	}
733	}
734
735	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
736	// GROUPS
737	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
738	{
739	// If the manager does not have the suficient access, the new_values.uid is empty.
740	if (empty($new_values['uid']))
741	$user_uid = $old_values['uid'];
742	else
743	$user_uid = $new_values['uid'];
744
745	if (!$new_values['groups'])
746	$new_values['groups'] = array();
747	if (!$old_values['groups'])
748	$old_values['groups'] = array();
749
750	$add_groups = array_diff($new_values['groups'], $old_values['groups']);
751	$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
752
753	if (count($add_groups)>0)
754	{
755	foreach($add_groups as $gidnumber)
756	{
757	$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
758	$this->ldap_functions->add_user2group($gidnumber, $user_uid);
759	$this->db_functions->write_log("inserted user to group", "$dn: $gidnumber");
760	}
761	}
762
763	if (count($remove_groups)>0)
764	{
765	foreach($remove_groups as $gidnumber)
766	{
767	foreach($old_values['groups_info'] as $group)
768	{
769	if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
770	{
771	$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
772	$this->ldap_functions->remove_user2group($gidnumber, $user_uid);
773	$this->db_functions->write_log("removed user from group", "$dn: $gidnumber");
774	}
775	}
776	}
777	}
778	}
779	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
780	// LDAP_MOD_REPLACE
781	if (count($ldap_mod_replace))
782	{
783	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
784	if (!$result['status'])
785	{
786	$return['status'] = false;
787	$return['msg'] .= $result['msg'];
788	}
789	}
790
791	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
792	// LDAP_MOD_ADD
793	if (count($ldap_add))
794	{
795	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
796	if (!$result['status'])
797	{
798	$return['status'] = false;
799	$return['msg'] .= $result['msg'];
800	}
801	}
802
803	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
804	// LDAP_MOD_REMOVE
805	if (count($ldap_remove))
806	{
807	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
808	if (!$result['status'])
809	{
810	$return['status'] = false;
811	$return['msg'] .= $result['msg'];
812	}
813	}
814	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
815
816
817	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
818	{
819	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
820	// MAILLISTS
821	if (!$new_values['maillists'])
822	$new_values['maillists'] = array();
823	if (!$old_values['maillists'])
824	$old_values['maillists'] = array();
825
826	$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
827	$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
828
829	if (count($add_maillists)>0)
830	{
831	foreach($add_maillists as $uid)
832	{
833	$this->ldap_functions->add_user2maillist($uid, $new_values['mail']);
834	$this->db_functions->write_log("inserted user to maillist","$dn: $uid");
835	}
836	}
837
838	if (count($remove_maillists)>0)
839	{
840	foreach($remove_maillists as $uid)
841	{
842	$this->ldap_functions->remove_user2maillist($uid, $new_values['mail']);
843	$this->db_functions->write_log("removed user from maillist","$dn: $uid");
844	}
845	}
846
847	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
848	// APPS
849	$new_values2 = array();
850	$old_values2 = array();
851	if (count($new_values['apps'])>0)
852	{
853	foreach ($new_values['apps'] as $app=>$tmp)
854	{
855	$new_values2[] = $app;
856	}
857	}
858	if (count($old_values['apps'])>0)
859	{
860	foreach ($old_values['apps'] as $app=>$tmp)
861	{
862	$old_values2[] = $app;
863	}
864	}
865	$add_apps = array_flip(array_diff($new_values2, $old_values2));
866	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
867
868	if (count($add_apps)>0)
869	{
870	$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);
871
872	foreach ($add_apps as $app => $index)
873	$this->db_functions->write_log("added application to user","$dn: $app");
874	}
875	if (count($remove_apps)>0)
876	{
877	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
878	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
879
880	foreach ($remove_apps as $app => $app_index)
881	{
882	if ($manager_apps[$app] == 'run')
883	$remove_apps2[$app] = $app_index;
884	}
885	$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
886
887	foreach ($remove_apps2 as $app => $access)
888	$this->db_functions->write_log("removed application to user","$dn: $app");
889	}
890	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
891	}
892	return $return;
893	}
894
895	function get_user_info($uidnumber)
896	{
897	$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber);
898	$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
899	$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups']);
900	$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
901	$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
902	return $user_info;
903	}
904
905	function set_user_default_password($params)
906	{
907	$return['status'] = true;
908	$uid = $params['uid'];
909	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
910
911	if (!$this->db_functions->default_user_password_is_set($uid))
912	{
913	$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
914	$this->db_functions->set_user_password($uid, $userPassword);
915	}
916	else
917	{
918	$return['status'] = false;
919	$return['msg'] = lang('default password already registered') . '!';
920	}
921
922	$this->db_functions->write_log("inserted default password",$uid);
923
924	return $return;
925	}
926
927	function return_user_password($params)
928	{
929	$return['status'] = true;
930	$uid = $params['uid'];
931
932	if ($this->db_functions->default_user_password_is_set($uid))
933	{
934	$userPassword = $this->db_functions->get_user_password($uid);
935	$this->ldap_functions->set_user_password($uid, $userPassword);
936	}
937	else
938	{
939	$return['status'] = false;
940	$return['msg'] = lang('default password not registered') . '!';
941	}
942
943	$this->db_functions->write_log("returned user password",$uid);
944
945	return $return;
946	}
947
948	function delete($params)
949	{
950	$return['status'] = true;
951
952	// Verifica o acesso do gerente
953	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
954	{
955	$uidnumber = $params['uidnumber'];
956	$user_info = $this->get_user_info($uidnumber);
957
958	//LDAP
959	$result_ldap = $this->ldap_functions->delete_user($user_info);
960	if (!$result_ldap['status'])
961	{
962	$return['status'] = false;
963	$return['msg'] .= $result_ldap['msg'];
964	}
965	else
966	{
967	//DB
968	$result_db = $this->db_functions->delete_user($user_info);
969	if (!$result_db['status'])
970	{
971	$return['status'] = false;
972	$return['msg'] .= $result_ldap['msg'];
973	}
974
975	//IMAP
976	$result_imap = $this->imap_functions->delete_user($user_info['uid']);
977	if (!$result_imap['status'])
978	{
979	$return['status'] = false;
980	$return['msg'] .= $result_ldap['msg'];
981	}
982	$this->db_functions->write_log('deleted user', $user_info['uid']);
983	}
984	}
985
986	return $return;
987	}
988
989
990	function rename($params)
991	{
992	$return['status'] = true;
993
994	// Verifica acesso do gerente (OU) ao tentar renomear um usuário.
995	if ( ! $this->ldap_functions->check_access_to_renamed($params['uid']) )
996	{
997	$return['status'] = false;
998	$return['msg'] .= lang('You do not have access to delete user') . '.';
999	return $return;
1000	}
1001
1002	// Check if the new_uid is in use.
1003	if ( ! $this->ldap_functions->check_rename_new_uid($params['new_uid']) )
1004	{
1005	$return['status'] = false;
1006	$return['msg'] = lang('New login already in use') . '.';
1007	return $return;
1008	}
1009
1010	// Verifica o acesso do gerente
1011	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
1012	{
1013	$uid = $params['uid'];
1014	$new_uid = $params['new_uid'];
1015	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
1016	$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];
1017
1018	$emailadmin_profiles = $this->db_functions->get_sieve_info();
1019	$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
1020	$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
1021	$sieve_port = $emailadmin_profiles[0]['imapsieveport'];
1022
1023	$imap_admin = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
1024	$imap_passwd = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
1025	$imap_server = $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
1026	$imap_port = $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
1027	$imapDelimiter = $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
1028
1029	//Verifica se está sendo usuado cyrus 2.2 ou superior
1030	$sk = fsockopen ($imap_server,$imap_port);
1031	$server_resp = fread($sk, 100);
1032	$tmp = split('v2.', $server_resp);
1033	$cyrus_version = '2' . $tmp[1][0];
1034
1035	if ($cyrus_version < '22')
1036	{
1037	$return['status'] = false;
1038	$return['msg'] = "The rename user is only permitted with cyrus 2.2 or higher,";
1039	$return['msg'] .= "\nand with the option 'allowusermoves: yes' set in imapd.conf.";
1040
1041
1042	return $return;
1043	}
1044
1045	// Renomeia UID no openldap
1046	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
1047	if (!$result['status'])
1048	{
1049	$return['status'] = false;
1050	$return['msg'] = lang("Error rename user in LDAP") . '.';
1051	return $return;
1052	}
1053
1054	//Renomeia mailbox
1055	$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
1056	if (!$result['status'])
1057	{
1058	// Back user uid.
1059	$result = $this->ldap_functions->rename_uid($new_uid, $uid);
1060
1061	$return['status'] = false;
1062	$return['msg'] = lang("Erro rename user in Cyrus") . '.';
1063	return $return;
1064	}
1065
1066
1067	// Seta senha default
1068	$user_password = $this->ldap_functions->set_user_password($new_uid, $defaultUserPassword);
1069
1070	// Renomeia sieve script
1071	include_once('sieve-php.lib.php');
1072	$sieve=new sieve($sieve_server, $sieve_port, $new_uid, $defaultUserPassword_plain);
1073
1074	if ($sieve->sieve_login())
1075	{
1076	$sieve->sieve_listscripts();
1077	$myactivescript=$sieve->response["ACTIVE"];
1078	$sieve->sieve_getscript($myactivescript);
1079
1080	$script = '';
1081	if (!empty($sieve->response))
1082	{
1083	foreach($sieve->response as $result)
1084	{
1085	$script .= $result;
1086	}
1087	}
1088
1089	$scriptname = $new_uid;
1090	if($sieve->sieve_sendscript($new_uid,$script))
1091	{
1092	if ($sieve->sieve_setactivescript($new_uid))
1093	{
1094	$sieve->sieve_deletescript($myactivescript);
1095	}
1096	}
1097	else
1098	{
1099	$return['msg'] .= $result['msg'] . lang("Error renome sieve script") . '.';
1100	}
1101	$sieve->sieve_logout();
1102	}
1103	else
1104	{
1105	$return['status'] = false;
1106	$return['msg'] .= $result['msg'] . lang("Error renome sieve script") . '.';
1107	}
1108
1109	// Back user password.
1110	$this->ldap_functions->set_user_password($new_uid, $user_password);
1111
1112	$this->db_functions->write_log("renamed user", "$uid -> $new_uid");
1113
1114	$return['exec_return'] = "";
1115
1116	return $return;
1117	}
1118	}
1119
1120	function write_log_from_ajax($params)
1121	{
1122	$this->db_functions->write_log($params['_action'],'',$params['userinfo'],'','');
1123	return true;
1124	}
1125	}
1126	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: