summaryrefslogtreecommitdiff
path: root/www/admin/user/user.php.in
diff options
context:
space:
mode:
authorRichard Bos <richard@radoeka.nl>2005-12-30 11:07:18 (GMT)
committerRichard Bos <richard@radoeka.nl>2005-12-30 11:07:18 (GMT)
commit02aacc02e5e0058fcbc94b57800fd88a66708b6c (patch)
tree38ef5fb9085c9b3f2f92206d48f920a5a68735de /www/admin/user/user.php.in
parent6472683b520ca2b879e443d98c7b919a291ff41a (diff)
downloadkolab-webadmin-02aacc02e5e0058fcbc94b57800fd88a66708b6c.tar.gz
Added suffix ".in" to the files:
php/admin/include/auth.class.php php/admin/include/headers.php php/admin/templates/page.tpl www/admin/logout.php www/admin/user/user.php
Diffstat (limited to 'www/admin/user/user.php.in')
-rw-r--r--www/admin/user/user.php.in846
1 files changed, 846 insertions, 0 deletions
diff --git a/www/admin/user/user.php.in b/www/admin/user/user.php.in
new file mode 100644
index 0000000..68ed47d
--- /dev/null
+++ b/www/admin/user/user.php.in
@@ -0,0 +1,846 @@
+<?php
+/*
+ (c) 2004 Klarlvdalens Datakonsult AB
+ (c) 2004 Martin Konold erfrakon <martin.konold@erfrakon.de>
+ This program is Free Software under the GNU General Public License (>=v2).
+ Read the file COPYING that comes with this packages for details.
+*/
+
+require_once('admin/include/mysmarty.php');
+require_once('admin/include/headers.php');
+require_once('admin/include/locale.php');
+require_once('admin/include/authenticate.php');
+require_once('admin/include/form.class.php');
+
+/**** Functions ***/
+function comment( $s ) {
+ return $s;
+}
+
+function is_unique ($a, $b) {
+ global $ldap;
+ if (($result = $ldap->search( $_SESSION['base_dn'],"(".$a."=".$ldap->escape($b).")")) &&
+ (ldap_count_entries($ldap->connection,$result) <= 0))
+ return true;
+ return false;
+}
+
+function domain_dn()
+{
+ /*
+ global $ldap;
+ global $errors;
+ if ($dattrs = $ldap->read( 'k=kolab,'.$_SESSION['base_dn'])) {
+ $domain = $dattrs['postfix-mydomain'][0];
+ $dcs = array_reverse(explode('.', $domain));
+ $domain_dn = $_SESSION['base_dn'];
+ foreach ($dcs as $dc) $domain_dn = "dc=$dc,".$domain_dn;
+
+ } else {
+ array_push($errors, "LDAP Error: could not determin domain");
+ $domain_dn = $_SESSION['base_dn'];
+ }
+ return $domain_dn;
+ */
+ return $_SESSION['base_dn'];
+}
+
+// return tru if $str ends with $sub
+function endsWith( $str, $sub ) {
+ return ( substr( $str, strlen( $str ) - strlen( $sub ) ) == $sub );
+}
+
+// Check that a uid is unique
+function checkuniquemail( $form, $key, $value ) {
+ debug("checkuniquemail( $form, $key, $value )");
+ global $ldap;
+ global $auth;
+ $value = trim($value);
+ if( $value == '' ) return _('Please enter an email address');
+
+ // Check that we are in the domain
+ $kolab = $ldap->read( 'k=kolab,'.$_SESSION['base_dn'] );
+ if( $auth->group() == 'domain-maintainer' ) {
+ $domains = $ldap->domainsForMaintainerDn($auth->dn());
+ } else {
+ $domains = $kolab['postfix-mydestination'];
+ unset($domains['count']);
+ }
+ debug("value=$value, domain=$domains");
+ $ok = false;
+ foreach( $domains as $domain ) {
+ if( endsWith( $value, '@'.$domain ) ) {
+ $ok = true;
+ }
+ }
+ if(!$ok) return sprintf(_("Email address %1\$s not in domains %2\$s"), $value, join(", ", $domain));
+
+ if( $ldap->countMail( $_SESSION['base_dn'], $value ) > 0 ) {
+ return _('User, vCard or distribution list with this email address already exists');
+ } else {
+ return '';
+ }
+}
+
+function checkuniquealias( $form, $key, $value ) {
+ global $ldap;
+ global $action;
+ global $dn;
+ $excludedn = false;
+ if( $action == 'save' ) $excludedn = trim($dn);
+ $lst = array_unique( array_filter( array_map( 'trim', preg_split( '/\n/', $value ) ), 'strlen') );
+ $str = '';
+ foreach( $lst as $alias ) {
+ debug( "looking at $alias, exluding $dn" );
+ if( $ldap->countMail( $_SESSION['base_dn'], $alias, $excludedn ) > 0 ) {
+ $str .= _('Email address ').MySmarty::htmlentities($alias)._(' collision <br />');
+ }
+ }
+ return $str;
+}
+
+function checkuid( $form, $key, $value ) {
+ global $ldap;
+ global $action;
+ global $dn;
+ $excludedn = false;
+ if( $action == 'save' ) $excludedn = trim($dn);
+ $lst = array_unique( array_filter( array_map( 'trim', preg_split( '/\n/', $value ) ), 'strlen') );
+ $str = '';
+ foreach( $lst as $uid ) {
+ if( $ldap->countMail( $_SESSION['base_dn'], $uid, $excludedn ) > 0 ) {
+ $str .= _('UID ').MySmarty::htmlentities($uid)._(' collision <br />');
+ }
+ }
+ return $str;
+}
+
+function checkdelegate( $form, $key, $value ) {
+ global $ldap;
+ global $action;
+ global $dn;
+
+ $lst = array_unique( array_filter( array_map( 'trim', preg_split( '/\n/', $value ) ), 'strlen') );
+ $str = '';
+ foreach( $lst as $delegate ) {
+ if( $ldap->count( $ldap->search( $_SESSION['base_dn'], '(mail='.$ldap->escape($delegate).')' ) ) == 0 ) {
+ return sprintf(_("Delegate %s does not exist"), $delegate);
+ }
+ }
+ return '';
+}
+
+// Check uid/gid used in invitation policy
+// We're pretty relaxed about what is entered
+// here and only check some basic syntax
+function checkpolicy( $form, $key, $value ) {
+ foreach( $value as $v ) {
+ $v = trim($v);
+ if( !empty($v) && !ereg('^([0-9a-zA-Z._@ ]|-)*$', $v ) ) {
+ return sprintf(_("Illegal user or group %s"), $v);
+ }
+ }
+ return '';
+}
+
+// Check that password match
+function checkpw( $form, $key, $value ) {
+ global $action;
+ if( $action == 'firstsave' ) {
+ if( $key == 'password_0' ) {
+ if( $value == '' ) return _('Password is empty');
+ } else if( $key == 'password_1' ) {
+ if( $value != $_POST['password_0'] ) {
+ return _('Passwords dont match');
+ }
+ }
+ } else {
+ if( $value != $_POST['password_0'] ) {
+ return _('Passwords dont match');
+ }
+ }
+ return '';
+}
+
+function policy2number( $pol, $default = 3 )
+{
+ // Translate policy to number
+ switch ($pol) {
+ case 'ACT_ALWAYS_ACCEPT': return 0;
+ case 'ACT_ALWAYS_REJECT': return 1;
+ case 'ACT_REJECT_IF_CONFLICTS': return 2;
+ case 'ACT_MANUAL_IF_CONFLICTS': return 3;
+ case 'ACT_MANUAL': return 4;
+ default: return $default;
+ }
+}
+
+function apply_attributeaccess( &$entries ) {
+ global $params;
+ $attributeaccess =& $params['attribute_access'];
+ foreach( $entries as $key=>$value ) {
+ if( ereg( '(.*)_[0-9]', $key, $regs ) ) {
+ $akey = $regs[1];
+ } else {
+ $akey = $key;
+ }
+ if( isset($attributeaccess[$akey] ) ) {
+ if( $attributeaccess[$akey] == 'ro' ) {
+ $entries[$key]['attrs'] = 'readonly';
+ } else if( $attributeaccess[$akey] == 'hidden' ) {
+ unset($entries[$key]);
+ } else if( $attributeaccess[$akey] == 'mandatory' ) {
+ if( isset( $entries[$key]['validation'] ) ) {
+ if( is_array( $entries[$key]['validation'] ) ) {
+ $entries[$key]['validation'][] = 'notempty';
+ } else {
+ $entries[$key]['validation'][] = array( $entries[$key]['validation'], 'notempty' );
+ }
+ } else {
+ $entries[$key]['validation'] = 'notempty';
+ }
+ }
+ }
+ }
+}
+
+function fill_form_for_modify( &$form, $dn, &$ldap_object ) {
+ global $auth;
+ if (is_array($ldap_object['sn'])) $sn = $ldap_object['sn'][0];
+ else $sn = $ldap_object['sn'];
+ if (is_array($ldap_object['cn'])) $cn = $ldap_object['cn'][0];
+ else $cn = $ldap_object['cn'];
+ if ($sn) {
+ $a = strlen($sn);
+ if ($cn) {
+ $b = strlen($cn);
+ $givenname = substr($cn, 0, $b - $a);
+ }
+ }
+ if (is_array($ldap_object['mail'])) $mail = $ldap_object['mail'][0];
+ else $mail = $ldap_object['mail'];
+ if (is_array($ldap_object['uid'])) $uid = $ldap_object['uid'][0];
+ else $uid = $ldap_object['uid'];
+ $form->entries['givenname']['value'] = $givenname;
+ $form->entries['sn']['value'] = $sn;
+ $form->entries['password_0']['value'] = '';
+ $form->entries['password_1']['value'] = '';
+ $form->entries['mail']['value'] = $mail;
+ $form->entries['mail']['attrs'] = 'readonly';
+ $form->entries['uid']['value'] = $uid;
+
+ // accttype
+ $dncomp = split( ',', $dn );
+ if( in_array('cn=groups',$dncomp) ) {
+ $form->entries['accttype']['value'] = 2;
+ } else if( in_array('cn=resources',$dncomp) ) {
+ $form->entries['accttype']['value'] = 3;
+ } else if( in_array('cn=internal',$dncomp) ) {
+ $form->entries['accttype']['value'] = 1;
+ } else {
+ $form->entries['accttype']['value'] = 0;
+ }
+ if( $auth->group() == 'user' ) $form->entries['accttype']['attrs'] = 'readonly';
+
+ // Automatic invitation handling
+ $policies = array();
+ for( $i = 0; $i < $ldap_object['kolabInvitationPolicy']['count']; $i++ ) {
+ $resact = $ldap_object['kolabInvitationPolicy'][$i];
+ debug("resact=$resact");
+ if( ereg( '(.*):(.*)', trim($resact), $regs ) ) {
+ $user = trim($regs[1]);
+ $pol = trim($regs[2]);
+ if( empty($user) ) continue;
+ } else {
+ $user = 'anyone';
+ $pol = trim($resact);
+ }
+ if( $form->entries['accttype']['value'] == 1 ) {
+ // default for groups
+ $pol = policy2number( $pol, 3 /*ACT_MANUAL_IF_CONFLICTS*/ );
+ } else {
+ // default for resources
+ $pol = policy2number( $pol, 2 /*ACT_REJECT_IF_CONFLICTS*/ );
+ }
+ $policies[$user] = $pol;
+ }
+ if( !isset( $policies['anyone'] ) ) $policies['anyone'] = 4 /*ACT_MANUAL*/;
+ $form->entries['kolabinvitationpolicy']['policies'] = $policies;
+
+ foreach( array( 'title', 'o', 'ou', 'roomNumber', 'street',
+ 'postOfficeBox', 'postalCode', 'l', 'c',
+ 'telephoneNumber', 'facsimileTelephoneNumber' ) as $attr ) {
+ if (is_array($ldap_object[$attr])) $v = $ldap_object[$attr][0];
+ else $v = $ldap_object[$attr];
+ $form->entries[$attr.'_0']['value'] = $v;
+ }
+
+ // alias
+ if (is_array($ldap_object['alias'])) {
+ $arr = $ldap_object['alias'];
+ unset( $arr['count'] );
+ $v = join("\n", $arr );
+ }
+ else $v = "";
+ $form->entries['alias']['value'] = $v;
+
+ // kolabdelegate
+ if (is_array($ldap_object['kolabDelegate'])) {
+ $arr = $ldap_object['kolabDelegate'];
+ unset( $arr['count'] );
+ $v = join("\n", $arr );
+ }
+ else $v = "";
+ $form->entries['kolabdelegate']['value'] = $v;
+
+ // kolabhomeserver
+ if( is_array($ldap_object['kolabHomeServer']) ) {
+ $form->entries['kolabhomeserver']['value'] = $ldap_object['kolabHomeServer'][0];
+ }
+ $form->entries['kolabhomeserver']['attrs'] = 'readonly';
+
+ $form->entries['action']['value'] = 'save';
+
+ // userquota
+ if( isset( $form->entries['cyrus-userquota'] ) ) {
+ if (is_array($ldap_object['cyrus-userquota'])) $userquota = $ldap_object['cyrus-userquota'][0];
+ else $userquota = $ldap_object['cyrus-userquota'];
+ if( $userquota > 0 ) {
+ $form->entries['cyrus-userquota']['value'] = $userquota;
+ } else {
+ $form->entries['cyrus-userquota']['value'] = '';
+ }
+ }
+
+ // freebusyfuture
+ if( isset( $form->entries['kolabFreeBusyFuture_0'] ) ) {
+ if( is_array( $ldap_object['kolabFreeBusyFuture'] ) )
+ $freebusyfuture = $ldap_object['kolabFreeBusyFuture'][0];
+ else $freebusyfuture = $ldap_object['kolabFreeBusyFuture'];
+ }
+ $form->entries['kolabFreeBusyFuture_0']['value'] = $freebusyfuture;
+}
+
+/**** Authentication etc. ***/
+$sidx = 'user';
+
+require_once('admin/include/menu.php');
+$menuitems[$sidx]['selected'] = 'selected';
+
+/**** Logic ***/
+$errors = array();
+$messages = array();
+$valid_actions = array('save','firstsave','modify','create','delete','kill');
+$contenttemplate = 'formcontainer.tpl';
+
+// Get request data
+if (!empty($_REQUEST['action']) &&
+ in_array($_REQUEST['action'],$valid_actions)) $action = trim($_REQUEST['action']);
+else array_push($errors, _("Error: need valid action to proceed") );
+$dn="";
+if (!empty($_REQUEST['dn'])) $dn = trim($_REQUEST['dn']);
+
+if( $auth->group() == 'user' ) {
+ $dn = $auth->dn();
+}
+
+// Check auth
+if (!$errors && $auth->group() != 'maintainer' && $auth->group() != 'admin' &&
+ $auth->group() != 'domain-maintainer' &&
+ !($auth->group() == 'user' && $dn == $auth->dn() )) {
+ array_push($errors, _("Error: You don't have the required Permissions") );
+} else if( $auth->group() == 'domain-maintainer' ) {
+ // TODO(steffen): Check that user is in correct domain(s)
+}
+
+
+if( !$errors && $auth->group() == 'user' && ($action == 'firstsave' || $action == 'kill' ) ) {
+ $errors[] = _("Error: You don't have the required Permissions");
+}
+
+// Fill in data
+if ($action == "create") {
+ $comment_mail = _('Required, non volatile');
+ $comment_password = _('Required');
+ $comment_kolabhomeserver = _('Required, non volatile');
+} else {
+ $comment_mail = _('Non volatile');
+ $comment_password = _('Leave blank to keep password unchanged');
+ $comment_kolabhomeserver = _('Non volatile');
+}
+
+$entries = array( 'givenname' => array( 'name' => _('First Name'),
+ 'validation' => 'notempty',
+ 'comment' => _('Required') ),
+ 'sn' => array( 'name' => _('Last Name'),
+ 'validation' => 'notempty',
+ 'comment' => _('Required') ),
+ 'password_0' => array( 'name' => _('Password'),
+ 'type' => 'password',
+ 'validation' => 'checkpw',
+ 'comment' => $comment_password ),
+ 'password_1' => array( 'name' => _('Verify Password'),
+ 'type' => 'password',
+ 'validation' => 'checkpw',
+ 'comment' => $comment_password ),
+ 'mail' => array( 'name' => _('Primary Email Address'),
+ 'type' => 'email',
+ 'domains' => ($auth->group()=='domain-maintainer')?$ldap->domainsForMaintainerDn($auth->dn()):$ldap->domains(),
+ 'validation' => 'notempty',
+ 'comment' => $comment_mail ),
+ 'uid' => array( 'name' => _('Unique Identity (UID)'),
+ 'validation' => 'checkuid',
+ 'comment' => _('Optional - Defaults to Primary Email Address') ),
+ 'kolabhomeserver' => array( 'name' => _('Mailbox Home Server'),
+ 'validation' => 'notempty',
+ 'comment' => $comment_kolabhomeserver,
+ 'value' => $_SESSION['fqdnhostname'] ),
+ 'accttype' => array( 'name' => _('Account Type'),
+ 'type' => 'select',
+ 'options' => array( _('User Account'), _('Internal User Account'), _('Group Account'), _('Resource Account') ),
+ 'value' => 0,
+ 'comment' => _('NOTE: An internal user is a user that will not be visible in the address book')),
+ 'kolabinvitationpolicy' => array( 'name' => _('Invitation Policy'),
+ 'type' => 'resourcepolicy',
+ 'policies' => array('anyone' => 4),
+ 'validation' => 'checkpolicy',
+ 'comment' => _('For automatic invitation handling') . '<br/>' .
+ _("NOTE: For regular accounts to use this feature, give the 'calendar' user access to the Calendar folder") ),
+ 'title_0' => array( 'name' => _('Title') ) );
+$entries['alias'] = array( 'name' => _('Email Aliases'),
+ 'type' => 'textarea',
+ 'validation' => 'checkuniquealias',
+ 'comment' => _('One address per line') );
+$entries['kolabdelegate'] =array( 'name' => _('Delegates'),
+ 'type' => 'textarea',
+ 'validation' => 'checkdelegate',
+ 'comment' => _('One Email address per line') );
+$entries['o_0'] = array( 'name' => _('Organisation') );
+$entries['ou_0'] = array( 'name' => _('Organisational Unit') );
+$entries['roomNumber_0'] = array( 'name' => _('Room Number') );
+$entries['street_0'] = array( 'name' => _('Street Address') );
+$entries['postOfficeBox_0'] = array( 'name' => _('Postbox') );
+$entries['postalCode_0'] = array( 'name' => _('Postal Code') );
+$entries['l_0'] = array( 'name' => _('City') );
+$entries['c_0'] = array( 'name' => _('Country') );
+$entries['telephoneNumber_0'] = array( 'name' => _('Telephone Number') );
+$entries['facsimileTelephoneNumber_0'] = array( 'name' => _('Fax Number') );
+if( $auth->group() == 'admin' || $auth->group() == 'maintainer' || $auth->group() == 'domain-maintainer' ) {
+ $entries['cyrus-userquota'] = array( 'name' => _('User Quota in MBytes'),
+ 'comment' => _('Leave blank for unlimited') );
+} else {
+ $entries['givenname']['attrs'] = 'readonly';
+ $entries['sn']['attrs'] = 'readonly';
+ $entries['givenname']['comment'] = '';
+ $entries['sn']['comment'] = '';
+ $entries['alias']['attrs'] = 'readonly';
+ $entries['kolabhomeserver']['attrs'] = 'readonly';
+ $entries['accttype']['attrs'] = 'readonly';
+ $entries['uid']['attrs'] = 'readonly';
+}
+$entries['kolabFreeBusyFuture_0'] = array( 'name' => _('Free/Busy interval in days'),
+ 'comment' => _('Leave blank for default (60 days)') );
+$entries['action'] = array( 'name' => 'action',
+ 'type' => 'hidden' );
+
+if( $dn ) {
+ $ldap_object = $ldap->read( $dn );
+ if( !$ldap_object ) {
+ array_push($errors, sprintf(_("LDAP Error: No such dn: %s: %s"), $dn, ldap_error($ldap->connection)));
+ }
+}
+
+if( $auth->group() == 'user' ) {
+ apply_attributeaccess( $entries );
+}
+$form =& new KolabForm( 'user', 'createuser.tpl', $entries );
+/***************** Main action swicth **********************/
+switch( $action ) {
+ case 'firstsave':
+ debug("adding checkuniquemail to validation");
+ $form->entries['mail']['validation'] = 'checkuniquemail';
+ case 'save':
+ if( $form->isSubmitted() ) {
+ if( !$form->validate() ) {
+ $form->setValues();
+ $content = $form->outputForm();
+ } else {
+ $ldap_object = array();
+ $ldap_object['objectClass'] = array('top', 'inetOrgPerson','kolabInetOrgPerson');
+ $ldap_object['sn'] = trim($_POST['sn']);
+ $ldap_object['cn'] = trim($_POST['givenname']).' '.$ldap_object['sn'];
+ $ldap_object['givenName'] = trim($_POST['givenname']);
+ if( !empty( $_POST['password_0'] ) ) {
+ $ldap_object['userPassword'] = '{sha}'.base64_encode( pack('H*',
+ sha1( $_POST['password_0'])));
+ if( $action == 'save' && $auth->dn() == $dn ) {
+ // We are editing our own password, let's update the session!
+ $auth->setPassword($_POST['password_0']);
+ }
+
+ /* The code below is disabled for now because we're
+ not going to use that encrypted password anyway.
+
+ TODO: Clean it up once we're sure we don't want it
+ */
+ if( false && isset( $_POST['accttype'] ) && $_POST['accttype'] > 1 ) {
+ // We have a group or resource, create encrypted pw
+ $pubkeydata=file_get_contents("$kolab_prefix/etc/kolab/res_pub.pem" );
+ $pkey = openssl_pkey_get_public( $pubkeydata );
+ if( $pkey === false ) {
+ $sslerr = sprintf(_("Could not read resource encryption public key file://%s/etc/kolab/res_pub.pem: "),
+ $kolab_prefix);
+ while( $msg = openssl_error_string() )
+ $sslerr .= $msg.' ';
+ $errors[] = $sslerr;
+ } else {
+ if( !openssl_public_encrypt( $_POST['password_0'], $encpw, $pkey ) ) {
+ $sslerr = _("Could not encrypt password: ");
+ while( $msg = openssl_error_string() )
+ $sslerr .= $msg.' ';
+ $errors[] = $sslerr;
+ } else {
+ $ldap_object['kolabEncryptedPassword'] = base64_encode( $encpw );
+ }
+ openssl_free_key( $pkey );
+ }
+ }
+ }
+ $ldap_object['mail'] = trim( strtolower( $_POST['user_mail'] ) ).'@'.trim( strtolower( $_POST['domain_mail'] ) );
+ $ldap_object['uid'] = trim( strtolower( $_POST['uid'] ) );
+ if( $action == 'firstsave' ) {
+ if ($ldap_object['uid'] == "") $ldap_object['uid'] = $ldap_object['mail'];
+ $ldap_object['kolabHomeServer'] = trim($_POST['kolabhomeserver']);
+ } else {
+ unset($ldap_object['kolabHomeServer']);
+ }
+ foreach( array( 'title', 'o', 'ou', 'roomNumber', 'street', 'postOfficeBox',
+ 'postalCode', 'l', 'c', 'telephoneNumber',
+ 'facsimileTelephoneNumber', 'kolabFreeBusyFuture' ) as $attr ) {
+ $count = 0;
+ $key = $attr."_0";
+ $args = array();
+ while (!empty($_POST[$key])) {
+ $args[$count] = trim($_POST[$key]);
+ $count++;
+ $key = $attr."_".$count;
+ }
+ if ($count > 0) $ldap_object[$attr] = $args;
+ elseif (!empty($_POST[$key])) $ldap_object[$attr] = $_POST[$key];
+ else $ldap_object[$attr] = array();
+ }
+ {
+ // Handle group/resource policies
+ $i = 0;
+ $ldap_object['kolabInvitationPolicy'] = array();
+ while( isset( $_POST['user_kolabinvitationpolicy_'.$i] ) ) {
+ $user = $_POST['user_kolabinvitationpolicy_'.$i];
+ $pol = (int)$_POST['policy_kolabinvitationpolicy_'.$i];
+ debug("Looking at $user:$pol");
+ $i++;
+ if( !empty($user) && 0 <= $pol && $pol < 5 ) {
+ $ra = array('ACT_ALWAYS_ACCEPT',
+ 'ACT_ALWAYS_REJECT',
+ 'ACT_REJECT_IF_CONFLICTS',
+ 'ACT_MANUAL_IF_CONFLICTS',
+ 'ACT_MANUAL' );
+ if( $ra[$pol] ) {
+ $ldap_object['kolabInvitationPolicy'][] = ($user=='anyone'?"":"$user:").$ra[$pol];
+ }
+ }
+ }
+ }
+ $dn_add = "";
+
+ // kolabdelegate
+ $ldap_object['kolabDelegate'] = array_unique( array_filter( array_map( 'trim',
+ preg_split( '/\n/', $_POST['kolabdelegate'] ) ), 'strlen') );
+ if( !$ldap_object['kolabDelegate'] && $action == 'firstsave' ) unset($ldap_object['kolabDelegate']);
+
+
+ if ($auth->group() == "maintainer" || $auth->group() == "admin") {
+ // alias
+ $ldap_object['alias'] = array_unique( array_filter( array_map( 'trim', preg_split( '/\n/', $_POST['alias'] ) ), 'strlen') );
+ if( !$ldap_object['alias'] && $action == 'firstsave' ) unset($ldap_object['alias']);
+
+ // userquota
+ if( isset( $_POST['cyrus-userquota'] ) ) {
+ $ldap_object['cyrus-userquota'] = trim($_POST['cyrus-userquota']);
+ if( empty( $ldap_object['cyrus-userquota'] ) ) {
+ $ldap_object['cyrus-userquota'] = array();
+ }
+ }
+ }
+ if( $_POST['accttype'] == 0 ) $dn_accttype='';
+ else if( $_POST['accttype'] == 1 ) $dn_accttype='cn=internal,';
+ else if( $_POST['accttype'] == 2 ) $dn_accttype='cn=groups,';
+ else if( $_POST['accttype'] == 3 ) $dn_accttype='cn=resources,';
+ $domain_dn = $dn_accttype.domain_dn();
+
+ if ($action == "save") {
+ if (!$errors) {
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$domain_dn;
+ else $newdn = $dn;
+ if (strcmp($dn,$newdn) != 0) {
+ // Check for distribution lists with this user as member
+ $ldap->search( $_SESSION['base_dn'],
+ '(&(objectClass=kolabGroupOfNames)(!(kolabDeleteFlag=*))(member='.$ldap->escape($dn).'))',
+ array( 'dn', 'mail' ) );
+ $distlists = $ldap->getEntries();
+ unset( $distlists['count'] );
+ foreach( $distlists as $distlist ) {
+ $dlcn = $distlist['mail'][0];
+ $errors[] = sprintf(_("Account DN could not be modified, distribution list <a href='@webserver_web_prefix@/admin/distributionlist/list.php?action=modify&dn=%s'>'%s'</a> depends on it. To modify this account, first remove it from the distribution list."), urlencode($distlist['dn']), $dlcn );
+ }
+
+ if (($result=ldap_read($ldap->connection,$dn,"(objectclass=*)")) &&
+ ($entry=ldap_first_entry($ldap->connection,$result)) &&
+ ($oldattrs=ldap_get_attributes($ldap->connection,$entry))) {
+ $ldap_object['uid'] = $oldattrs['uid'][0];
+ $ldap_object['mail'] = $oldattrs['mail'][0];
+ unset( $oldattrs['count'] );
+ foreach( $oldattrs as $k => $v ) {
+ if( is_int($k) ) continue;
+ if( !$ldap_object[$k] ) {
+ unset($v['count'] );
+ if( count($v) > 1 ) {
+ $ldap_object[$k] = $v;
+ } else {
+ $ldap_object[$k] = $v[0];
+ }
+ }
+ }
+ if( !$ldap_object['userPassword'] ) $ldap_object['userPassword'] = $oldattrs['userPassword'][0];
+ foreach( $ldap_object as $k => $v ) {
+ if( $v == array() ) unset($ldap_object[$k]);
+ }
+ $tmprdn = "cn=".str_rand(16);
+ $explodeddn = ldap_explode_dn( $dn, 0 );
+ unset($explodeddn['count']);
+ unset($explodeddn[0]);
+ $tmpbasedn = join(",",$explodeddn);
+ if ( !$errors && !ldap_rename($ldap->connection,$dn,$tmprdn,$tmpbasedn,false) ) {
+ array_push($errors, sprintf(_("LDAP Error: Could not rename %1\$s to %2\$s: %3\$s"), $dn, $tmprdn,
+ ldap_error($ldap->connection)));
+ }
+ if ( !$errors && !ldap_add($ldap->connection,$newdn, $ldap_object) ) {
+ array_push($errors, sprintf(_("LDAP Error: Could not rename %1\$s to %2\$s: %3\$s"), $dn, $newdn,
+ ldap_error($ldap->connection)));
+ }
+ if( !$errors ) {
+ if( !ldap_delete($ldap->connection,$tmprdn.','.$tmpbasedn)) {
+ array_push($errors, sprintf(_("LDAP Error: Could not remove old entry %s,%s: %s"),
+ $tmprdn, $tmpbasedn,
+ ldap_error($ldap->connection)));
+ }
+ }
+ $dn = $newdn;
+ } else array_push($errors, sprintf(_("LDAP Error: Could not read %s: %s"), $dn,
+ ldap_error($ldap->connection)));
+ } else {
+ //$ldap_object = fill_up($ldap_object);
+ if ($auth->group() == "user") {
+ unset($ldap_object['sn']);
+ unset($ldap_object['cn']);
+ unset($ldap_object['mail']);
+ unset($ldap_object['uid']);
+ unset($ldap_object['kolabHomeServer']);
+ }
+ if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
+ array_push($errors, sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,
+ ldap_error($ldap->connection)));
+ debug_var_dump( $ldap_object );
+ }
+ }
+ // Check for collisions on alias
+ for( $i = 0; $i < count($ldap_object['alias']); ++$i ) {
+ if( $ldap->countMail( $_SESSION['base_dn'], $alias, $dn ) > 0 ) {
+ // Ups!!!
+ $alias = $ldap_object['alias'][$i];
+ $newalias = md5sum( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
+ $ldap_object['alias'][$i] = $newalias;
+ if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
+ $errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,
+ ldap_error($ldap->connection));
+ }
+ $error[] = sprintf(_("Mid-air collision detected, alias %1\$s renamed to %2\$s"),
+ $alias, $newalias);
+ }
+ }
+ }
+ $heading = _('Modify User');
+ if( !$errors ) $messages[] = sprintf(_("User '%s' successfully modified"), $dn);
+ $form->setValues();
+ $form->entries['mail']['attrs'] = 'readonly';
+ $form->entries['kolabhomeserver']['attrs'] = 'readonly';
+ $form->entries['action']['value'] = 'save';
+ $form->entries['dn'] = array( 'name' => 'dn',
+ 'type' => 'hidden',
+ 'value' => $dn );
+ $content = $form->outputForm();
+ } else {
+ // firstsave
+ if (!$errors) {
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).$dn_add.",".$domain_dn;
+ foreach( $ldap_object as $k => $v ) {
+ if( $v == array() ) unset($ldap_object[$k]);
+ }
+ debug("Calling ldap_add with dn=$dn");
+ if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object))
+ array_push($errors, sprintf(_("LDAP Error: could not add object %s: %s"), $dn,
+ ldap_error($ldap->connection)));
+
+ // Check for mid-air collisions on mail
+ if( $ldap->countMail( $_SESSION['base_dn'], $ldap_object['mail'], $dn ) > 0 ) {
+ // Ups!!!
+ $mail = $ldap_object['mail'];
+ $newmail = md5sum( $dn.$mail ).'@'.substr( $mail, 0, strpos( $mail, '@' ) );
+ $ldap_object['uid'] = $ldap_object['mail'] = $newmail;
+ if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
+ $errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,
+ ldap_error($ldap->connection));
+ }
+ $error[] = sprintf(_("Mid-air collision detected, email address %1\$s renamed to %2\$s"),
+ $mail, $newmail);
+ }
+
+ // Check for collisions on alias
+ for( $i = 0; $i < count($ldap_object['alias']); ++$i ) {
+ if( $ldap->countMail( $_SESSION['base_dn'], $alias, $dn ) > 0 ) {
+ // Ups!!!
+ $alias = $ldap_object['alias'][$i];
+ $newalias = md5sum( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
+ $ldap_object['alias'][$i] = $newalias;
+ if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
+ $errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,
+ ldap_error($ldap->connection));
+ }
+ $error[] = sprintf(_("Mid-air collision detected, alias %1\$s renamed to %2\$s"),
+ $alias, $newalias);
+ }
+ }
+
+ if( !$errors ) {
+ $messages[] = _('User ').$ldap_object['dn']._(' successfully created');
+ $heading = _('Create New User');
+ $form->entries['action']['value'] = 'firstsave';
+ $content = $form->outputForm();
+ break;
+ }
+ } else {
+ $heading = _('Create New User');
+ $blacklist = array('mail');
+ $form->entries['action']['value'] = 'firstsave';
+ $form->outputForm();
+ break;
+ }
+ }
+ }
+ break;
+ }
+ case 'create':
+ $heading = _('Create New User');
+ if( !$dn ) {
+ $form->entries['action']['value'] = 'firstsave';
+ } else {
+ $form->entries['action']['value'] = 'save';
+ }
+ $content = $form->outputForm();
+ break;
+ case 'modify':
+ $heading = _('Modify User');
+ fill_form_for_modify( $form, $dn, $ldap_object );
+ $form->entries['action']['value'] = 'save';
+ $content = $form->outputForm();
+ break;
+ case 'delete':
+ $heading = _('Delete User');
+ foreach( $form->entries as $k => $v ) {
+ if( $v['type'] != 'hidden' ) {
+ $form->entries[$k]['attrs'] = 'readonly';
+ }
+ }
+ fill_form_for_modify( $form, $dn, $ldap_object );
+ $form->entries['action']['value'] = 'kill';
+ $form->submittext = _('Delete');
+ $content = $form->outputForm();
+ break;
+ case 'kill':
+ if (!$dn) array_push($errors, _("Error: need DN for delete operation"));
+ elseif ($auth->group() != "maintainer" && $auth->group() != "admin")
+ array_push($errors, _("Error: you need administrative permissions to delete users"));
+
+ // Check for distribution lists with only this user as member
+ $ldap->search( $_SESSION['base_dn'],
+ '(&(objectClass=kolabGroupOfNames)(member='.$ldap->escape($dn).'))',
+ array( 'dn', 'cn', 'mail', 'member' ) );
+ $distlists = $ldap->getEntries();
+ unset($distlists['count']);
+ foreach( $distlists as $distlist ) {
+ $dlmail = $distlist['mail'][0];
+ if( !$dlmail ) $dlmail = $distlist['cn'][0]; # Compatibility with old stuff
+ if( $distlist['member']['count'] == 1 ) {
+ $errors[] = sprintf(_("Account could not be deleted, distribution list '%s' depends on it."), $dlmail);
+ } else {
+ if( ldap_mod_del( $ldap->connection, $distlist['dn'], array('member' => $dn ) ) ) {
+ $messages[] = sprintf(_("Account removed from distribution list '%s'."), $dlmail);
+ } else {
+ $errors[] = sprintf(_("Failure to remove account from distribution list '', account will not be deleted."),
+ $dlmail);
+ break;
+ }
+ }
+ }
+
+ if( !$errors ) {
+ if (!$ldap->deleteObject($dn)) {
+ array_push($errors, sprintf(_("LDAP Error: could not mark '%s' for deletion: %s"), $dn,
+ $ldap->error()));
+ } else {
+ $heading = _("User Deleted");
+ $contenttemplate = 'userdeleted.tpl';
+ }
+ }
+
+ if( $errors ) {
+ $heading = _('Delete User');
+ foreach( $form->entries as $k => $v ) {
+ if( $v['type'] != 'hidden' ) {
+ $form->entries[$k]['attrs'] = 'readonly';
+ }
+ }
+ fill_form_for_modify( $form, $dn, $ldap_object );
+ $form->entries['action']['value'] = 'kill';
+ $form->submittext = _('Delete');
+ $content = $form->outputForm();
+ }
+ break;
+}
+
+
+$smarty = new MySmarty();
+$smarty->assign( 'topdir', $topdir );
+$smarty->assign( 'errors', array_merge($errors,$form->errors) );
+$smarty->assign( 'uid', $auth->uid() );
+$smarty->assign( 'group', $auth->group() );
+$smarty->assign( 'page_title', $menuitems[$sidx]['title'] );
+$smarty->assign( 'menuitems', $menuitems );
+$smarty->assign( 'submenuitems',
+ array_key_exists('submenu',
+ $menuitems[$sidx])?$menuitems[$sidx]['submenu']:array() );
+$smarty->assign( 'heading', $heading );
+$smarty->assign( 'form', $content );
+if( isset( $dn ) ) $smarty->assign( 'dn', $dn );
+if( count($messages)>0) $smarty->assign( 'messages', $messages );
+$smarty->assign( 'maincontent', $contenttemplate );
+$smarty->display('page.tpl');
+
+/*
+ Local variables:
+ mode: php
+ indent-tabs-mode: t
+ tab-width: 4
+ buffer-file-coding-system: utf-8
+ End:
+ */
+?>