Context Navigation

source: trunk/expressoAdmin1_2/inc/class.user.inc.php @ 47

Revision 47, 41.0 KB checked in by niltonneto, 17 years ago (diff)
Scripts novos e outras atualizações.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class user
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function user()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function create($params)
36	{
37	$return['status'] = true;
38
39	// Verifica o acesso do gerente
40	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
41	{
42	// Adiciona a organização na frente do uid.
43	if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
44	{
45	$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
46
47	$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
48	$explode_dn = array_reverse($explode_dn);
49	//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
50	$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
51	}
52
53	// Pega ID do BD e incrementa de 1.
54	$id = (($this->db_functions->get_next_id()) + 1);
55
56	// Incrementa o id no BD.
57	$this->db_functions->increment_id($id,'accounts');
58
59	// Cria array para incluir no LDAP
60	$dn = 'uid=' . $params['uid'] . ',' . $params['context'];
61
62	$user_info = array();
63	$user_info['accountStatus'] = $params['accountstatus'] == 1 ? 'active' : 'desactive';
64	$user_info['cn'] = $params['givenname'] . ' ' . $params['sn'];
65	$user_info['gidNumber'] = $params['gidnumber'];
66	$user_info['givenName'] = $params['givenname'];
67	$user_info['homeDirectory'] = '/home/' . $params['uid'];
68	$user_info['mail'] = $params['mail'];
69	$user_info['objectClass'][] = 'posixAccount';
70	$user_info['objectClass'][] = 'inetOrgPerson';
71	$user_info['objectClass'][] = 'shadowAccount';
72	$user_info['objectClass'][] = 'qmailuser';
73	$user_info['objectClass'][] = 'phpgwAccount';
74	$user_info['objectClass'][] = 'top';
75	$user_info['objectClass'][] = 'person';
76	$user_info['objectClass'][] = 'organizationalPerson';
77	$user_info['phpgwAccountExpires'] = '-1';
78	$user_info['phpgwAccountType'] = 'u';
79	$user_info['sn'] = $params['sn'];
80	$user_info['uid'] = $params['uid'];
81	$user_info['uidnumber'] = $id;
82	$user_info['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
83
84	// Gerenciar senhas RFC2617
85	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
86	{
87	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
88	$uid = $user_info['uid'];
89	$password = $params['password1'];
90	$user_info['userPasswordRFC2617'] = $realm . ': ' . md5("$uid:$realm:$password");
91	}
92
93	if ($params['phpgwaccountstatus'] == '1')
94	$user_info['phpgwAccountStatus'] = 'A';
95
96	if ($params['departmentnumber'] != '')
97	$user_info['departmentnumber'] = $params['departmentnumber'];
98
99	if ($params['telephonenumber'] != '')
100	$user_info['telephoneNumber'] = $params['telephonenumber'];
101
102	// Cria user_info no caso de ter alias e forwarding email.
103	if ($params['mailalternateaddress'] != '')
104	$user_info['mailAlternateAddress'] = $params['mailalternateaddress'];
105
106	if ($params['mailforwardingaddress'] != '')
107	$user_info['mailForwardingAddress'] = $params['mailforwardingaddress'];
108
109	if ($params['deliverymode'])
110	$user_info['deliveryMode'] = 'forwardOnly';
111
112	//Ocultar da pesquisa e do catálogo
113	if ($params['phpgwaccountvisible'])
114	$user_info['phpgwAccountVisible'] = '-1';
115
116	// Suporte ao SAMBA
117	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
118	{
119	//Verifica se o binario para criar as senhas do samba exite.
120	if (!is_file('/home/expressolivre/mkntpwd'))
121	{
122	$return['status'] = false;
123	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
124	}
125	else
126	{
127	$user_info['objectClass'][] = 'sambaSamAccount';
128	$user_info['loginShell'] = '/bin/bash';
129
130	$user_info['sambaSID'] = $params['sambadomain'] . '-' . ((2 * $id)+1000);
131	$user_info['sambaPrimaryGroupSID'] = $params['sambadomain'] . '-' . ((2 * $user_info['gidNumber'])+1001);
132
133	$user_info['sambaAcctFlags'] = $params['sambaacctflags'];
134
135	$user_info['sambaLogonScript'] = $params['sambalogonscript'];
136	$user_info['homeDirectory'] = $params['sambahomedirectory'];
137
138	$user_info['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
139	$user_info['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
140	$user_info['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
141
142	$user_info['sambaPwdCanChange'] = strtotime("now");
143	$user_info['sambaPwdLastSet'] = strtotime("now");
144	$user_info['sambaPwdMustChange'] = '2147483647';
145	}
146	}
147	$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
148	if (!$result['status'])
149	{
150	$return['status'] = false;
151	$return['msg'] .= $result['msg'];
152	}
153
154	// Chama funcao para salvar foto no OpenLDAP.
155	if ($_FILES['photo']['name'] != '')
156	{
157	$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
158	if (!$result['status'])
159	{
160	$return['status'] = false;
161	$return['msg'] .= $result['msg'];
162	}
163	}
164
165	//GROUPS
166	if ($params['groups'])
167	{
168	foreach ($params['groups'] as $gidnumber)
169	{
170	$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
171	if (!$result['status'])
172	{
173	$return['status'] = false;
174	$return['msg'] .= $result['msg'];
175	}
176	$result = $this->db_functions->add_user2group($gidnumber, $id);
177	if (!$result['status'])
178	{
179	$return['status'] = false;
180	$return['msg'] .= $result['msg'];
181	}
182	}
183	}
184
185	// Inclusao do Mail do usuário nas listas de email selecionadas.
186	if ($params['maillists'])
187	{
188	foreach($params['maillists'] as $uidnumber)
189	{
190	$result = $this->ldap_functions->add_user2maillist($uidnumber, $user_info['mail']);
191	if (!$result['status'])
192	{
193	$return['status'] = false;
194	$return['msg'] .= $result['msg'];
195	}
196	}
197	}
198
199	// APPS
200	if (count($params['apps']))
201	{
202	$result = $this->db_functions->add_id2apps($id, $params['apps']);
203	if (!$result['status'])
204	{
205	$return['status'] = false;
206	$return['msg'] .= $result['msg'];
207	}
208	}
209
210	// Chama funcao para incluir no pgsql as preferencia de alterar senha.
211	if ($params['changepassword'])
212	{
213	$result = $this->db_functions->add_pref_changepassword($id);
214	if (!$result['status'])
215	{
216	$return['status'] = false;
217	$return['msg'] .= $result['msg'];
218	}
219	}
220
221	// Chama funcao para criar mailbox do usuario, no imap-cyrus.
222	$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
223	if (!$result['status'])
224	{
225	$return['status'] = false;
226	$return['msg'] .= $result['msg'];
227	}
228
229	$this->db_functions->write_log('criado usuario','',$dn,'','');
230	}
231
232	return $return;
233	}
234
235	function save($new_values)
236	{
237	$return['status'] = true;
238
239	$old_values = $this->get_user_info($new_values['uidnumber'], $new_values['manager_context']);
240	$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);
241
242	$diff = array_diff($new_values, $old_values);
243
244	$manager_account_lid = $_SESSION['phpgw_session']['session_lid'];
245	if ((!$this->functions->check_acl($manager_account_lid,'edit_users')) &&
246	(!$this->functions->check_acl($manager_account_lid,'change_users_password')) &&
247	(!$this->functions->check_acl($manager_account_lid,'edit_sambausers_attributes'))
248	)
249	{
250	$return['status'] = false;
251	$return['msg'] = 'Você não tem direito de editar informações de usuários.';
252	return $return;
253	}
254
255	// Verifica o acesso do gerente
256	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
257	{
258
259	}
260
261	// Verifica o acesso do gerente
262	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
263	{
264	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
265	// Change user organization
266	if ($diff['context'])
267	{
268	$newrdn = 'uid=' . $new_values['uid'];
269	$newparent = $new_values['context'];
270	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
271	if (!$result['status'])
272	{
273	$return['status'] = false;
274	$return['msg'] .= $result['msg'];
275	}
276	else
277	{
278	$dn = $newrdn . ',' . $newparent;
279	$this->db_functions->write_log('alterado contexto do usuario','',$dn,'','');
280	}
281	}
282
283	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
284	// REPLACE some attributes
285	if ($diff['givenname'])
286	{
287	$ldap_mod_replace['givenname'] = $new_values['givenname'];
288	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
289	$this->db_functions->write_log("alterado givenname do usuario",'',$dn,'','');
290	}
291	if ($diff['sn'])
292	{
293	$ldap_mod_replace['sn'] = $new_values['sn'];
294	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
295	$this->db_functions->write_log("alterado sn do usuario",'',$dn,'','');
296	}
297	if ($diff['mail'])
298	{
299	$ldap_mod_replace['mail'] = $new_values['mail'];
300	$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
301	$this->db_functions->write_log("alterado mail do usuario",'',$dn,'','');
302	}
303	if (($diff['mailalternateaddress']) && ($old_values['mailalternateaddress'] != ''))
304	{
305	$ldap_mod_replace['mailalternateaddress'] = $new_values['mailalternateaddress'];
306	$this->db_functions->write_log("alterado mailalternateaddress do usuario",'',$dn,'','');
307	}
308	if (($diff['mailforwardingaddress']) && ($old_values['mailforwardingaddress'] != ''))
309	{
310	$ldap_mod_replace['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
311	$this->db_functions->write_log("alterado mailforwardingaddress do usuario",'',$dn,'','');
312	}
313	if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
314	{
315	$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
316	$this->db_functions->write_log("alterado telephonenumber do usuario",'',$dn,'','');
317	}
318	}
319
320	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
321	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
322	{
323	if ($diff['password1'])
324	{
325	$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
326
327	// Suporte ao SAMBA
328	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
329	{
330	$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
331	$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
332	}
333
334	// Gerenciar senhas RFC2617
335	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
336	{
337	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
338	$uid = $new_values['uid'];
339	$password = $new_values['password1'];
340	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
341
342	if ($old_values['userPasswordRFC2617'] != '')
343	$ldap_mod_replace['userPasswordRFC2617'] = $passUserRFC2617;
344	else
345	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
346	}
347
348	$this->db_functions->write_log("alterado password do usuario",'',$dn,'','');
349	}
350	}
351
352	//Suporte ao SAMBA
353	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
354	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
355	{
356	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
357	{
358	if ($diff['sambaacctflags'])
359	{
360	$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
361	$this->db_functions->write_log("alterado sambaacctflags do usuario",'',$dn,'','');
362	}
363	if ($diff['sambalogonscript'])
364	{
365	$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
366	$this->db_functions->write_log("alterado sambalogonscript do usuario",'',$dn,'','');
367	}
368	if ($diff['sambahomedirectory'])
369	{
370	$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
371	$this->db_functions->write_log("alterado homedirectory do usuario",'',$dn,'','');
372	}
373	if ($diff['sambadomain'])
374	{
375	$ldap_mod_replace['sambaSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['uidnumber'])+1000);
376	$ldap_mod_replace['sambaPrimaryGroupSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['gidnumber'])+1001);
377	$this->db_functions->write_log("alterado dominio samba do usuario $dn para " . $params['sambadomain'],'',$dn,'','');
378	}
379	}
380	}
381
382	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
383	// ADD ou REMOVE some attributes
384	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
385
386	// Verifica o acesso ára adicionar ou remover tais atributos
387	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
388	{
389	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
390	// TELEPHONE
391	if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
392	{
393	$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
394	$this->db_functions->write_log("adicionado telephonenumber ao usuario",'',$dn,'','');
395	}
396	if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
397	{
398	$ldap_remove['telephonenumber'] = array();
399	$this->db_functions->write_log("removido telephonenumber do usuario",'',$dn,'','');
400	}
401	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
402	// PREF_CHANGEPASSWORD
403	if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
404	{
405	$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
406	$this->db_functions->write_log("adicionado changepassword ao usuario",'',$dn,'','');
407	}
408	if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
409	{
410	$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
411	$this->db_functions->write_log("removido changepassword do usuario",'',$dn,'','');
412	}
413	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
414	// ACCOUNT STATUS
415	if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
416	{
417	$ldap_add['phpgwaccountstatus'] = 'A';
418	$this->db_functions->write_log("ativado conta do usuario",'',$dn,'','');
419	}
420	if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
421	{
422	$ldap_remove['phpgwaccountstatus'] = array();
423	$this->db_functions->write_log("desativado conta do usuario",'',$dn,'','');
424	}
425	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
426	// ACCOUNT VISIBLE
427	if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
428	{
429	$ldap_add['phpgwaccountvisible'] = '-1';
430	$this->db_functions->write_log("adicionado phpgwaccountvisible ao usuario",'',$dn,'','');
431	}
432	if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
433	{
434	$ldap_remove['phpgwaccountvisible'] = array();
435	$this->db_functions->write_log("removido phpgwaccountvisible ao usuario",'',$dn,'','');
436	}
437	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
438	// PHOTO
439	if ($new_values['delete_photo'])
440	{
441	$this->ldap_functions->ldap_remove_photo($dn);
442	$this->db_functions->write_log("removido jpegphoto ao usuario",'',$dn,'','');
443	}
444	if ($_FILES['photo']['name'] != '')
445	{
446	if ($new_values['photo_exist'])
447	$photo_exist = true;
448	else
449	$photo_exist = false;
450	$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
451	$this->db_functions->write_log("adicionado jpegphoto ao usuario",'',$dn,'','');
452	}
453	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
454	// Mail Account STATUS
455	if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
456	{
457	$ldap_add['accountstatus'] = 'active';
458	$this->db_functions->write_log("ativado conta de email do usuario",'',$dn,'','');
459	}
460	if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
461	{
462	$ldap_remove['accountstatus'] = array();
463	$this->db_functions->write_log("desativado conta de email do usuario",'',$dn,'','');
464	}
465	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
466	// MAILALTERNATEADDRESS
467	if (($old_values['mailalternateaddress'] == '') && ($new_values['mailalternateaddress'] != ''))
468	{
469	$ldap_add['mailalternateaddress'] = $new_values['mailalternateaddress'];
470	$this->db_functions->write_log("adicionado mailalternateaddress ao usuario",'',$dn,'','');
471	}
472	if (($old_values['mailalternateaddress'] != '') && ($new_values['mailalternateaddress'] == ''))
473	{
474	$ldap_remove['mailalternateaddress'] = array();
475	$this->db_functions->write_log("removido mailalternateaddress ao usuario",'',$dn,'','');
476	}
477	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
478	// MAILFORWARDINGADDRESS
479	if (($old_values['mailforwardingaddress'] == '') && ($new_values['mailforwardingaddress'] != ''))
480	{
481	$ldap_add['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
482	$this->db_functions->write_log("adicionado mailforwardingaddress ao usuario",'',$dn,'','');
483	}
484	if (($old_values['mailforwardingaddress'] != '') && ($new_values['mailforwardingaddress'] == ''))
485	{
486	$ldap_remove['mailforwardingaddress'] = array();
487	$this->db_functions->write_log("removido mailforwardingaddress ao usuario",'',$dn,'','');
488	}
489	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
490	// Delivery Mode
491	if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
492	{
493	$ldap_add['deliverymode'] = 'forwardOnly';
494	$this->db_functions->write_log("adicionado forwardOnly ao usuario",'',$dn,'','');
495	}
496	if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
497	{
498	$ldap_remove['deliverymode'] = array();
499	$this->db_functions->write_log("removido forwardOnly ao usuario",'',$dn,'','');
500	}
501	}
502
503	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
504	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
505	{
506	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
507	// MAILQUOTA
508	if ($diff['mailquota'])
509	{
510	$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
511	$this->db_functions->write_log("alterado cota do usuario",'',$dn,'','');
512	}
513	}
514
515	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
516	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
517	{
518	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
519	// REMOVE ATTRS OF SAMBA
520	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
521	{
522	$ldap_remove['objectclass'] = 'sambaSamAccount';
523	$ldap_remove['loginShell'] = array();
524	$ldap_remove['sambaSID'] = array();
525	$ldap_remove['sambaPrimaryGroupSID'] = array();
526	$ldap_remove['sambaAcctFlags'] = array();
527	$ldap_remove['sambaLogonScript'] = array();
528	$ldap_remove['sambaLMPassword'] = array();
529	$ldap_remove['sambaNTPassword'] = array();
530	$ldap_remove['sambaPasswordHistory'] = array();
531	$ldap_remove['sambaPwdCanChange'] = array();
532	$ldap_remove['sambaPwdLastSet'] = array();
533	$ldap_remove['sambaPwdMustChange'] = array();
534	$this->db_functions->write_log("removido atributos samba do usuario.",'',$dn,'','');
535	}
536	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
537	// ADD ATTRS OF SAMBA
538	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
539	{
540	//Verifica se o binario para criar as senhas do samba exite.
541	if (!is_file('/home/expressolivre/mkntpwd'))
542	{
543	$return['status'] = false;
544	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
545	}
546	else
547	{
548	$ldap_add['objectClass'][] = 'sambaSamAccount';
549	$ldap_mod_replace['loginShell'] = '/bin/bash';
550	$ldap_add['sambaSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['uidnumber'])+1000);
551	$ldap_add['sambaPrimaryGroupSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['gidnumber'])+1001);
552	$ldap_add['sambaAcctFlags'] = $new_values['sambaacctflags'];
553	$ldap_add['sambaLogonScript'] = $new_values['sambalogonscript'];
554	$ldap_mod_replace['homeDirectory'] = $new_values['sambahomedirectory'];
555	$ldap_add['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.'senha');
556	$ldap_add['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.'senha');
557	$ldap_add['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
558	$ldap_add['sambaPwdCanChange'] = strtotime("now");
559	$ldap_add['sambaPwdLastSet'] = strtotime("now");
560	$ldap_add['sambaPwdMustChange'] = '2147483647';
561	$this->db_functions->write_log("adicionado atributos samba do usuario.",'',$dn,'','');
562	}
563	}
564	}
565
566	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
567	// GROUPS
568	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
569	{
570	if (!$new_values['groups'])
571	$new_values['groups'] = array();
572	if (!$old_values['groups'])
573	$old_values['groups'] = array();
574
575	$add_groups = array_diff($new_values['groups'], $old_values['groups']);
576	$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
577
578	if (count($add_groups)>0)
579	{
580	foreach($add_groups as $gidnumber)
581	{
582	$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
583	$this->ldap_functions->add_user2group($gidnumber, $new_values['uid']);
584	$this->db_functions->write_log("adicionado usuario ao grupo $gidnumber.",'',$dn,'','');
585	}
586	}
587	if (count($remove_groups)>0)
588	{
589	foreach($remove_groups as $gidnumber)
590	{
591	foreach($old_values['groups_info'] as $group)
592	{
593	if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
594	{
595	$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
596	$this->ldap_functions->remove_user2group($gidnumber, $new_values['uid']);
597	$this->db_functions->write_log("removido usuario do grupo $gidnumber.",'',$dn,'','');
598	}
599	}
600	}
601	}
602
603	if ($diff['gidnumber'])
604	{
605	$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
606	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
607	{
608	$ldap_mod_replace['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
609	}
610	$this->db_functions->write_log("alterado gidnumber do usuario.",'',$dn,'','');
611	}
612	}
613	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
614	// LDAP_MOD_REPLACE
615	if (count($ldap_mod_replace))
616	{
617	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
618	if (!$result['status'])
619	{
620	$return['status'] = false;
621	$return['msg'] .= $result['msg'];
622	}
623	}
624
625	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
626	// LDAP_MOD_ADD
627	if (count($ldap_add))
628	{
629
630	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
631	if (!$result['status'])
632	{
633	$return['status'] = false;
634	$return['msg'] .= $result['msg'];
635	}
636	}
637
638	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
639	// LDAP_MOD_REMOVE
640	if (count($ldap_remove))
641	{
642
643	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
644	if (!$result['status'])
645	{
646	$return['status'] = false;
647	$return['msg'] .= $result['msg'];
648	}
649	}
650	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
651
652
653	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
654	{
655	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
656	// MAILLISTS
657	if (!$new_values['maillists'])
658	$new_values['maillists'] = array();
659	if (!$old_values['maillists'])
660	$old_values['maillists'] = array();
661
662	$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
663	$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
664
665	if (count($add_maillists)>0)
666	{
667	foreach($add_maillists as $uidnumber)
668	{
669	$this->ldap_functions->add_user2maillist($uidnumber, $new_values['mail']);
670	$this->db_functions->write_log("adicionado usuario a maillist $uidnumber.",'',$dn,'','');
671	}
672	}
673	if (count($remove_maillists)>0)
674	{
675	foreach($remove_maillists as $uidnumber)
676	{
677	$this->ldap_functions->remove_user2maillist($uidnumber, $new_values['mail']);
678	$this->db_functions->write_log("removido usuario da maillist $uidnumber.",'',$dn,'','');
679	}
680	}
681
682	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
683	// APPS
684	$new_values2 = array();
685	$old_values2 = array();
686	if (count($new_values['apps'])>0)
687	{
688	foreach ($new_values['apps'] as $app=>$tmp)
689	{
690	$new_values2[] = $app;
691	}
692	}
693	if (count($old_values['apps'])>0)
694	{
695	foreach ($old_values['apps'] as $app=>$tmp)
696	{
697	$old_values2[] = $app;
698	}
699	}
700	$add_apps = array_flip(array_diff($new_values2, $old_values2));
701	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
702
703	if (count($add_apps)>0)
704	{
705	$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);
706
707	foreach ($add_apps as $app => $index)
708	$this->db_functions->write_log("Adicionado aplicativo $app ao usuário $dn",'',$dn,'','');
709	}
710	if (count($remove_apps)>0)
711	{
712	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
713	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
714
715	foreach ($remove_apps as $app => $app_index)
716	{
717	if ($manager_apps[$app] == 'run')
718	$remove_apps2[$app] = $app_index;
719	}
720	$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
721
722	foreach ($remove_apps2 as $app => $access)
723	$this->db_functions->write_log("Removido aplicativo $app do usuário $dn",'',$dn,'','');
724	}
725	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
726	}
727	return $return;
728	}
729
730
731	function get_user_info($uidnumber, $context)
732	{
733	$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber, $context);
734	$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
735	$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups'], $context);
736	$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
737	$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
738	return $user_info;
739	}
740
741	function set_user_default_password($params)
742	{
743	$return['status'] = true;
744	$uid = $params['uid'];
745	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
746
747	if (!$this->db_functions->default_user_password_is_set($uid))
748	{
749	$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
750	$this->db_functions->set_user_password($uid, $userPassword);
751	}
752	else
753	{
754	$return['status'] = false;
755	$return['msg'] = 'Senha default já cadastrada!';
756	}
757
758	$this->db_functions->write_log('Setado senha default','',$uid,'','');
759
760	return $return;
761	}
762
763	function return_user_password($params)
764	{
765	$return['status'] = true;
766	$uid = $params['uid'];
767
768	if ($this->db_functions->default_user_password_is_set($uid))
769	{
770	$userPassword = $this->db_functions->get_user_password($uid);
771	$this->ldap_functions->set_user_password($uid, $userPassword);
772	}
773	else
774	{
775	$return['status'] = false;
776	$return['msg'] = 'Senha default NÃO cadastrada!';
777	}
778
779	$this->db_functions->write_log('Retornado senha default','',$uid,'','');
780
781	return $return;
782	}
783
784	function delete($params)
785	{
786	$return['status'] = true;
787
788	// Verifica o acesso do gerente
789	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
790	{
791	$uidnumber = $params['uidnumber'];
792	$context = $params['context'];
793	$user_info = $this->get_user_info($uidnumber, $context);
794
795	//LDAP
796	$result_ldap = $this->ldap_functions->delete_user($user_info);
797	if (!$result_ldap['status'])
798	{
799	$return['status'] = false;
800	$return['msg'] .= $result_ldap['msg'];
801	}
802
803	//DB
804	$result_db = $this->db_functions->delete_user($user_info);
805	if (!$result_db['status'])
806	{
807	$return['status'] = false;
808	$return['msg'] .= $result_ldap['msg'];
809	}
810
811	//IMAP
812	$result_imap = $this->imap_functions->delete_user($user_info['uid']);
813	if (!$result_imap['status'])
814	{
815	$return['status'] = false;
816	$return['msg'] .= $result_ldap['msg'];
817	}
818
819	$this->db_functions->write_log('deletado usuario','',$user_info['uid'],'','');
820	}
821
822	return $return;
823	}
824
825
826	function rename($params)
827	{
828	$return['status'] = true;
829
830	// Verifica o acesso do gerente
831	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
832	{
833	$uid = $params['uid'];
834	$new_uid = $params['new_uid'];
835	$context = $params['context'];
836	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
837	$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];
838
839	$emailadmin_profiles = $this->db_functions->get_sieve_info();
840	$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
841	$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
842	$sieve_port = $emailadmin_profiles[0]['imapsieveport'];
843
844	$imap_admin = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
845	$imap_passwd = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
846	$imap_server = $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
847	$imap_port = $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
848	$imapDelimiter = $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
849
850	//Verifica se está sendo usuado cyrus 2.2 ou superior
851	$sk = fsockopen ($imap_server,$imap_port);
852	$server_resp = fread($sk, 100);
853	$tmp = split('v2.', $server_resp);
854	$cyrus_version = '2' . $tmp[1][0];
855	//$is_cyrus22 = strpos($server_resp, "v2.2");
856
857	if ($cyrus_version > '21')
858	{
859	// Seta senha default
860	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
861
862	// Renomeia UID no openldap
863	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
864	$new_dn = $result['new_dn'];
865	if (!$result['status'])
866	{
867	$return['status'] = false;
868	$return['msg'] .= "\n" . $result['msg'];
869	$return['msg'] .= "\nErro ao renomear usuário no LDAP. Processo abortado.";
870	return $return;
871	}
872
873	// Remove old UID do ldap
874	$user_info_mod_remove['uid'] = $uid;
875	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
876
877	//Renomeia mailbox
878	$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
879	if (!$result['status'])
880	{
881	$return['status'] = false;
882	$return['msg'] .= "\n" . $result['msg'];
883	$return['msg'] .= "\nErro ao renomear usuário no Cyrus. Processo abortado.";
884	}
885
886	// Renomeia sieve script
887	include_once('sieve-php.lib.php');
888	$sieve=new sieve($sieve_server, $sieve_port, $new_uid, $defaultUserPassword_plain);
889
890	if ($sieve->sieve_login())
891	{
892	$sieve->sieve_listscripts();
893	$myactivescript=$sieve->response["ACTIVE"];
894	$sieve->sieve_getscript($myactivescript);
895
896	$script = '';
897	foreach($sieve->response as $result)
898	{
899	$script .= $result;
900	}
901
902	$scriptname = $new_uid;
903	if($sieve->sieve_sendscript($new_uid,$script))
904	{
905	if ($sieve->sieve_setactivescript($new_uid))
906	{
907	$sieve->sieve_deletescript($myactivescript);
908	}
909	}
910	else
911	{
912	$return['status'] = false;
913	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no envio do novo script.";
914	}
915	$sieve->sieve_logout();
916	}
917	else
918	{
919	$return['status'] = false;
920	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no Login.";
921	}
922
923	// Retorna senha do usuário
924	$this->ldap_functions->set_user_password($new_uid, $user_password);
925
926	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
927
928	$return['exec_return'] = "";
929	return $return;
930	}
931	else
932	{
933	$return['status'] = false;
934	$return['msg'] .= "A renomeação de usuários só permitida com o cyrus versão 2.2 ou superior,";
935	$return['msg'] .= "\ne com a opção 'allowusermoves: yes' configurado no imapd.conf.";
936	return $return;
937	}
938
939	/*********************
940	*
941	* RENOMEAÇÃO APENAS PARA CYRUS 2.2 OU SUPERIOR
942	*
943	*********************/
944	/*
945	//Verifica se o binario para renomeacao existe.
946	if (!is_file('/home/expressolivre/imapsync'))
947	{
948	$return['status'] = false;
949	$return['msg'] .= "O arquivo binário /home/expressolivre/imapsync não existe.\\nEle é necessário para a renomeação das caixas postais.\\nInforme o administrador ExpressoLivre sobre isto.";
950	}
951
952	// Seta senha default
953	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
954
955	// Renomeia UID no openldap
956	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
957	$new_dn = $result['new_dn'];
958
959	if (!$result['status'])
960	{
961	$return['status'] = false;
962	$return['msg'] .= "Erro ao renomear usuário no LDAP. Processo abortado.";
963	return $return;
964	}
965
966	// Pega a cota do usuario
967	$quota = $this->imap_functions->get_user_info($uid);
968	$quota_limit = $quota['mailquota'];
969	if ($quota_limit == '-1')
970	$quota_limit = '40960';
971
972	//Cria a nova caixa postal
973	$this->imap_functions->create($new_uid, $quota_limit);
974
975	// Realiza a cópia das mensagens de uma caixa para outra.
976	$exec_return = array();
977	$exec_result = exec("/home/expressolivre/imapsync " .
978	"--host1 localhost " .
979	"--user1 " . $uid . ' ' .
980	"--password1 $defaultUserPassword_plain " .
981	"--host2 localhost " .
982	"--user2 " . $new_uid . ' ' .
983	"--password2 $defaultUserPassword_plain " .
984	"--syncinternaldates --exclude user.*", $exec_return, $exec_result);
985
986	$reg_total = count($exec_return);
987
988	for ($i=$reg_total; $i>($reg_total-9); $i--)
989	$return['exec_return'] .= $exec_return[$i] . "\n";
990
991	//SIEVE
992	if ($sieve_enable == 'yes')
993	{
994	include_once('sieve-php.lib.php');
995
996	$sieve_uid = new sieve("$sieve_server", "$sieve_port", "$uid", "$defaultUserPassword_plain", '', "PLAIN");
997	$sieve_new_uid = new sieve("$sieve_server", "$sieve_port", "$new_uid", "$defaultUserPassword_plain", '', "PLAIN");
998
999	if (!$sieve_uid->sieve_login())
1000	{
1001	$return['status'] = false;
1002	$return['msg'] .= "\nNão foi possível fazer login no sieve:$uid";
1003	}
1004	elseif (!$sieve_new_uid->sieve_login())
1005	{
1006	$return['status'] = false;
1007	$return['msg'] .= "\nNão foi possível fazer login no sieve:$new_uid";
1008	}
1009	else
1010	{
1011	$sieve_uid->sieve_listscripts();
1012	$uid_active_script=$sieve_uid->response["ACTIVE"];
1013	if(isset($uid_active_script))
1014	{
1015	$i=0;
1016	$activescript="";
1017	if($sieve_uid->sieve_getscript($uid_active_script))
1018	{
1019	if(is_array($sieve_uid->response))
1020	{
1021	foreach($sieve_uid->response as $result)
1022	{
1023	$activescript .= $result;
1024	}
1025	}
1026	}
1027
1028	$new_script_name = $new_uid;
1029	if ($sieve_new_uid->sieve_sendscript($new_script_name,$activescript))
1030	{
1031	$sieve_new_uid->sieve_setactivescript($new_script_name);
1032	$return['exec_return'] .= "Script SIEVE transferido com êxito.\n";
1033	}
1034	else
1035	{
1036	$return['status'] = false;
1037	$return['msg'] .= "Problemas na transferência do script Sieve.\\n";
1038	}
1039	}
1040	else
1041	$return['exec_return'] .= "\n2";
1042	}
1043	$sieve_uid->sieve_logout();
1044	$sieve_new_uid->sieve_logout();
1045	}
1046	else
1047	$return['exec_return'] .= "\n1";
1048
1049	if ($exec_result)
1050	{
1051	// Deleta caixa-postal antiga
1052	$result = $this->imap_functions->delete_user($uid);
1053	if (!$result['status'])
1054	{
1055	$return['status'] = false;
1056	$return['msg'] .= $result['msg'];
1057	}
1058	}
1059	else
1060	{
1061	$return['status'] = false;
1062	$return['msg'] .= "Problemas ao executar o imapsinc. Caixa postal $uid não excluida.";
1063	}
1064
1065	// Retorna senha do usuário
1066	$this->ldap_functions->set_user_password($uid, $user_password);
1067
1068	// Remove old UID do ldap
1069	$user_info_mod_remove['uid'] = $uid;
1070	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
1071
1072	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
1073
1074	return $return;
1075	*/
1076	}
1077	}
1078	}
1079	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: