Context Navigation

source: trunk/expressoAdmin1_2/inc/class.user.inc.php @ 64

Revision 64, 39.6 KB checked in by niltonneto, 17 years ago (diff)
* empty log message *
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class user
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function user()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function create($params)
36	{
37	$return['status'] = true;
38
39	// Verifica o acesso do gerente
40	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
41	{
42	// Adiciona a organização na frente do uid.
43	if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
44	{
45	$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
46
47	$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
48	$explode_dn = array_reverse($explode_dn);
49	//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
50	$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
51	}
52
53	// Leio o ID a ser usado na criação do objecto.
54	$next_id = ($this->db_functions->get_next_id('accounts'));
55	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
56	{
57	$return['status'] = false;
58	$return['msg'] = "Problemas obtendo ID do usuário.\n" . $id['msg'];
59	return $return;
60	}
61	else
62	{
63	$id = $next_id['id'];
64	}
65	// Incrementa o id no BD.
66	//$this->db_functions->increment_id($id,'accounts');
67
68	// Cria array para incluir no LDAP
69	$dn = 'uid=' . $params['uid'] . ',' . $params['context'];
70
71	$user_info = array();
72	$user_info['accountStatus'] = $params['accountstatus'] == 1 ? 'active' : 'desactive';
73	$user_info['cn'] = $params['givenname'] . ' ' . $params['sn'];
74	$user_info['gidNumber'] = $params['gidnumber'];
75	$user_info['givenName'] = $params['givenname'];
76	$user_info['homeDirectory'] = '/home/' . $params['uid'];
77	$user_info['mail'] = $params['mail'];
78	$user_info['objectClass'][] = 'posixAccount';
79	$user_info['objectClass'][] = 'inetOrgPerson';
80	$user_info['objectClass'][] = 'shadowAccount';
81	$user_info['objectClass'][] = 'qmailuser';
82	$user_info['objectClass'][] = 'phpgwAccount';
83	$user_info['objectClass'][] = 'top';
84	$user_info['objectClass'][] = 'person';
85	$user_info['objectClass'][] = 'organizationalPerson';
86	$user_info['phpgwAccountExpires'] = '-1';
87	$user_info['phpgwAccountType'] = 'u';
88	$user_info['sn'] = $params['sn'];
89	$user_info['uid'] = $params['uid'];
90	$user_info['uidnumber'] = $id;
91	$user_info['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
92
93	// Gerenciar senhas RFC2617
94	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
95	{
96	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
97	$uid = $user_info['uid'];
98	$password = $params['password1'];
99	$user_info['userPasswordRFC2617'] = $realm . ': ' . md5("$uid:$realm:$password");
100	}
101
102	if ($params['phpgwaccountstatus'] == '1')
103	$user_info['phpgwAccountStatus'] = 'A';
104
105	if ($params['departmentnumber'] != '')
106	$user_info['departmentnumber'] = $params['departmentnumber'];
107
108	if ($params['telephonenumber'] != '')
109	$user_info['telephoneNumber'] = $params['telephonenumber'];
110
111	// Cria user_info no caso de ter alias e forwarding email.
112	if ($params['mailalternateaddress'] != '')
113	$user_info['mailAlternateAddress'] = $params['mailalternateaddress'];
114
115	if ($params['mailforwardingaddress'] != '')
116	$user_info['mailForwardingAddress'] = $params['mailforwardingaddress'];
117
118	if ($params['deliverymode'])
119	$user_info['deliveryMode'] = 'forwardOnly';
120
121	//Ocultar da pesquisa e do catálogo
122	if ($params['phpgwaccountvisible'])
123	$user_info['phpgwAccountVisible'] = '-1';
124
125	// Suporte ao SAMBA
126	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
127	{
128	// Verifica o acesso do gerente aos atributos samba
129	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes'))
130	{
131	//Verifica se o binario para criar as senhas do samba exite.
132	if (!is_file('/home/expressolivre/mkntpwd'))
133	{
134	$return['status'] = false;
135	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
136	}
137	else
138	{
139	$user_info['objectClass'][] = 'sambaSamAccount';
140	$user_info['loginShell'] = '/bin/bash';
141
142	$user_info['sambaSID'] = $params['sambadomain'] . '-' . ((2 * $id)+1000);
143	$user_info['sambaPrimaryGroupSID'] = $params['sambadomain'] . '-' . ((2 * $user_info['gidNumber'])+1001);
144
145	$user_info['sambaAcctFlags'] = $params['sambaacctflags'];
146
147	$user_info['sambaLogonScript'] = $params['sambalogonscript'];
148	$user_info['homeDirectory'] = $params['sambahomedirectory'];
149
150	$user_info['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
151	$user_info['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
152	$user_info['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
153
154	$user_info['sambaPwdCanChange'] = strtotime("now");
155	$user_info['sambaPwdLastSet'] = strtotime("now");
156	$user_info['sambaPwdMustChange'] = '2147483647';
157	}
158	}
159	}
160
161	// Verifica o acesso do gerente aos atributos corporativos
162	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information'))
163	{
164	foreach ($params as $atribute=>$value)
165	{
166	$pos = strstr($atribute, 'corporative_information_');
167	if ($pos !== false)
168	{
169	if ($params[$atribute])
170	{
171	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
172	$user_info[$ldap_atribute] = $params[$atribute];
173	}
174	}
175	}
176	}
177
178	$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
179	if (!$result['status'])
180	{
181	$return['status'] = false;
182	$return['msg'] .= $result['msg'];
183	}
184
185	// Chama funcao para salvar foto no OpenLDAP.
186	if ($_FILES['photo']['name'] != '')
187	{
188	$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
189	if (!$result['status'])
190	{
191	$return['status'] = false;
192	$return['msg'] .= $result['msg'];
193	}
194	}
195
196	//GROUPS
197	if ($params['groups'])
198	{
199	foreach ($params['groups'] as $gidnumber)
200	{
201	$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
202	if (!$result['status'])
203	{
204	$return['status'] = false;
205	$return['msg'] .= $result['msg'];
206	}
207	$result = $this->db_functions->add_user2group($gidnumber, $id);
208	if (!$result['status'])
209	{
210	$return['status'] = false;
211	$return['msg'] .= $result['msg'];
212	}
213	}
214	}
215
216	// Inclusao do Mail do usuário nas listas de email selecionadas.
217	if ($params['maillists'])
218	{
219	foreach($params['maillists'] as $uidnumber)
220	{
221	$result = $this->ldap_functions->add_user2maillist($uidnumber, $user_info['mail']);
222	if (!$result['status'])
223	{
224	$return['status'] = false;
225	$return['msg'] .= $result['msg'];
226	}
227	}
228	}
229
230	// APPS
231	if (count($params['apps']))
232	{
233	$result = $this->db_functions->add_id2apps($id, $params['apps']);
234	if (!$result['status'])
235	{
236	$return['status'] = false;
237	$return['msg'] .= $result['msg'];
238	}
239	}
240
241	// Chama funcao para incluir no pgsql as preferencia de alterar senha.
242	if ($params['changepassword'])
243	{
244	$result = $this->db_functions->add_pref_changepassword($id);
245	if (!$result['status'])
246	{
247	$return['status'] = false;
248	$return['msg'] .= $result['msg'];
249	}
250	}
251
252	// Chama funcao para criar mailbox do usuario, no imap-cyrus.
253	$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
254	if (!$result['status'])
255	{
256	$return['status'] = false;
257	$return['msg'] .= $result['msg'];
258	}
259
260	$this->db_functions->write_log('criado usuario','',$dn,'','');
261	}
262
263	return $return;
264	}
265
266	function save($new_values)
267	{
268	$return['status'] = true;
269
270	$old_values = $this->get_user_info($new_values['uidnumber']);
271
272	$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);
273	$diff = array_diff($new_values, $old_values);
274
275	$manager_account_lid = $_SESSION['phpgw_session']['session_lid'];
276	if ((!$this->functions->check_acl($manager_account_lid,'edit_users')) &&
277	(!$this->functions->check_acl($manager_account_lid,'change_users_password')) &&
278	(!$this->functions->check_acl($manager_account_lid,'edit_sambausers_attributes')) &&
279	(!$this->functions->check_acl($manager_account_lid,'manipulate_corporative_information'))
280	)
281	{
282	$return['status'] = false;
283	$return['msg'] = 'Você não tem direito de editar informações de usuários.';
284	return $return;
285	}
286
287	// Verifica o acesso do gerente
288	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
289	{
290	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
291	// Change user organization
292	if ($diff['context'])
293	{
294	$newrdn = 'uid=' . $new_values['uid'];
295	$newparent = $new_values['context'];
296	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
297	if (!$result['status'])
298	{
299	$return['status'] = false;
300	$return['msg'] .= $result['msg'];
301	}
302	else
303	{
304	$dn = $newrdn . ',' . $newparent;
305	$this->db_functions->write_log('alterado contexto do usuario','',$dn,'','');
306	}
307	}
308
309	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
310	// REPLACE some attributes
311	if ($diff['givenname'])
312	{
313	$ldap_mod_replace['givenname'] = $new_values['givenname'];
314	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
315	$this->db_functions->write_log("alterado givenname do usuario",'',$dn,'','');
316	}
317	if ($diff['sn'])
318	{
319	$ldap_mod_replace['sn'] = $new_values['sn'];
320	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
321	$this->db_functions->write_log("altera$ldap_mod_do sn do usuario",'',$dn,'','');
322	}
323	if ($diff['mail'])
324	{
325	$ldap_mod_replace['mail'] = $new_values['mail'];
326	$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
327	$this->db_functions->write_log("alterado mail do usuario",'',$dn,'','');
328	}
329	if (($diff['mailalternateaddress']) && ($old_values['mailalternateaddress'] != ''))
330	{
331	$ldap_mod_replace['mailalternateaddress'] = $new_values['mailalternateaddress'];
332	$this->db_functions->write_log("alterado mailalternateaddress do usuario",'',$dn,'','');
333	}
334	if (($diff['mailforwardingaddress']) && ($old_values['mailforwardingaddress'] != ''))
335	{
336	$ldap_mod_replace['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
337	$this->db_functions->write_log("alterado mailforwardingaddress do usuario",'',$dn,'','');
338	}
339	if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
340	{
341	$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
342	$this->db_functions->write_log("alterado telephonenumber do usuario",'',$dn,'','');
343	}
344	}
345
346	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
347	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
348	{
349	if ($diff['password1'])
350	{
351	$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
352
353	// Suporte ao SAMBA
354	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
355	{
356	$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
357	$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
358	}
359
360	// Gerenciar senhas RFC2617
361	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
362	{
363	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
364	$uid = $new_values['uid'];
365	$password = $new_values['password1'];
366	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
367
368	if ($old_values['userPasswordRFC2617'] != '')
369	$ldap_mod_replace['userPasswordRFC2617'] = $passUserRFC2617;
370	else
371	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
372	}
373
374	$this->db_functions->write_log("alterado password do usuario",'',$dn,'','');
375	}
376	}
377
378	// REPLACE, ADD & REMOVE COPORATIVEs ATRIBUTES
379	// Verifica o acesso do gerente aos atributos corporativos
380
381	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
382	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information')) )
383	{
384	foreach ($new_values as $atribute=>$value)
385	{
386	$pos = strstr($atribute, 'corporative_information_');
387	if ($pos !== false)
388	{
389	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
390	// REPLACE ATTRS OF CORPORATIVE
391	if (($diff[$atribute]) && ($old_values[$atribute] != ''))
392	{
393	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
394	$ldap_mod_replace[$ldap_atribute] = $new_values[$atribute];
395	$this->db_functions->write_log("alterado $ldap_atribute do usuario",'',$dn,'','');
396	}
397	//ADD ATTRS OF CORPORATIVE
398	elseif (($old_values[$atribute] == '') && ($new_values[$atribute] != ''))
399	{
400	$ldap_add[$ldap_atribute] = $new_values[$atribute];
401	$this->db_functions->write_log("adicionado $ldap_atribute ao usuario",'',$dn,'','');
402	}
403	//REMOVE ATTRS OF CORPORATIVE
404	elseif (($old_values[$atribute] != '') && ($new_values[$atribute] == ''))
405	{
406	$ldap_remove[$ldap_atribute] = array();
407	$this->db_functions->write_log("removido $ldap_atribute do usuario",'',$dn,'','');
408	}
409	}
410	}
411	}
412
413	//Suporte ao SAMBA
414	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
415	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
416	{
417	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
418	{
419	if ($diff['sambaacctflags'])
420	{
421	$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
422	$this->db_functions->write_log("alterado sambaacctflags do usuario",'',$dn,'','');
423	}
424	if ($diff['sambalogonscript'])
425	{
426	$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
427	$this->db_functions->write_log("alterado sambalogonscript do usuario",'',$dn,'','');
428	}
429	if ($diff['sambahomedirectory'])
430	{
431	$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
432	$this->db_functions->write_log("alterado homedirectory do usuario",'',$dn,'','');
433	}
434	if ($diff['sambadomain'])
435	{
436	$ldap_mod_replace['sambaSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['uidnumber'])+1000);
437	$ldap_mod_replace['sambaPrimaryGroupSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['gidnumber'])+1001);
438	$this->db_functions->write_log("alterado dominio samba do usuario $dn para " . $params['sambadomain'],'',$dn,'','');
439	}
440	}
441	}
442
443	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
444	// ADD ou REMOVE some attributes
445	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
446
447	// Verifica o acesso ára adicionar ou remover tais atributos
448	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
449	{
450	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
451	// TELEPHONE
452	if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
453	{
454	$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
455	$this->db_functions->write_log("adicionado telephonenumber ao usuario",'',$dn,'','');
456	}
457	if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
458	{
459	$ldap_remove['telephonenumber'] = array();
460	$this->db_functions->write_log("removido telephonenumber do usuario",'',$dn,'','');
461	}
462	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
463	// PREF_CHANGEPASSWORD
464	if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
465	{
466	$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
467	$this->db_functions->write_log("adicionado changepassword ao usuario",'',$dn,'','');
468	}
469	if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
470	{
471	$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
472	$this->db_functions->write_log("removido changepassword do usuario",'',$dn,'','');
473	}
474	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
475	// ACCOUNT STATUS
476	if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
477	{
478	$ldap_add['phpgwaccountstatus'] = 'A';
479	$this->db_functions->write_log("ativado conta do usuario",'',$dn,'','');
480	}
481	if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
482	{
483	$ldap_remove['phpgwaccountstatus'] = array();
484	$this->db_functions->write_log("desativado conta do usuario",'',$dn,'','');
485	}
486	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
487	// ACCOUNT VISIBLE
488	if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
489	{
490	$ldap_add['phpgwaccountvisible'] = '-1';
491	$this->db_functions->write_log("adicionado phpgwaccountvisible ao usuario",'',$dn,'','');
492	}
493	if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
494	{
495	$ldap_remove['phpgwaccountvisible'] = array();
496	$this->db_functions->write_log("removido phpgwaccountvisible ao usuario",'',$dn,'','');
497	}
498	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
499	// PHOTO
500	if ($new_values['delete_photo'])
501	{
502	$this->ldap_functions->ldap_remove_photo($dn);
503	$this->db_functions->write_log("removido jpegphoto ao usuario",'',$dn,'','');
504	}
505	if ($_FILES['photo']['name'] != '')
506	{
507	if ($new_values['photo_exist'])
508	$photo_exist = true;
509	else
510	$photo_exist = false;
511	$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
512	$this->db_functions->write_log("adicionado jpegphoto ao usuario",'',$dn,'','');
513	}
514	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
515	// Mail Account STATUS
516	if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
517	{
518	echo '<pre>';
519	print_r($old_values);
520	$ldap_add['accountstatus'] = 'active';
521	$this->db_functions->write_log("ativado conta de email do usuario",'',$dn,'','');
522	}
523	if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
524	{
525	$ldap_remove['accountstatus'] = array();
526	$this->db_functions->write_log("desativado conta de email do usuario",'',$dn,'','');
527	}
528	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
529	// MAILALTERNATEADDRESS
530	if (($old_values['mailalternateaddress'] == '') && ($new_values['mailalternateaddress'] != ''))
531	{
532	$ldap_add['mailalternateaddress'] = $new_values['mailalternateaddress'];
533	$this->db_functions->write_log("adicionado mailalternateaddress ao usuario",'',$dn,'','');
534	}
535	if (($old_values['mailalternateaddress'] != '') && ($new_values['mailalternateaddress'] == ''))
536	{
537	$ldap_remove['mailalternateaddress'] = array();
538	$this->db_functions->write_log("removido mailalternateaddress ao usuario",'',$dn,'','');
539	}
540	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
541	// MAILFORWARDINGADDRESS
542	if (($old_values['mailforwardingaddress'] == '') && ($new_values['mailforwardingaddress'] != ''))
543	{
544	$ldap_add['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
545	$this->db_functions->write_log("adicionado mailforwardingaddress ao usuario",'',$dn,'','');
546	}
547	if (($old_values['mailforwardingaddress'] != '') && ($new_values['mailforwardingaddress'] == ''))
548	{
549	$ldap_remove['mailforwardingaddress'] = array();
550	$this->db_functions->write_log("removido mailforwardingaddress ao usuario",'',$dn,'','');
551	}
552	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
553	// Delivery Mode
554	if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
555	{
556	$ldap_add['deliverymode'] = 'forwardOnly';
557	$this->db_functions->write_log("adicionado forwardOnly ao usuario",'',$dn,'','');
558	}
559	if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
560	{
561	$ldap_remove['deliverymode'] = array();
562	$this->db_functions->write_log("removido forwardOnly ao usuario",'',$dn,'','');
563	}
564	}
565
566	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
567	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
568	{
569	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
570	// MAILQUOTA
571	if ($diff['mailquota'])
572	{
573	$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
574	$this->db_functions->write_log("alterado cota do usuario",'',$dn,'','');
575	}
576	}
577
578	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
579	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
580	{
581	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
582	// REMOVE ATTRS OF SAMBA
583	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
584	{
585	$ldap_remove['objectclass'] = 'sambaSamAccount';
586	$ldap_remove['loginShell'] = array();
587	$ldap_remove['sambaSID'] = array();
588	$ldap_remove['sambaPrimaryGroupSID'] = array();
589	$ldap_remove['sambaAcctFlags'] = array();
590	$ldap_remove['sambaLogonScript'] = array();
591	$ldap_remove['sambaLMPassword'] = array();
592	$ldap_remove['sambaNTPassword'] = array();
593	$ldap_remove['sambaPasswordHistory'] = array();
594	$ldap_remove['sambaPwdCanChange'] = array();
595	$ldap_remove['sambaPwdLastSet'] = array();
596	$ldap_remove['sambaPwdMustChange'] = array();
597	$this->db_functions->write_log("removido atributos samba do usuario.",'',$dn,'','');
598	}
599	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
600	// ADD ATTRS OF SAMBA
601	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
602	{
603	//Verifica se o binario para criar as senhas do samba exite.
604	if (!is_file('/home/expressolivre/mkntpwd'))
605	{
606	$return['status'] = false;
607	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
608	}
609	else
610	{
611	$ldap_add['objectClass'][] = 'sambaSamAccount';
612	$ldap_mod_replace['loginShell'] = '/bin/bash';
613	$ldap_add['sambaSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['uidnumber'])+1000);
614	$ldap_add['sambaPrimaryGroupSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['gidnumber'])+1001);
615	$ldap_add['sambaAcctFlags'] = $new_values['sambaacctflags'];
616	$ldap_add['sambaLogonScript'] = $new_values['sambalogonscript'];
617	$ldap_mod_replace['homeDirectory'] = $new_values['sambahomedirectory'];
618	$ldap_add['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.'senha');
619	$ldap_add['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.'senha');
620	$ldap_add['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
621	$ldap_add['sambaPwdCanChange'] = strtotime("now");
622	$ldap_add['sambaPwdLastSet'] = strtotime("now");
623	$ldap_add['sambaPwdMustChange'] = '2147483647';
624	$this->db_functions->write_log("adicionado atributos samba do usuario.",'',$dn,'','');
625	}
626	}
627	}
628
629	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
630	// GROUPS
631	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
632	{
633	if (!$new_values['groups'])
634	$new_values['groups'] = array();
635	if (!$old_values['groups'])
636	$old_values['groups'] = array();
637
638	$add_groups = array_diff($new_values['groups'], $old_values['groups']);
639	$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
640
641	if (count($add_groups)>0)
642	{
643	foreach($add_groups as $gidnumber)
644	{
645	$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
646	$this->ldap_functions->add_user2group($gidnumber, $new_values['uid']);
647	$this->db_functions->write_log("adicionado usuario ao grupo $gidnumber.",'',$dn,'','');
648	}
649	}
650
651	if (count($remove_groups)>0)
652	{
653	foreach($remove_groups as $gidnumber)
654	{
655	echo $gidnumber;
656
657	foreach($old_values['groups_info'] as $group)
658	{
659	if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
660	{
661	$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
662	$this->ldap_functions->remove_user2group($gidnumber, $new_values['uid']);
663	$this->db_functions->write_log("removido usuario do grupo $gidnumber.",'',$dn,'','');
664	}
665	}
666	}
667	}
668
669	if ($diff['gidnumber'])
670	{
671	$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
672	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
673	{
674	$ldap_mod_replace['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
675	}
676	$this->db_functions->write_log("alterado gidnumber do usuario.",'',$dn,'','');
677	}
678	}
679	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
680	// LDAP_MOD_REPLACE
681	if (count($ldap_mod_replace))
682	{
683	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
684	if (!$result['status'])
685	{
686	$return['status'] = false;
687	$return['msg'] .= $result['msg'];
688	}
689	}
690
691	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
692	// LDAP_MOD_ADD
693	if (count($ldap_add))
694	{
695	print_r($ldap_add);
696	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
697	if (!$result['status'])
698	{
699	$return['status'] = false;
700	$return['msg'] .= $result['msg'];
701	}
702	}
703
704	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
705	// LDAP_MOD_REMOVE
706	if (count($ldap_remove))
707	{
708	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
709	if (!$result['status'])
710	{
711	$return['status'] = false;
712	$return['msg'] .= $result['msg'];
713	}
714	}
715	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
716
717
718	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
719	{
720	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
721	// MAILLISTS
722	if (!$new_values['maillists'])
723	$new_values['maillists'] = array();
724	if (!$old_values['maillists'])
725	$old_values['maillists'] = array();
726
727	$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
728	$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
729
730	if (count($add_maillists)>0)
731	{
732	foreach($add_maillists as $uidnumber)
733	{
734	$this->ldap_functions->add_user2maillist($uidnumber, $new_values['mail']);
735	$this->db_functions->write_log("adicionado usuario a maillist $uidnumber.",'',$dn,'','');
736	}
737	}
738
739	if (count($remove_maillists)>0)
740	{
741	foreach($remove_maillists as $uidnumber)
742	{
743	$this->ldap_functions->remove_user2maillist($uidnumber, $new_values['mail']);
744	$this->db_functions->write_log("removido usuario da maillist $uidnumber.",'',$dn,'','');
745	}
746	}
747
748	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
749	// APPS
750	$new_values2 = array();
751	$old_values2 = array();
752	if (count($new_values['apps'])>0)
753	{
754	foreach ($new_values['apps'] as $app=>$tmp)
755	{
756	$new_values2[] = $app;
757	}
758	}
759	if (count($old_values['apps'])>0)
760	{
761	foreach ($old_values['apps'] as $app=>$tmp)
762	{
763	$old_values2[] = $app;
764	}
765	}
766	$add_apps = array_flip(array_diff($new_values2, $old_values2));
767	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
768
769	if (count($add_apps)>0)
770	{
771	$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);
772
773	foreach ($add_apps as $app => $index)
774	$this->db_functions->write_log("Adicionado aplicativo $app ao usuário $dn",'',$dn,'','');
775	}
776	if (count($remove_apps)>0)
777	{
778	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
779	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
780
781	foreach ($remove_apps as $app => $app_index)
782	{
783	if ($manager_apps[$app] == 'run')
784	$remove_apps2[$app] = $app_index;
785	}
786	$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
787
788	foreach ($remove_apps2 as $app => $access)
789	$this->db_functions->write_log("Removido aplicativo $app do usuário $dn",'',$dn,'','');
790	}
791	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
792	}
793	return $return;
794	}
795
796	function get_user_info($uidnumber)
797	{
798	$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber);
799	$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
800	$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups']);
801	$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
802	$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
803	return $user_info;
804	}
805
806	function set_user_default_password($params)
807	{
808	$return['status'] = true;
809	$uid = $params['uid'];
810	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
811
812	if (!$this->db_functions->default_user_password_is_set($uid))
813	{
814	$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
815	$this->db_functions->set_user_password($uid, $userPassword);
816	}
817	else
818	{
819	$return['status'] = false;
820	$return['msg'] = 'Senha default já cadastrada!';
821	}
822
823	$this->db_functions->write_log('Setado senha default','',$uid,'','');
824
825	return $return;
826	}
827
828	function return_user_password($params)
829	{
830	$return['status'] = true;
831	$uid = $params['uid'];
832
833	if ($this->db_functions->default_user_password_is_set($uid))
834	{
835	$userPassword = $this->db_functions->get_user_password($uid);
836	$this->ldap_functions->set_user_password($uid, $userPassword);
837	}
838	else
839	{
840	$return['status'] = false;
841	$return['msg'] = 'Senha default NÃO cadastrada!';
842	}
843
844	$this->db_functions->write_log('Retornado senha default','',$uid,'','');
845
846	return $return;
847	}
848
849	function delete($params)
850	{
851	$return['status'] = true;
852
853	// Verifica o acesso do gerente
854	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
855	{
856	$uidnumber = $params['uidnumber'];
857	$user_info = $this->get_user_info($uidnumber);
858
859	//LDAP
860	$result_ldap = $this->ldap_functions->delete_user($user_info);
861	if (!$result_ldap['status'])
862	{
863	$return['status'] = false;
864	$return['msg'] .= $result_ldap['msg'];
865	}
866	else
867	{
868	//DB
869	$result_db = $this->db_functions->delete_user($user_info);
870	if (!$result_db['status'])
871	{
872	$return['status'] = false;
873	$return['msg'] .= $result_ldap['msg'];
874	}
875
876	//IMAP
877	$result_imap = $this->imap_functions->delete_user($user_info['uid']);
878	if (!$result_imap['status'])
879	{
880	$return['status'] = false;
881	$return['msg'] .= $result_ldap['msg'];
882	}
883	$this->db_functions->write_log('deletado usuario','',$user_info['uid'],'','');
884	}
885	}
886
887	return $return;
888	}
889
890
891	function rename($params)
892	{
893	$return['status'] = true;
894
895	// Verifica acesso do gerente (OU) ao tentar renomear um usuário.
896	if ( ! $this->ldap_functions->check_access_to_renamed($params['uid']) )
897	{
898	$return['status'] = false;
899	$return['msg'] .= 'Você não tem acesso para deletar este usuário.';
900	return $return;
901	}
902
903	// Verifica o acesso do gerente
904	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
905	{
906	$uid = $params['uid'];
907	$new_uid = $params['new_uid'];
908	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
909	$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];
910
911	$emailadmin_profiles = $this->db_functions->get_sieve_info();
912	$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
913	$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
914	$sieve_port = $emailadmin_profiles[0]['imapsieveport'];
915
916	$imap_admin = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
917	$imap_passwd = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
918	$imap_server = $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
919	$imap_port = $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
920	$imapDelimiter = $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
921
922	//Verifica se está sendo usuado cyrus 2.2 ou superior
923	$sk = fsockopen ($imap_server,$imap_port);
924	$server_resp = fread($sk, 100);
925	$tmp = split('v2.', $server_resp);
926	$cyrus_version = '2' . $tmp[1][0];
927	//$is_cyrus22 = strpos($server_resp, "v2.2");
928
929	if ($cyrus_version > '21')
930	{
931	// Seta senha default
932	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
933
934	// Renomeia UID no openldap
935	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
936	$new_dn = $result['new_dn'];
937	if (!$result['status'])
938	{
939	$return['status'] = false;
940	$return['msg'] .= "\n" . $result['msg'];
941	$return['msg'] .= "\nErro ao renomear usuário no LDAP. Processo abortado.";
942	return $return;
943	}
944
945	// Remove old UID do ldap
946	$user_info_mod_remove['uid'] = $uid;
947	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
948
949	//Renomeia mailbox
950	$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
951	if (!$result['status'])
952	{
953	$return['status'] = false;
954	$return['msg'] .= "\n" . $result['msg'];
955	$return['msg'] .= "\nErro ao renomear usuário no Cyrus. Processo abortado.";
956	}
957
958	// Renomeia sieve script
959	include_once('sieve-php.lib.php');
960	$sieve=new sieve($sieve_server, $sieve_port, $new_uid, $defaultUserPassword_plain);
961
962	if ($sieve->sieve_login())
963	{
964	$sieve->sieve_listscripts();
965	$myactivescript=$sieve->response["ACTIVE"];
966	$sieve->sieve_getscript($myactivescript);
967
968	$script = '';
969	foreach($sieve->response as $result)
970	{
971	$script .= $result;
972	}
973
974	$scriptname = $new_uid;
975	if($sieve->sieve_sendscript($new_uid,$script))
976	{
977	if ($sieve->sieve_setactivescript($new_uid))
978	{
979	$sieve->sieve_deletescript($myactivescript);
980	}
981	}
982	else
983	{
984	$return['status'] = false;
985	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no envio do novo script.";
986	}
987	$sieve->sieve_logout();
988	}
989	else
990	{
991	$return['status'] = false;
992	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no Login.";
993	}
994
995	// Retorna senha do usuário
996	$this->ldap_functions->set_user_password($new_uid, $user_password);
997
998	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
999
1000	$return['exec_return'] = "";
1001	}
1002	else
1003	{
1004	$return['status'] = false;
1005	$return['msg'] .= "A renomeação de usuários só permitida com o cyrus versão 2.2 ou superior,";
1006	$return['msg'] .= "\ne com a opção 'allowusermoves: yes' configurado no imapd.conf.";
1007	}
1008	return $return;
1009	}
1010	}
1011
1012	function write_log_from_ajax($params)
1013	{
1014	$this->db_functions->write_log($params['_action'],'',$params['userinfo'],'','');
1015	return true;
1016	}
1017	}
1018	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: