Context Navigation

source: trunk/expressoAdmin1_2/inc/class.user.inc.php @ 69

Revision 69, 39.5 KB checked in by niltonneto, 17 years ago (diff)
* empty log message *
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class user
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function user()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function create($params)
36	{
37	$return['status'] = true;
38
39	// Verifica o acesso do gerente
40	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_users'))
41	{
42	// Adiciona a organização na frente do uid.
43	if ($this->current_config['expressoAdmin_prefix_org'] == 'true')
44	{
45	$context_dn = ldap_explode_dn(strtolower($GLOBALS['phpgw_info']['server']['ldap_context']), 1);
46
47	$explode_dn = ldap_explode_dn(strtolower($params['context']), 1);
48	$explode_dn = array_reverse($explode_dn);
49	//$params['uid'] = $explode_dn[3] . '-' . $params['uid'];
50	$params['uid'] = $explode_dn[$context_dn['count']] . '-' . $params['uid'];
51	}
52
53	// Leio o ID a ser usado na criação do objecto. Esta função já incrementa o ID no BD.
54	$next_id = ($this->db_functions->get_next_id('accounts'));
55	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
56	{
57	$return['status'] = false;
58	$return['msg'] = "Problemas obtendo ID do usuário.\n" . $id['msg'];
59	return $return;
60	}
61	else
62	{
63	$id = $next_id['id'];
64	}
65
66	// Cria array para incluir no LDAP
67	$dn = 'uid=' . $params['uid'] . ',' . $params['context'];
68
69	$user_info = array();
70	$user_info['accountStatus'] = $params['accountstatus'] == 1 ? 'active' : 'desactive';
71	$user_info['cn'] = $params['givenname'] . ' ' . $params['sn'];
72	$user_info['gidNumber'] = $params['gidnumber'];
73	$user_info['givenName'] = $params['givenname'];
74	$user_info['homeDirectory'] = '/home/' . $params['uid'];
75	$user_info['mail'] = $params['mail'];
76	$user_info['objectClass'][] = 'posixAccount';
77	$user_info['objectClass'][] = 'inetOrgPerson';
78	$user_info['objectClass'][] = 'shadowAccount';
79	$user_info['objectClass'][] = 'qmailuser';
80	$user_info['objectClass'][] = 'phpgwAccount';
81	$user_info['objectClass'][] = 'top';
82	$user_info['objectClass'][] = 'person';
83	$user_info['objectClass'][] = 'organizationalPerson';
84	$user_info['phpgwAccountExpires'] = '-1';
85	$user_info['phpgwAccountType'] = 'u';
86	$user_info['sn'] = $params['sn'];
87	$user_info['uid'] = $params['uid'];
88	$user_info['uidnumber'] = $id;
89	$user_info['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($params['password1'])));
90
91	// Gerenciar senhas RFC2617
92	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
93	{
94	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
95	$uid = $user_info['uid'];
96	$password = $params['password1'];
97	$user_info['userPasswordRFC2617'] = $realm . ': ' . md5("$uid:$realm:$password");
98	}
99
100	if ($params['phpgwaccountstatus'] == '1')
101	$user_info['phpgwAccountStatus'] = 'A';
102
103	if ($params['departmentnumber'] != '')
104	$user_info['departmentnumber'] = $params['departmentnumber'];
105
106	if ($params['telephonenumber'] != '')
107	$user_info['telephoneNumber'] = $params['telephonenumber'];
108
109	// Cria user_info no caso de ter alias e forwarding email.
110	if ($params['mailalternateaddress'] != '')
111	$user_info['mailAlternateAddress'] = $params['mailalternateaddress'];
112
113	if ($params['mailforwardingaddress'] != '')
114	$user_info['mailForwardingAddress'] = $params['mailforwardingaddress'];
115
116	if ($params['deliverymode'])
117	$user_info['deliveryMode'] = 'forwardOnly';
118
119	//Ocultar da pesquisa e do catálogo
120	if ($params['phpgwaccountvisible'])
121	$user_info['phpgwAccountVisible'] = '-1';
122
123	// Suporte ao SAMBA
124	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
125	{
126	// Verifica o acesso do gerente aos atributos samba
127	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes'))
128	{
129	//Verifica se o binario para criar as senhas do samba exite.
130	if (!is_file('/home/expressolivre/mkntpwd'))
131	{
132	$return['status'] = false;
133	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.";
134	}
135	else
136	{
137	$user_info['objectClass'][] = 'sambaSamAccount';
138	$user_info['loginShell'] = '/bin/bash';
139
140	$user_info['sambaSID'] = $params['sambadomain'] . '-' . ((2 * $id)+1000);
141	$user_info['sambaPrimaryGroupSID'] = $params['sambadomain'] . '-' . ((2 * $user_info['gidNumber'])+1001);
142
143	$user_info['sambaAcctFlags'] = $params['sambaacctflags'];
144
145	$user_info['sambaLogonScript'] = $params['sambalogonscript'];
146	$user_info['homeDirectory'] = $params['sambahomedirectory'];
147
148	$user_info['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$params['password1']);
149	$user_info['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$params['password1']);
150	$user_info['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
151
152	$user_info['sambaPwdCanChange'] = strtotime("now");
153	$user_info['sambaPwdLastSet'] = strtotime("now");
154	$user_info['sambaPwdMustChange'] = '2147483647';
155	}
156	}
157	}
158
159	// Verifica o acesso do gerente aos atributos corporativos
160	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information'))
161	{
162	foreach ($params as $atribute=>$value)
163	{
164	$pos = strstr($atribute, 'corporative_information_');
165	if ($pos !== false)
166	{
167	if ($params[$atribute])
168	{
169	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
170	$user_info[$ldap_atribute] = $params[$atribute];
171	}
172	}
173	}
174	}
175
176	$result = $this->ldap_functions->ldap_add_entry($dn, $user_info);
177	if (!$result['status'])
178	{
179	$return['status'] = false;
180	$return['msg'] .= $result['msg'];
181	}
182
183	// Chama funcao para salvar foto no OpenLDAP.
184	if ($_FILES['photo']['name'] != '')
185	{
186	$result = $this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name']);
187	if (!$result['status'])
188	{
189	$return['status'] = false;
190	$return['msg'] .= $result['msg'];
191	}
192	}
193
194	//GROUPS
195	if ($params['groups'])
196	{
197	foreach ($params['groups'] as $gidnumber)
198	{
199	$result = $this->ldap_functions->add_user2group($gidnumber, $user_info['uid']);
200	if (!$result['status'])
201	{
202	$return['status'] = false;
203	$return['msg'] .= $result['msg'];
204	}
205	$result = $this->db_functions->add_user2group($gidnumber, $id);
206	if (!$result['status'])
207	{
208	$return['status'] = false;
209	$return['msg'] .= $result['msg'];
210	}
211	}
212	}
213
214	// Inclusao do Mail do usuário nas listas de email selecionadas.
215	if ($params['maillists'])
216	{
217	foreach($params['maillists'] as $uidnumber)
218	{
219	$result = $this->ldap_functions->add_user2maillist($uidnumber, $user_info['mail']);
220	if (!$result['status'])
221	{
222	$return['status'] = false;
223	$return['msg'] .= $result['msg'];
224	}
225	}
226	}
227
228	// APPS
229	if (count($params['apps']))
230	{
231	$result = $this->db_functions->add_id2apps($id, $params['apps']);
232	if (!$result['status'])
233	{
234	$return['status'] = false;
235	$return['msg'] .= $result['msg'];
236	}
237	}
238
239	// Chama funcao para incluir no pgsql as preferencia de alterar senha.
240	if ($params['changepassword'])
241	{
242	$result = $this->db_functions->add_pref_changepassword($id);
243	if (!$result['status'])
244	{
245	$return['status'] = false;
246	$return['msg'] .= $result['msg'];
247	}
248	}
249
250	// Chama funcao para criar mailbox do usuario, no imap-cyrus.
251	$result = $this->imap_functions->create($params['uid'], $params['mailquota']);
252	if (!$result['status'])
253	{
254	$return['status'] = false;
255	$return['msg'] .= $result['msg'];
256	}
257
258	$this->db_functions->write_log('criado usuario','',$dn,'','');
259	}
260
261	return $return;
262	}
263
264	function save($new_values)
265	{
266	$return['status'] = true;
267
268	$old_values = $this->get_user_info($new_values['uidnumber']);
269
270	$dn = 'uid=' . $old_values['uid'] . ',' . strtolower($old_values['context']);
271	$diff = array_diff($new_values, $old_values);
272
273	$manager_account_lid = $_SESSION['phpgw_session']['session_lid'];
274	if ((!$this->functions->check_acl($manager_account_lid,'edit_users')) &&
275	(!$this->functions->check_acl($manager_account_lid,'change_users_password')) &&
276	(!$this->functions->check_acl($manager_account_lid,'edit_sambausers_attributes')) &&
277	(!$this->functions->check_acl($manager_account_lid,'manipulate_corporative_information'))
278	)
279	{
280	$return['status'] = false;
281	$return['msg'] = 'Você não tem direito de editar informações de usuários.';
282	return $return;
283	}
284
285	// Verifica o acesso do gerente
286	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
287	{
288	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
289	// Change user organization
290	if ($diff['context'])
291	{
292	$newrdn = 'uid=' . $new_values['uid'];
293	$newparent = $new_values['context'];
294	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
295	if (!$result['status'])
296	{
297	$return['status'] = false;
298	$return['msg'] .= $result['msg'];
299	}
300	else
301	{
302	$dn = $newrdn . ',' . $newparent;
303	$this->db_functions->write_log('alterado contexto do usuario','',$dn,'','');
304	}
305	}
306
307	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
308	// REPLACE some attributes
309	if ($diff['givenname'])
310	{
311	$ldap_mod_replace['givenname'] = $new_values['givenname'];
312	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
313	$this->db_functions->write_log("alterado givenname do usuario",'',$dn,'','');
314	}
315	if ($diff['sn'])
316	{
317	$ldap_mod_replace['sn'] = $new_values['sn'];
318	$ldap_mod_replace['cn'] = $new_values['givenname'] . ' ' . $new_values['sn'];
319	$this->db_functions->write_log("altera$ldap_mod_do sn do usuario",'',$dn,'','');
320	}
321	if ($diff['mail'])
322	{
323	$ldap_mod_replace['mail'] = $new_values['mail'];
324	$this->ldap_functions->replace_user2maillists($new_values['mail'], $old_values['mail']);
325	$this->db_functions->write_log("alterado mail do usuario",'',$dn,'','');
326	}
327	if (($diff['mailalternateaddress']) && ($old_values['mailalternateaddress'] != ''))
328	{
329	$ldap_mod_replace['mailalternateaddress'] = $new_values['mailalternateaddress'];
330	$this->db_functions->write_log("alterado mailalternateaddress do usuario",'',$dn,'','');
331	}
332	if (($diff['mailforwardingaddress']) && ($old_values['mailforwardingaddress'] != ''))
333	{
334	$ldap_mod_replace['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
335	$this->db_functions->write_log("alterado mailforwardingaddress do usuario",'',$dn,'','');
336	}
337	if (($diff['telephonenumber']) && ($old_values['telephonenumber'] != ''))
338	{
339	$ldap_mod_replace['telephonenumber'] = $new_values['telephonenumber'];
340	$this->db_functions->write_log("alterado telephonenumber do usuario",'',$dn,'','');
341	}
342	}
343
344	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
345	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_password')) )
346	{
347	if ($diff['password1'])
348	{
349	$ldap_mod_replace['userPassword'] = '{md5}' . base64_encode(pack("H*",md5($new_values['password1'])));
350
351	// Suporte ao SAMBA
352	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
353	{
354	$ldap_mod_replace['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.$new_values['password1']);
355	$ldap_mod_replace['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.$new_values['password1']);
356	}
357
358	// Gerenciar senhas RFC2617
359	if ($this->current_config['expressoAdmin_userPasswordRFC2617'] == 'true')
360	{
361	$realm = $this->current_config['expressoAdmin_realm_userPasswordRFC2617'];
362	$uid = $new_values['uid'];
363	$password = $new_values['password1'];
364	$passUserRFC2617 = $realm . ': ' . md5("$uid:$realm:$password");
365
366	if ($old_values['userPasswordRFC2617'] != '')
367	$ldap_mod_replace['userPasswordRFC2617'] = $passUserRFC2617;
368	else
369	$ldap_add['userPasswordRFC2617'] = $passUserRFC2617;
370	}
371
372	$this->db_functions->write_log("alterado password do usuario",'',$dn,'','');
373	}
374	}
375
376	// REPLACE, ADD & REMOVE COPORATIVEs ATRIBUTES
377	// Verifica o acesso do gerente aos atributos corporativos
378
379	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
380	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'manipulate_corporative_information')) )
381	{
382	foreach ($new_values as $atribute=>$value)
383	{
384	$pos = strstr($atribute, 'corporative_information_');
385	if ($pos !== false)
386	{
387	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
388	// REPLACE ATTRS OF CORPORATIVE
389	if (($diff[$atribute]) && ($old_values[$atribute] != ''))
390	{
391	$ldap_atribute = str_replace("corporative_information_", "", $atribute);
392	$ldap_mod_replace[$ldap_atribute] = $new_values[$atribute];
393	$this->db_functions->write_log("alterado $ldap_atribute do usuario",'',$dn,'','');
394	}
395	//ADD ATTRS OF CORPORATIVE
396	elseif (($old_values[$atribute] == '') && ($new_values[$atribute] != ''))
397	{
398	$ldap_add[$ldap_atribute] = $new_values[$atribute];
399	$this->db_functions->write_log("adicionado $ldap_atribute ao usuario",'',$dn,'','');
400	}
401	//REMOVE ATTRS OF CORPORATIVE
402	elseif (($old_values[$atribute] != '') && ($new_values[$atribute] == ''))
403	{
404	$ldap_remove[$ldap_atribute] = array();
405	$this->db_functions->write_log("removido $ldap_atribute do usuario",'',$dn,'','');
406	}
407	}
408	}
409	}
410
411	//Suporte ao SAMBA
412	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
413	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
414	{
415	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
416	{
417	if ($diff['sambaacctflags'])
418	{
419	$ldap_mod_replace['sambaacctflags'] = $new_values['sambaacctflags'];
420	$this->db_functions->write_log("alterado sambaacctflags do usuario",'',$dn,'','');
421	}
422	if ($diff['sambalogonscript'])
423	{
424	$ldap_mod_replace['sambalogonscript'] = $new_values['sambalogonscript'];
425	$this->db_functions->write_log("alterado sambalogonscript do usuario",'',$dn,'','');
426	}
427	if ($diff['sambahomedirectory'])
428	{
429	$ldap_mod_replace['homedirectory'] = $new_values['sambahomedirectory'];
430	$this->db_functions->write_log("alterado homedirectory do usuario",'',$dn,'','');
431	}
432	if ($diff['sambadomain'])
433	{
434	$ldap_mod_replace['sambaSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['uidnumber'])+1000);
435	$ldap_mod_replace['sambaPrimaryGroupSID'] = $diff['sambadomain'] . '-' . ((2 * $old_values['gidnumber'])+1001);
436	$this->db_functions->write_log("alterado dominio samba do usuario $dn para " . $params['sambadomain'],'',$dn,'','');
437	}
438	}
439	}
440
441	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
442	// ADD ou REMOVE some attributes
443	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
444
445	// Verifica o acesso ára adicionar ou remover tais atributos
446	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
447	{
448	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
449	// TELEPHONE
450	if (($old_values['telephonenumber'] == '') && ($new_values['telephonenumber'] != ''))
451	{
452	$ldap_add['telephonenumber'] = $new_values['telephonenumber'];
453	$this->db_functions->write_log("adicionado telephonenumber ao usuario",'',$dn,'','');
454	}
455	if (($old_values['telephonenumber'] != '') && ($new_values['telephonenumber'] == ''))
456	{
457	$ldap_remove['telephonenumber'] = array();
458	$this->db_functions->write_log("removido telephonenumber do usuario",'',$dn,'','');
459	}
460	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
461	// PREF_CHANGEPASSWORD
462	if (($old_values['changepassword'] == '') && ($new_values['changepassword'] != ''))
463	{
464	$this->db_functions->add_pref_changepassword($new_values['uidnumber']);
465	$this->db_functions->write_log("adicionado changepassword ao usuario",'',$dn,'','');
466	}
467	if (($old_values['changepassword'] != '') && ($new_values['changepassword'] == ''))
468	{
469	$this->db_functions->remove_pref_changepassword($new_values['uidnumber']);
470	$this->db_functions->write_log("removido changepassword do usuario",'',$dn,'','');
471	}
472	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
473	// ACCOUNT STATUS
474	if (($old_values['phpgwaccountstatus'] == '') && ($new_values['phpgwaccountstatus'] != ''))
475	{
476	$ldap_add['phpgwaccountstatus'] = 'A';
477	$this->db_functions->write_log("ativado conta do usuario",'',$dn,'','');
478	}
479	if (($old_values['phpgwaccountstatus'] != '') && ($new_values['phpgwaccountstatus'] == ''))
480	{
481	$ldap_remove['phpgwaccountstatus'] = array();
482	$this->db_functions->write_log("desativado conta do usuario",'',$dn,'','');
483	}
484	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
485	// ACCOUNT VISIBLE
486	if (($old_values['phpgwaccountvisible'] == '') && ($new_values['phpgwaccountvisible'] != ''))
487	{
488	$ldap_add['phpgwaccountvisible'] = '-1';
489	$this->db_functions->write_log("adicionado phpgwaccountvisible ao usuario",'',$dn,'','');
490	}
491	if (($old_values['phpgwaccountvisible'] != '') && ($new_values['phpgwaccountvisible'] == ''))
492	{
493	$ldap_remove['phpgwaccountvisible'] = array();
494	$this->db_functions->write_log("removido phpgwaccountvisible ao usuario",'',$dn,'','');
495	}
496	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
497	// PHOTO
498	if ($new_values['delete_photo'])
499	{
500	$this->ldap_functions->ldap_remove_photo($dn);
501	$this->db_functions->write_log("removido jpegphoto ao usuario",'',$dn,'','');
502	}
503	if ($_FILES['photo']['name'] != '')
504	{
505	if ($new_values['photo_exist'])
506	$photo_exist = true;
507	else
508	$photo_exist = false;
509	$this->ldap_functions->ldap_save_photo($dn, $_FILES['photo']['tmp_name'], $new_values['photo_exist'], $photo_exist);
510	$this->db_functions->write_log("adicionado jpegphoto ao usuario",'',$dn,'','');
511	}
512	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
513	// Mail Account STATUS
514	if (($old_values['accountstatus'] == '') && ($new_values['accountstatus'] != ''))
515	{
516	echo '<pre>';
517	print_r($old_values);
518	$ldap_add['accountstatus'] = 'active';
519	$this->db_functions->write_log("ativado conta de email do usuario",'',$dn,'','');
520	}
521	if (($old_values['accountstatus'] != '') && ($new_values['accountstatus'] == ''))
522	{
523	$ldap_remove['accountstatus'] = array();
524	$this->db_functions->write_log("desativado conta de email do usuario",'',$dn,'','');
525	}
526	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
527	// MAILALTERNATEADDRESS
528	if (($old_values['mailalternateaddress'] == '') && ($new_values['mailalternateaddress'] != ''))
529	{
530	$ldap_add['mailalternateaddress'] = $new_values['mailalternateaddress'];
531	$this->db_functions->write_log("adicionado mailalternateaddress ao usuario",'',$dn,'','');
532	}
533	if (($old_values['mailalternateaddress'] != '') && ($new_values['mailalternateaddress'] == ''))
534	{
535	$ldap_remove['mailalternateaddress'] = array();
536	$this->db_functions->write_log("removido mailalternateaddress ao usuario",'',$dn,'','');
537	}
538	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
539	// MAILFORWARDINGADDRESS
540	if (($old_values['mailforwardingaddress'] == '') && ($new_values['mailforwardingaddress'] != ''))
541	{
542	$ldap_add['mailforwardingaddress'] = $new_values['mailforwardingaddress'];
543	$this->db_functions->write_log("adicionado mailforwardingaddress ao usuario",'',$dn,'','');
544	}
545	if (($old_values['mailforwardingaddress'] != '') && ($new_values['mailforwardingaddress'] == ''))
546	{
547	$ldap_remove['mailforwardingaddress'] = array();
548	$this->db_functions->write_log("removido mailforwardingaddress ao usuario",'',$dn,'','');
549	}
550	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
551	// Delivery Mode
552	if (($old_values['deliverymode'] == '') && ($new_values['deliverymode'] != ''))
553	{
554	$ldap_add['deliverymode'] = 'forwardOnly';
555	$this->db_functions->write_log("adicionado forwardOnly ao usuario",'',$dn,'','');
556	}
557	if (($old_values['deliverymode'] != '') && ($new_values['deliverymode'] == ''))
558	{
559	$ldap_remove['deliverymode'] = array();
560	$this->db_functions->write_log("removido forwardOnly ao usuario",'',$dn,'','');
561	}
562	}
563
564	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
565	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'change_users_quote')) )
566	{
567	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
568	// MAILQUOTA
569	if ($diff['mailquota'])
570	{
571	$this->imap_functions->change_user_quota($new_values['uid'], $new_values['mailquota']);
572	$this->db_functions->write_log("alterado cota do usuario",'',$dn,'','');
573	}
574	}
575
576	if ( ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users')) \|\|
577	($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_sambausers_attributes')) )
578	{
579	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
580	// REMOVE ATTRS OF SAMBA
581	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] != 'on'))
582	{
583	$ldap_remove['objectclass'] = 'sambaSamAccount';
584	$ldap_remove['loginShell'] = array();
585	$ldap_remove['sambaSID'] = array();
586	$ldap_remove['sambaPrimaryGroupSID'] = array();
587	$ldap_remove['sambaAcctFlags'] = array();
588	$ldap_remove['sambaLogonScript'] = array();
589	$ldap_remove['sambaLMPassword'] = array();
590	$ldap_remove['sambaNTPassword'] = array();
591	$ldap_remove['sambaPasswordHistory'] = array();
592	$ldap_remove['sambaPwdCanChange'] = array();
593	$ldap_remove['sambaPwdLastSet'] = array();
594	$ldap_remove['sambaPwdMustChange'] = array();
595	$this->db_functions->write_log("removido atributos samba do usuario.",'',$dn,'','');
596	}
597	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
598	// ADD ATTRS OF SAMBA
599	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
600	{
601	//Verifica se o binario para criar as senhas do samba exite.
602	if (!is_file('/home/expressolivre/mkntpwd'))
603	{
604	$return['status'] = false;
605	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
606	}
607	else
608	{
609	$ldap_add['objectClass'][] = 'sambaSamAccount';
610	$ldap_mod_replace['loginShell'] = '/bin/bash';
611	$ldap_add['sambaSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['uidnumber'])+1000);
612	$ldap_add['sambaPrimaryGroupSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['gidnumber'])+1001);
613	$ldap_add['sambaAcctFlags'] = $new_values['sambaacctflags'];
614	$ldap_add['sambaLogonScript'] = $new_values['sambalogonscript'];
615	$ldap_mod_replace['homeDirectory'] = $new_values['sambahomedirectory'];
616	$ldap_add['sambaLMPassword'] = exec('/home/expressolivre/mkntpwd -L '.'senha');
617	$ldap_add['sambaNTPassword'] = exec('/home/expressolivre/mkntpwd -N '.'senha');
618	$ldap_add['sambaPasswordHistory'] = '0000000000000000000000000000000000000000000000000000000000000000';
619	$ldap_add['sambaPwdCanChange'] = strtotime("now");
620	$ldap_add['sambaPwdLastSet'] = strtotime("now");
621	$ldap_add['sambaPwdMustChange'] = '2147483647';
622	$this->db_functions->write_log("adicionado atributos samba do usuario.",'',$dn,'','');
623	}
624	}
625	}
626
627	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
628	// GROUPS
629	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
630	{
631	if (!$new_values['groups'])
632	$new_values['groups'] = array();
633	if (!$old_values['groups'])
634	$old_values['groups'] = array();
635
636	$add_groups = array_diff($new_values['groups'], $old_values['groups']);
637	$remove_groups = array_diff($old_values['groups'], $new_values['groups']);
638
639	if (count($add_groups)>0)
640	{
641	foreach($add_groups as $gidnumber)
642	{
643	$this->db_functions->add_user2group($gidnumber, $new_values['uidnumber']);
644	$this->ldap_functions->add_user2group($gidnumber, $new_values['uid']);
645	$this->db_functions->write_log("adicionado usuario ao grupo $gidnumber.",'',$dn,'','');
646	}
647	}
648
649	if (count($remove_groups)>0)
650	{
651	foreach($remove_groups as $gidnumber)
652	{
653	echo $gidnumber;
654
655	foreach($old_values['groups_info'] as $group)
656	{
657	if (($group['gidnumber'] == $gidnumber) && ($group['group_disabled'] == 'false'))
658	{
659	$this->db_functions->remove_user2group($gidnumber, $new_values['uidnumber']);
660	$this->ldap_functions->remove_user2group($gidnumber, $new_values['uid']);
661	$this->db_functions->write_log("removido usuario do grupo $gidnumber.",'',$dn,'','');
662	}
663	}
664	}
665	}
666
667	if ($diff['gidnumber'])
668	{
669	$ldap_mod_replace['gidnumber'] = $new_values['gidnumber'];
670	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($new_values['userSamba']) && ($new_values['use_attrs_samba'] == 'on'))
671	{
672	$ldap_mod_replace['sambaPrimaryGroupSID'] = $this->current_config['expressoAdmin_sambaSID'] . '-' . ((2 * $new_values['gidnumber'])+1001);
673	}
674	$this->db_functions->write_log("alterado gidnumber do usuario.",'',$dn,'','');
675	}
676	}
677	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
678	// LDAP_MOD_REPLACE
679	if (count($ldap_mod_replace))
680	{
681	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
682	if (!$result['status'])
683	{
684	$return['status'] = false;
685	$return['msg'] .= $result['msg'];
686	}
687	}
688
689	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
690	// LDAP_MOD_ADD
691	if (count($ldap_add))
692	{
693	print_r($ldap_add);
694	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
695	if (!$result['status'])
696	{
697	$return['status'] = false;
698	$return['msg'] .= $result['msg'];
699	}
700	}
701
702	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
703	// LDAP_MOD_REMOVE
704	if (count($ldap_remove))
705	{
706	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
707	if (!$result['status'])
708	{
709	$return['status'] = false;
710	$return['msg'] .= $result['msg'];
711	}
712	}
713	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
714
715
716	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_users'))
717	{
718	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
719	// MAILLISTS
720	if (!$new_values['maillists'])
721	$new_values['maillists'] = array();
722	if (!$old_values['maillists'])
723	$old_values['maillists'] = array();
724
725	$add_maillists = array_diff($new_values['maillists'], $old_values['maillists']);
726	$remove_maillists = array_diff($old_values['maillists'], $new_values['maillists']);
727
728	if (count($add_maillists)>0)
729	{
730	foreach($add_maillists as $uidnumber)
731	{
732	$this->ldap_functions->add_user2maillist($uidnumber, $new_values['mail']);
733	$this->db_functions->write_log("adicionado usuario a maillist $uidnumber.",'',$dn,'','');
734	}
735	}
736
737	if (count($remove_maillists)>0)
738	{
739	foreach($remove_maillists as $uidnumber)
740	{
741	$this->ldap_functions->remove_user2maillist($uidnumber, $new_values['mail']);
742	$this->db_functions->write_log("removido usuario da maillist $uidnumber.",'',$dn,'','');
743	}
744	}
745
746	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
747	// APPS
748	$new_values2 = array();
749	$old_values2 = array();
750	if (count($new_values['apps'])>0)
751	{
752	foreach ($new_values['apps'] as $app=>$tmp)
753	{
754	$new_values2[] = $app;
755	}
756	}
757	if (count($old_values['apps'])>0)
758	{
759	foreach ($old_values['apps'] as $app=>$tmp)
760	{
761	$old_values2[] = $app;
762	}
763	}
764	$add_apps = array_flip(array_diff($new_values2, $old_values2));
765	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
766
767	if (count($add_apps)>0)
768	{
769	$this->db_functions->add_id2apps($new_values['uidnumber'], $add_apps);
770
771	foreach ($add_apps as $app => $index)
772	$this->db_functions->write_log("Adicionado aplicativo $app ao usuário $dn",'',$dn,'','');
773	}
774	if (count($remove_apps)>0)
775	{
776	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
777	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
778
779	foreach ($remove_apps as $app => $app_index)
780	{
781	if ($manager_apps[$app] == 'run')
782	$remove_apps2[$app] = $app_index;
783	}
784	$this->db_functions->remove_id2apps($new_values['uidnumber'], $remove_apps2);
785
786	foreach ($remove_apps2 as $app => $access)
787	$this->db_functions->write_log("Removido aplicativo $app do usuário $dn",'',$dn,'','');
788	}
789	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
790	}
791	return $return;
792	}
793
794	function get_user_info($uidnumber)
795	{
796	$user_info_ldap = $this->ldap_functions->get_user_info($uidnumber);
797	$user_info_db1 = $this->db_functions->get_user_info($uidnumber);
798	$user_info_db2 = $this->ldap_functions->gidnumbers2cn($user_info_db1['groups']);
799	$user_info_imap = $this->imap_functions->get_user_info($user_info_ldap['uid']);
800	$user_info = array_merge($user_info_ldap, $user_info_db1, $user_info_db2, $user_info_imap);
801	return $user_info;
802	}
803
804	function set_user_default_password($params)
805	{
806	$return['status'] = true;
807	$uid = $params['uid'];
808	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
809
810	if (!$this->db_functions->default_user_password_is_set($uid))
811	{
812	$userPassword = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
813	$this->db_functions->set_user_password($uid, $userPassword);
814	}
815	else
816	{
817	$return['status'] = false;
818	$return['msg'] = 'Senha default já cadastrada!';
819	}
820
821	$this->db_functions->write_log('Setado senha default','',$uid,'','');
822
823	return $return;
824	}
825
826	function return_user_password($params)
827	{
828	$return['status'] = true;
829	$uid = $params['uid'];
830
831	if ($this->db_functions->default_user_password_is_set($uid))
832	{
833	$userPassword = $this->db_functions->get_user_password($uid);
834	$this->ldap_functions->set_user_password($uid, $userPassword);
835	}
836	else
837	{
838	$return['status'] = false;
839	$return['msg'] = 'Senha default NÃO cadastrada!';
840	}
841
842	$this->db_functions->write_log('Retornado senha default','',$uid,'','');
843
844	return $return;
845	}
846
847	function delete($params)
848	{
849	$return['status'] = true;
850
851	// Verifica o acesso do gerente
852	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_users'))
853	{
854	$uidnumber = $params['uidnumber'];
855	$user_info = $this->get_user_info($uidnumber);
856
857	//LDAP
858	$result_ldap = $this->ldap_functions->delete_user($user_info);
859	if (!$result_ldap['status'])
860	{
861	$return['status'] = false;
862	$return['msg'] .= $result_ldap['msg'];
863	}
864	else
865	{
866	//DB
867	$result_db = $this->db_functions->delete_user($user_info);
868	if (!$result_db['status'])
869	{
870	$return['status'] = false;
871	$return['msg'] .= $result_ldap['msg'];
872	}
873
874	//IMAP
875	$result_imap = $this->imap_functions->delete_user($user_info['uid']);
876	if (!$result_imap['status'])
877	{
878	$return['status'] = false;
879	$return['msg'] .= $result_ldap['msg'];
880	}
881	$this->db_functions->write_log('deletado usuario','',$user_info['uid'],'','');
882	}
883	}
884
885	return $return;
886	}
887
888
889	function rename($params)
890	{
891	$return['status'] = true;
892
893	// Verifica acesso do gerente (OU) ao tentar renomear um usuário.
894	if ( ! $this->ldap_functions->check_access_to_renamed($params['uid']) )
895	{
896	$return['status'] = false;
897	$return['msg'] .= 'Você não tem acesso para deletar este usuário.';
898	return $return;
899	}
900
901	// Verifica o acesso do gerente
902	if ($this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'rename_users'))
903	{
904	$uid = $params['uid'];
905	$new_uid = $params['new_uid'];
906	$defaultUserPassword = '{md5}'.base64_encode(pack("H*",md5($this->current_config['expressoAdmin_defaultUserPassword'])));
907	$defaultUserPassword_plain = $this->current_config['expressoAdmin_defaultUserPassword'];
908
909	$emailadmin_profiles = $this->db_functions->get_sieve_info();
910	$sieve_enable = $emailadmin_profiles[0]['imapenablesieve'];
911	$sieve_server = $emailadmin_profiles[0]['imapsieveserver'];
912	$sieve_port = $emailadmin_profiles[0]['imapsieveport'];
913
914	$imap_admin = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminUsername'];
915	$imap_passwd = $_SESSION['phpgw_info']['expresso']['email_server']['imapAdminPW'];
916	$imap_server = $_SESSION['phpgw_info']['expresso']['email_server']['imapServer'];
917	$imap_port = $_SESSION['phpgw_info']['expresso']['email_server']['imapPort'];
918	$imapDelimiter = $_SESSION['phpgw_info']['expresso']['email_server']['imapDelimiter'];
919
920	//Verifica se está sendo usuado cyrus 2.2 ou superior
921	$sk = fsockopen ($imap_server,$imap_port);
922	$server_resp = fread($sk, 100);
923	$tmp = split('v2.', $server_resp);
924	$cyrus_version = '2' . $tmp[1][0];
925	//$is_cyrus22 = strpos($server_resp, "v2.2");
926
927	if ($cyrus_version > '21')
928	{
929	// Seta senha default
930	$user_password = $this->ldap_functions->set_user_password($uid, $defaultUserPassword);
931
932	// Renomeia UID no openldap
933	$result = $this->ldap_functions->rename_uid($uid, $new_uid);
934	$new_dn = $result['new_dn'];
935	if (!$result['status'])
936	{
937	$return['status'] = false;
938	$return['msg'] .= "\n" . $result['msg'];
939	$return['msg'] .= "\nErro ao renomear usuário no LDAP. Processo abortado.";
940	return $return;
941	}
942
943	// Remove old UID do ldap
944	$user_info_mod_remove['uid'] = $uid;
945	$this->ldap_functions->remove_user_attributes($new_dn, $user_info_mod_remove);
946
947	//Renomeia mailbox
948	$result = $this->imap_functions->rename_mailbox($uid, $new_uid);
949	if (!$result['status'])
950	{
951	$return['status'] = false;
952	$return['msg'] .= "\n" . $result['msg'];
953	$return['msg'] .= "\nErro ao renomear usuário no Cyrus. Processo abortado.";
954	}
955
956	// Renomeia sieve script
957	include_once('sieve-php.lib.php');
958	$sieve=new sieve($sieve_server, $sieve_port, $new_uid, $defaultUserPassword_plain);
959
960	if ($sieve->sieve_login())
961	{
962	$sieve->sieve_listscripts();
963	$myactivescript=$sieve->response["ACTIVE"];
964	$sieve->sieve_getscript($myactivescript);
965
966	$script = '';
967	foreach($sieve->response as $result)
968	{
969	$script .= $result;
970	}
971
972	$scriptname = $new_uid;
973	if($sieve->sieve_sendscript($new_uid,$script))
974	{
975	if ($sieve->sieve_setactivescript($new_uid))
976	{
977	$sieve->sieve_deletescript($myactivescript);
978	}
979	}
980	else
981	{
982	$return['status'] = false;
983	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no envio do novo script.";
984	}
985	$sieve->sieve_logout();
986	}
987	else
988	{
989	$return['status'] = false;
990	$return['msg'] .= $result['msg'] . "\nErro ao renomear script sieve, falha no Login.";
991	}
992
993	// Retorna senha do usuário
994	$this->ldap_functions->set_user_password($new_uid, $user_password);
995
996	$this->db_functions->write_log('renomeado usuario',$new_uid,$uid,'','');
997
998	$return['exec_return'] = "";
999	}
1000	else
1001	{
1002	$return['status'] = false;
1003	$return['msg'] .= "A renomeação de usuários só permitida com o cyrus versão 2.2 ou superior,";
1004	$return['msg'] .= "\ne com a opção 'allowusermoves: yes' configurado no imapd.conf.";
1005	}
1006	return $return;
1007	}
1008	}
1009
1010	function write_log_from_ajax($params)
1011	{
1012	$this->db_functions->write_log($params['_action'],'',$params['userinfo'],'','');
1013	return true;
1014	}
1015	}
1016	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: