2008-02-05 17:11:21 +01:00
< ? php
/*******************************************************************************
* Copyright ( C ) 2007 Easter - eggs
2021-04-13 18:04:19 +02:00
* https :// ldapsaisie . org
2008-02-05 17:11:21 +01:00
*
* Author : See AUTHORS file in top - level directory .
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
******************************************************************************/
2020-04-29 15:54:21 +02:00
/**
2021-08-25 18:02:37 +02:00
* Manage user session
2008-02-05 17:11:21 +01:00
*
2021-08-25 18:02:37 +02:00
* This class manage user session
2008-02-05 17:11:21 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*/
class LSsession {
2021-08-25 18:02:37 +02:00
/*
* Class constants store and restore from PHP session
*/
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* Current LDAP server ID
2023-01-02 01:17:46 +01:00
* @ var int | null
2022-12-31 21:15:19 +01:00
*/
2009-01-24 18:45:14 +01:00
private static $ldapServerId = NULL ;
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* LDAP servers subDns
* @ see self :: getSubDnLdapServer ()
2023-01-02 01:17:46 +01:00
* @ var array < string , array >
2022-12-31 21:15:19 +01:00
*/
2021-08-25 18:02:37 +02:00
private static $_subDnLdapServer = array ();
2022-12-31 21:15:19 +01:00
/**
* The current topDN
* @ var string | null
*/
2009-01-24 18:45:14 +01:00
private static $topDn = NULL ;
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* The LSldapObject type of current connected user
2023-01-02 01:17:46 +01:00
* @ var string | null
2022-12-31 21:15:19 +01:00
*/
2021-08-25 18:02:37 +02:00
private static $LSuserObjectType = NULL ;
2022-12-31 21:15:19 +01:00
/**
* Current connected user DN
2023-01-02 01:17:46 +01:00
* @ var string | null
2022-12-31 21:15:19 +01:00
*/
2009-01-24 18:45:14 +01:00
private static $dn = NULL ;
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* Current connected user RDN value ( his login )
2023-01-02 01:17:46 +01:00
* @ var string | null
2022-12-31 21:15:19 +01:00
*/
2009-01-24 18:45:14 +01:00
private static $rdn = NULL ;
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* User LDAP credentials
*
* array ( 'dn' => [ DN ], 'pwd' => [ password ])
*
* @ see self :: startLSsession ()
* @ see LSauth :: getLDAPcredentials ()
* @ see LSauthMethod :: getLDAPcredentials ()
* @ var array < string , string >| false
*/
2021-08-25 18:02:37 +02:00
private static $userLDAPcreds = false ;
2022-12-31 21:15:19 +01:00
/**
* Current connected user LSprofiles
*
* array (
* '[LSprofile1]' => array (
* 'topDN1' , 'topDN2' , [ ... ]
* ),
* [ ... ]
* )
*
* @ see self :: loadLSprofiles ()
* @ see self :: cacheLSprofiles ()
* @ see $_SESSION [ 'LSsession' ][ 'LSprofiles' ]
* @ var array
*/
2023-01-03 12:51:45 +01:00
private static $LSprofiles = array ();
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* Current connected user LSaccess ( access rights )
*
* array (
* 'topDN1' => array (
* 'SELF' => '[label]' ,
* '[LSobject type1]' => '[label]' ,
* '[LSobject type2]' => '[label]' ,
* [ ... ]
* ),
* )
*
* @ see self :: loadLSaccess ()
* @ see $_SESSION [ 'LSsession' ][ 'LSaccess' ]
* @ var array
*/
2023-01-03 12:51:45 +01:00
private static $LSaccess = array ();
2015-08-21 17:51:52 +02:00
2022-12-31 21:15:19 +01:00
/**
* Current connected user LSaddonsViewsAccess ( access on LSaddons views )
*
* array (
* " [addon]::[view ID] " => array (
* 'LSaddon' => [ addon name ],
* 'id' => [ view ID ],
* 'label' => [ view label ],
* 'showInMenu' => [ bool ],
* ),
* [ ... ]
* )
*
* @ see self :: loadLSaddonsViewsAccess ()
* @ see $_SESSION [ 'LSsession' ][ 'LSaddonsViewsAccess' ]
* @ var array
*/
2023-01-03 12:51:45 +01:00
private static $LSaddonsViewsAccess = array ();
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* Temporary files of the session
*
* array (
* '[filepath]' => '[content hash]' ,
* [ ... ]
* )
*
* @ see self :: addTmpFile ()
* @ see $_SESSION [ 'LSsession' ][ 'tmp_file' ]
* @ var array
*/
2023-01-03 12:51:45 +01:00
private static $tmp_file = array ();
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
/*
2021-08-25 18:02:37 +02:00
* Class constants not store in session
2008-02-05 17:11:21 +01:00
*/
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* Current LDAP server config
* ( LSconfig . ldap_servers .< idx > )
* @ see self :: setLdapServer ()
2023-01-02 01:17:46 +01:00
* @ var array | null
2022-12-31 21:15:19 +01:00
*/
2021-08-25 18:02:37 +02:00
public static $ldapServer = NULL ;
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* The template to display
* @ see self :: setTemplate ()
2023-01-02 01:17:46 +01:00
* @ var string | null
2022-12-31 21:15:19 +01:00
*/
2021-08-25 18:02:37 +02:00
private static $template = NULL ;
2022-12-31 21:15:19 +01:00
/**
* Ajax display telltale
* @ see self :: setAjaxDisplay ()
* @ see self :: getAjaxDisplay ()
* @ var bool
*/
2023-01-03 12:51:45 +01:00
private static $ajaxDisplay = false ;
2020-05-05 12:48:52 +02:00
2022-12-31 21:15:19 +01:00
/**
* The LSldapObject of connected user
* @ see self :: getLSuserObject ()
2023-01-02 01:17:46 +01:00
* @ var LSldapObject | null
2022-12-31 21:15:19 +01:00
*/
2023-01-02 01:17:46 +01:00
private static $LSuserObject = null ;
2020-04-29 15:54:21 +02:00
2022-12-31 21:15:19 +01:00
/**
* Initialized session telltale
* @ see self :: initialize ()
* @ var bool
*/
2023-01-03 12:51:45 +01:00
private static $initialized = false ;
2020-05-02 17:48:34 +02:00
2022-12-31 21:15:19 +01:00
/**
* List of currently loaded LSaddons
* @ see self :: loadLSaddon ()
* @ var array < string >
*/
2023-01-03 12:51:45 +01:00
private static $loadedAddons = array ();
2020-05-14 10:53:41 +02:00
2022-12-31 21:15:19 +01:00
/**
* Currently registered LSaddons views
*
* array (
* '[addon]' => array (
* '[view ID]' => array (
* 'LSaddon' => '[addon name]' ,
* 'label' => '[View label]' ,
* 'function' => '[View function]' ,
* 'allowedLSprofiles' => array (
* '[LSprofile1]' ,
* [ ... ]
* ),
* 'showInMenu' => [ bool ]
* ),
* ),
* ) $LSaddon ][ $viewId ] = array (
*
* @ see self :: registerLSaddonView ()
* @ var array
*/
2021-08-25 18:02:37 +02:00
private static $LSaddonsViews = array ();
2022-12-31 21:15:19 +01:00
/**
* API mode telltale
* @ var bool
*/
2023-01-03 12:51:45 +01:00
private static $api_mode = false ;
2021-02-03 14:40:28 +01:00
2020-05-12 19:23:24 +02:00
/**
* Get session info by key
*
2022-12-31 05:52:31 +01:00
* @ param string $key The info
2020-05-12 19:23:24 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return mixed The info or null
2020-05-12 19:23:24 +02:00
*/
public static function get ( $key ) {
switch ( $key ) {
case 'top_dn' :
return self :: getTopDn ();
case 'root_dn' :
return self :: getRootDn ();
case 'sub_dn_name' :
return self :: getSubDnName ();
case 'sub_dn_label' :
return self :: getSubDnLabel ();
case 'authenticated_user_dn' :
return self :: $dn ;
case 'authenticated_user_type' :
return self :: $LSuserObjectType ;
case 'authenticated_user' :
return self :: getLSuserObject ();
case 'is_connected' :
return self :: isConnected ();
case 'global_search_enabled' :
return self :: globalSearch ();
case 'email_sender' :
return self :: getEmailSender ();
2021-02-03 14:40:28 +01:00
case 'api_mode' :
return boolval ( self :: $api_mode );
2022-12-31 02:01:17 +01:00
case 'ldap_server_id' :
2023-01-09 19:32:06 +01:00
return intval ( self :: $ldapServerId );
case 'LSprofiles' :
return self :: $LSprofiles ;
2020-05-12 19:23:24 +02:00
}
return null ;
}
2009-01-21 18:08:09 +01:00
/**
2020-05-07 11:16:09 +02:00
* Include PHP file
2009-01-21 18:08:09 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $file The path to the file to include :
2020-05-07 11:16:09 +02:00
* - if $external == false : the path must be relative to LS_ROOT_DIR
* - if $external == true : the path could be absolute or relative . If
* relative , it will be treated with PHP include path .
2022-12-31 05:52:31 +01:00
* @ param boolean $external If true , file consided as external ( optional , default : false )
2022-12-31 21:15:19 +01:00
* @ param boolean $warn If true , a warning will be log if file not found ( optional , default : true )
2020-05-07 11:16:09 +02:00
* This warning will be emit using LSlog if it ' s already loaded or error_log ()
* otherwise .
2009-01-21 18:08:09 +01:00
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if file is loaded , false otherwise
2009-01-21 18:08:09 +01:00
*/
2020-05-07 11:16:09 +02:00
public static function includeFile ( $file , $external = false , $warn = true ) {
2020-04-29 15:15:41 +02:00
$path = ( $external ? '' : LS_ROOT_DIR . " / " ) . $file ;
2020-04-29 19:18:23 +02:00
$local_path = ( $external ? '' : LS_ROOT_DIR . " / " ) . LS_LOCAL_DIR . $file ;
2020-04-29 15:15:41 +02:00
$path = ( file_exists ( $local_path ) ? $local_path : $path );
2020-08-17 20:04:21 +02:00
if ( ! isAbsolutePath ( $path )) {
2020-04-29 19:18:23 +02:00
$found = stream_resolve_include_path ( $path );
if ( $found === false ) {
2020-08-17 20:04:21 +02:00
self :: log (
( $warn ? 'WARNING' : 'TRACE' ),
" includeFile( $file , external= $external ) : file $path not found in include path. "
);
2020-05-07 11:16:09 +02:00
return false ;
2020-04-29 19:18:23 +02:00
}
else {
2020-08-17 20:04:21 +02:00
self :: log_trace ( " includeFile( $file , external= $external ): file path found using include path => ' $found ' " );
2020-04-29 19:18:23 +02:00
$path = $found ;
}
}
else if ( ! file_exists ( $path )) {
2020-08-17 20:04:21 +02:00
self :: log (
( $warn ? 'WARNING' : 'TRACE' ),
" includeFile( $file , external= $external ): file not found ( $local_path / $path ) "
);
return false ;
}
if ( ! include_once ( $path )) {
// Always log as warning in this case
self :: log_warning ( " includeFile( $file , external= $external ): include_once( $path ) not returned TRUE " );
2020-05-07 11:16:09 +02:00
return false ;
2009-01-21 18:08:09 +01:00
}
2020-08-17 20:04:21 +02:00
return true ;
2009-01-21 18:08:09 +01:00
}
2008-05-15 12:56:55 +02:00
/**
2009-03-25 13:26:32 +01:00
* Lancement de LSconfig
2008-02-08 18:39:24 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2023-01-02 01:17:46 +01:00
* @ return bool true si tout c ' est bien passé , false sinon
2008-02-08 18:39:24 +01:00
*/
2009-03-25 13:26:32 +01:00
private static function startLSconfig () {
if ( self :: loadLSclass ( 'LSconfig' )) {
if ( LSconfig :: start ()) {
2008-02-08 18:39:24 +01:00
return true ;
}
2009-03-25 13:26:32 +01:00
}
die ( " ERROR : Can't load configuration files. " );
return ;
}
2019-06-28 18:00:37 +02:00
/**
* Lancement de LSlog
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2023-01-02 01:17:46 +01:00
* @ return bool true si tout c ' est bien passé , false sinon
2019-06-28 18:00:37 +02:00
*/
private static function startLSlog () {
if ( self :: loadLSclass ( 'LSlog' )) {
if ( LSlog :: start ()) {
return true ;
}
}
return False ;
}
2020-05-08 15:51:21 +02:00
/*
* Log a message via class logger ( of other method if LSlog is not loaded )
*
2022-12-31 05:52:31 +01:00
* @ param string $key The log level ( see LSlog )
2022-12-31 21:15:19 +01:00
* @ param string $message The message to log
2020-05-08 15:51:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-08 15:51:21 +02:00
**/
protected static function log ( $level , $message ) {
if ( class_exists ( 'LSlog' )) {
LSlog :: get_logger ( get_called_class ()) -> logging ( $level , $message );
return ;
}
// Alternative logging if LSlog is not already started
$formated_message = " LSsession - $level - $message " ;
switch ( $level ) {
case 'FATAL' :
case 'ERROR' :
error_log ( $formated_message );
if ( $level == 'FATAL' )
die ( $formated_message );
break ;
default :
LSdebug ( $formated_message );
}
}
2020-08-07 18:17:02 +02:00
/**
2021-06-10 18:45:00 +02:00
* Log an exception via class logger
*
2022-12-31 21:15:19 +01:00
* @ param Exception $exception The exception to log
2022-12-31 05:52:31 +01:00
* @ param string | null $prefix Custom message prefix ( optional , see self :: log_exception ())
2022-12-31 21:15:19 +01:00
* @ param boolean $fatal Log exception as a fatal error ( optional , default : true )
2021-06-10 18:45:00 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2021-06-10 18:45:00 +02:00
**/
protected static function log_exception ( $exception , $prefix = null , $fatal = true ) {
2020-08-07 18:17:02 +02:00
if ( class_exists ( 'LSlog' )) {
LSlog :: get_logger ( get_called_class ()) -> exception ( $exception , $prefix , $fatal );
return ;
}
// Implement basic exception message formating
$message = ( $prefix ? " $prefix : \n " : " An exception occured : \n " ) .
" ## " . $exception -> getFile () . " : " . $exception -> getLine () . " : " . $exception -> getMessage ();
self :: log (( $fatal ? 'FATAL' : 'ERROR' ), $message );
}
2020-08-07 18:05:50 +02:00
/**
* Log a message with level TRACE
*
2022-12-31 05:52:31 +01:00
* @ param string $message The message to log
2020-08-07 18:05:50 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-08-07 18:05:50 +02:00
**/
protected static function log_trace ( $message ) {
self :: log ( 'TRACE' , $message );
}
2020-05-08 15:51:21 +02:00
/**
* Log a message with level DEBUG
*
2022-12-31 05:52:31 +01:00
* @ param string $message The message to log
2020-05-08 15:51:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-08 15:51:21 +02:00
**/
protected static function log_debug ( $message ) {
self :: log ( 'DEBUG' , $message );
}
/**
* Log a message with level INFO
*
2022-12-31 05:52:31 +01:00
* @ param string $message The message to log
2020-05-08 15:51:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-08 15:51:21 +02:00
**/
protected static function log_info ( $message ) {
self :: log ( 'INFO' , $message );
}
/**
* Log a message with level WARNING
*
2022-12-31 05:52:31 +01:00
* @ param string $message The message to log
2020-05-08 15:51:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-08 15:51:21 +02:00
**/
protected static function log_warning ( $message ) {
self :: log ( 'WARNING' , $message );
}
/**
* Log a message with level ERROR
*
2022-12-31 05:52:31 +01:00
* @ param string $message The message to log
2020-05-08 15:51:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-08 15:51:21 +02:00
**/
protected static function log_error ( $message ) {
self :: log ( 'ERROR' , $message );
}
/**
* Log a message with level FATAL
*
2022-12-31 05:52:31 +01:00
* @ param string $message The message to log
2020-05-08 15:51:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-08 15:51:21 +02:00
**/
protected static function log_fatal ( $message ) {
self :: log ( 'FATAL' , $message );
}
2020-05-02 17:48:34 +02:00
/**
2021-08-25 18:02:37 +02:00
* Start LSurl
2020-05-02 17:48:34 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2023-01-02 01:17:46 +01:00
* @ return bool true on success , false otherwise
2020-05-02 17:48:34 +02:00
*/
private static function startLSurl () {
if ( self :: loadLSclass ( 'LSurl' ) && self :: includeFile ( LS_INCLUDE_DIR . " routes.php " )) {
return true ;
}
return False ;
}
2009-03-25 13:26:32 +01:00
/**
2021-08-25 18:02:37 +02:00
* Start and initialize LStemplate
2009-03-25 13:26:32 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2023-01-02 01:17:46 +01:00
* @ return bool true on success , false otherwise
2020-04-29 15:15:41 +02:00
*/
2009-03-25 13:26:32 +01:00
private static function startLStemplate () {
2013-06-17 23:39:22 +02:00
if ( self :: loadLSclass ( 'LStemplate' ) ) {
2021-04-14 15:46:36 +02:00
if ( ! LStemplate :: start (
2013-06-17 23:39:22 +02:00
array (
2020-04-29 15:15:41 +02:00
'smarty_path' => LSconfig :: get ( 'Smarty' ),
'template_dir' => LS_ROOT_DIR . '/' . LS_TEMPLATES_DIR ,
2020-05-06 12:17:35 +02:00
'image_dir' => LS_ROOT_DIR . '/' . LS_IMAGES_DIR ,
'css_dir' => LS_ROOT_DIR . '/' . LS_CSS_DIR ,
'js_dir' => LS_ROOT_DIR . '/' . LS_JS_DIR ,
'libs_dir' => LS_ROOT_DIR . '/' . LS_LIB_DIR ,
2020-04-29 15:15:41 +02:00
'compile_dir' => LS_TMP_DIR_PATH ,
'debug' => LSdebug ,
2022-12-31 04:09:56 +01:00
'debug_smarty' => isset ( $_REQUEST [ 'LStemplate_debug' ]),
2013-06-17 23:39:22 +02:00
)
2021-04-14 15:46:36 +02:00
))
return False ;
return True ;
2008-02-08 18:39:24 +01:00
}
2013-06-17 23:39:22 +02:00
return False ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:15:41 +02:00
2009-03-25 13:26:32 +01:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve current topDn ( = DN scope browsed )
2009-03-25 13:26:32 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2022-12-31 05:52:31 +01:00
* @ return string The current topDn
2009-03-25 13:26:32 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function getTopDn () {
2009-10-30 01:03:17 +01:00
if ( ! is_null ( self :: $topDn )) {
return self :: $topDn ;
}
else {
return self :: getRootDn ();
}
}
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve current rootDn ( = LDAP server root base DN )
2009-10-30 01:03:17 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2022-12-31 05:52:31 +01:00
* @ return string The current rootDn
2009-10-30 01:03:17 +01:00
*/
public static function getRootDn () {
return self :: $ldapServer [ 'ldap_config' ][ 'basedn' ];
2009-01-24 18:45:14 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Start LSerror
2008-02-08 18:39:24 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
*
2023-01-02 01:17:46 +01:00
* @ return bool True on success , false otherwise
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
private static function startLSerror () {
if ( ! self :: loadLSclass ( 'LSerror' )) {
2023-01-02 01:17:46 +01:00
return false ;
2009-01-02 17:00:25 +01:00
}
2009-01-25 15:37:03 +01:00
self :: defineLSerrors ();
2008-02-08 18:39:24 +01:00
return true ;
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2019-06-20 19:58:16 +02:00
* Load an LdapSaisie class
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ param string $class The class name to load ( Example : LSpeople )
2022-12-31 21:15:19 +01:00
* @ param string | null $type ( Optionnel ) The class type to load ( Example : LSobjects )
2022-12-31 05:52:31 +01:00
* @ param bool $warn ( Optionnel ) Trigger LSsession_05 error if an error occured loading this class ( Default : false )
2008-02-08 18:39:24 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean true on success , otherwise false
2008-02-08 18:39:24 +01:00
*/
2019-06-20 19:58:16 +02:00
public static function loadLSclass ( $class , $type = null , $warn = false ) {
2008-02-08 18:39:24 +01:00
if ( class_exists ( $class ))
return true ;
2019-06-20 19:58:16 +02:00
if ( $type )
$class = " $type . $class " ;
2020-05-07 11:19:36 +02:00
if ( self :: includeFile ( LS_CLASS_DIR . 'class.' . $class . '.php' , false , $warn ))
2019-06-20 19:58:16 +02:00
return true ;
if ( $warn )
LSerror :: addErrorCode ( 'LSsession_05' , $class );
return False ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2020-06-15 10:40:48 +02:00
* Load LSobject type
2008-02-08 18:39:24 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $object Name of the LSobject type
* @ param boolean $warn Set to false to avoid warning in case of loading error ( optional , default : true )
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if LSobject type loaded , false otherwise
2008-02-08 18:39:24 +01:00
*/
2020-06-15 10:40:48 +02:00
public static function loadLSobject ( $object , $warn = true ) {
2009-03-25 13:26:32 +01:00
if ( class_exists ( $object )) {
return true ;
}
2020-09-03 16:00:51 +02:00
$error = false ;
// Load LSldapObject class
if ( ! self :: loadLSclass ( 'LSldapObject' )) {
self :: log_error ( " loadLSobject( $object ): fail to load LSldapObject class " );
$error = true ;
}
2020-09-03 15:40:59 +02:00
// Check LSobject type name
2020-09-03 16:00:51 +02:00
elseif ( ! LSldapObject :: isValidTypeName ( $object )) {
2020-09-03 15:40:59 +02:00
self :: log_error ( " loadLSobject( $object ): invalid LSobject type name " );
2020-09-03 16:00:51 +02:00
$error = true ;
2008-04-25 15:48:12 +02:00
}
2020-09-03 16:00:51 +02:00
// Load config file
elseif ( ! self :: includeFile ( LS_OBJECTS_DIR . 'config.LSobjects.' . $object . '.php' ) || ! isset ( $GLOBALS [ 'LSobjects' ][ $object ])) {
2020-05-08 15:51:21 +02:00
self :: log_error ( " loadLSobject( $object ): Fail to include 'config.LSobjects. $object .php' file " );
2020-09-03 16:00:51 +02:00
$error = true ;
2009-01-02 17:00:25 +01:00
}
2020-09-03 16:00:51 +02:00
// Check config file
elseif ( ! isset ( $GLOBALS [ 'LSobjects' ][ $object ]) || ! is_array ( $GLOBALS [ 'LSobjects' ][ $object ])) {
self :: log_error ( " loadLSobject( $object ): \$ GLOBALS['LSobjects'][ $object ] is not declared after loaded config file (or is not an array). " );
$error = true ;
}
// Set LSobject type configuration
elseif ( ! LSconfig :: set ( " LSobjects. $object " , $GLOBALS [ 'LSobjects' ][ $object ])) {
self :: log_error ( " loadLSobject( $object ): Fail to LSconfig :: set('LSobjects. $object ', \$ GLOBALS['LSobjects'][ $object ]) " );
$error = true ;
}
// Load LSaddons used by this LSobject type (if configured)
else if ( isset ( $GLOBALS [ 'LSobjects' ][ $object ][ 'LSaddons' ])) {
if ( ! is_array ( $GLOBALS [ 'LSobjects' ][ $object ][ 'LSaddons' ]))
$GLOBALS [ 'LSobjects' ][ $object ][ 'LSaddons' ] = array ( $GLOBALS [ 'LSobjects' ][ $object ][ 'LSaddons' ]);
foreach ( $GLOBALS [ 'LSobjects' ][ $object ][ 'LSaddons' ] as $addon ) {
if ( ! self :: loadLSaddon ( $addon )) {
self :: log_error ( " loadLSobject( $object ): Fail to load LSaddon ' $addon ' " );
$error = true ;
2020-04-29 15:54:21 +02:00
}
2010-03-05 17:44:07 +01:00
}
2009-03-25 13:26:32 +01:00
}
2020-09-03 16:00:51 +02:00
// Load or declare corresponding PHP class (if no previous error occured)
if ( ! $error && ! self :: loadLSclass ( $object , 'LSobjects' )) {
self :: log_debug ( " loadLSobject( $object ): Fail to load $object class. Implement simple one. " );
eval ( " class $object extends LSldapObject { }; " );
2008-04-25 15:48:12 +02:00
}
2020-09-03 16:00:51 +02:00
// Warn on error (is enabled)
if ( $error && $warn )
LSerror :: addErrorCode ( 'LSsession_04' , $object );
return ! $error ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2020-05-14 10:53:41 +02:00
* Load a LSaddon ( if not already loaded )
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ param string $addon The addon name ( ex : samba )
2008-02-08 18:39:24 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if addon loaded , false otherwise
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function loadLSaddon ( $addon ) {
2020-05-14 10:53:41 +02:00
if ( in_array ( $addon , self :: $loadedAddons ))
return true ;
2009-01-24 18:45:14 +01:00
if ( self :: includeFile ( LS_ADDONS_DIR . 'LSaddons.' . $addon . '.php' )) {
2020-05-07 11:34:30 +02:00
// Load LSaddon config file (without warning if not found)
$conf_file = LS_CONF_DIR . " LSaddons/config.LSaddons. " . $addon . " .php " ;
if ( self :: includeFile ( $conf_file , false , false ))
2020-05-08 15:51:21 +02:00
self :: log_debug ( " loadLSaddon( $addon ): config file ' $conf_file ' loaded. " );
2020-05-07 11:34:30 +02:00
else
2020-05-08 15:51:21 +02:00
self :: log_debug ( " loadLSaddon( $addon ): config file ' $conf_file ' not found. " );
2008-09-25 17:15:33 +02:00
if ( ! call_user_func ( 'LSaddon_' . $addon . '_support' )) {
2009-01-24 18:45:14 +01:00
LSerror :: addErrorCode ( 'LSsession_02' , $addon );
2023-01-02 01:17:46 +01:00
return false ;
2008-09-25 17:15:33 +02:00
}
2020-05-14 10:53:41 +02:00
self :: $loadedAddons [] = $addon ;
2008-09-25 17:15:33 +02:00
return true ;
}
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2021-06-10 17:56:34 +02:00
/**
* Load an LdapSaisie resource file
*
2022-12-31 21:15:19 +01:00
* @ param string $path The resource file path / name to load , relative to LS_RESOURCE_DIR
2021-06-10 17:56:34 +02:00
* ( Example : supann / populations . php )
2022-12-31 05:52:31 +01:00
* @ param bool $warn ( Optionnel ) Trigger LSsession_22 error if an error occured loading this
2021-06-10 17:56:34 +02:00
* resource file ( Default : true )
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
*
2022-12-31 05:52:31 +01:00
* @ return boolean true on success , otherwise false
2021-06-10 17:56:34 +02:00
*/
public static function loadResourceFile ( $path , $warn = true ) {
if ( self :: includeFile ( LS_RESOURCE_DIR . $path , false , $warn ))
return true ;
if ( $warn )
LSerror :: addErrorCode ( 'LSsession_22' , $path );
return False ;
}
2010-03-10 17:07:18 +01:00
/**
2021-08-25 18:02:37 +02:00
* Load LSauth
2010-03-10 17:07:18 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2023-01-02 01:17:46 +01:00
* @ return bool True on success , false otherwise
2010-03-10 17:07:18 +01:00
*/
2010-11-24 19:12:21 +01:00
public static function loadLSauth () {
2010-03-10 17:07:18 +01:00
if ( self :: loadLSclass ( 'LSauth' )) {
2010-11-24 19:12:21 +01:00
return true ;
2010-03-10 17:07:18 +01:00
}
else {
LSerror :: addErrorCode ( 'LSsession_05' , 'LSauth' );
}
2023-01-02 01:17:46 +01:00
return false ;
2010-03-10 17:07:18 +01:00
}
2020-04-29 15:15:41 +02:00
/**
* Load LdapSaisie CLI class
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
*
2022-12-31 05:52:31 +01:00
* @ return boolean true if loaded , false otherwise .
2020-04-29 15:15:41 +02:00
*/
public static function loadLScli () {
if ( self :: loadLSclass ( 'LScli' )) {
return true ;
}
else {
LSerror :: addErrorCode ( 'LSsession_05' , 'LScli' );
}
2023-01-02 01:17:46 +01:00
return false ;
2020-04-29 15:15:41 +02:00
}
2008-05-15 12:56:55 +02:00
/**
2020-11-17 17:56:04 +01:00
* Load globally required LSaddons
2008-02-08 18:39:24 +01:00
*
2020-11-17 17:56:04 +01:00
* Load LSaddons list in $GLOBALS [ 'LSaddons' ][ 'loads' ]
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on success , False otherwise
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function loadLSaddons () {
2020-11-17 17:56:04 +01:00
$conf = LSconfig :: get ( 'LSaddons.loads' );
2009-03-25 13:26:32 +01:00
if ( ! is_array ( $conf )) {
2009-01-24 18:45:14 +01:00
LSerror :: addErrorCode ( 'LSsession_01' , " LSaddons['loads'] " );
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2020-11-17 17:56:04 +01:00
$error = false ;
2009-03-25 13:26:32 +01:00
foreach ( $conf as $addon ) {
2020-11-17 17:56:04 +01:00
if ( ! self :: loadLSaddon ( $addon ))
$false = true ;
2008-02-08 18:39:24 +01:00
}
2020-11-17 17:56:04 +01:00
return ! $error ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2009-03-25 18:46:48 +01:00
/**
2020-05-06 16:06:05 +02:00
* Load and start LSlang , the I18N manager
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string | null $lang The lang ( optional , default : see LSlang :: setLocale ())
* @ param string | null $encoding The encoding ( optional , default : see LSlang :: setLocale ())
2020-04-29 15:54:21 +02:00
*
2020-05-06 16:06:05 +02:00
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean true if LSlang started , false otherwise
2020-05-06 16:06:05 +02:00
*/
private static function startLSlang ( $lang = null , $encoding = null ) {
if ( ! self :: loadLSclass ( 'LSlang' )) {
2023-01-02 01:17:46 +01:00
return false ;
2009-03-19 18:42:51 +01:00
}
2020-05-06 16:06:05 +02:00
LSlang :: setLocale ( $lang , $encoding );
return true ;
2009-03-19 18:42:51 +01:00
}
/**
2020-05-06 16:06:05 +02:00
* Initialize LdapSaisie
2009-01-24 18:45:14 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string | null $lang The lang ( optional , default : see LSlang :: setLocale ())
* @ param string | null $encoding The encoding ( optional , default : see LSlang :: setLocale ())
2015-08-21 12:58:50 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if initialized , false otherwise
2009-01-24 18:45:14 +01:00
*/
2020-05-06 16:06:05 +02:00
public static function initialize ( $lang = null , $encoding = null ) {
2020-05-02 17:48:34 +02:00
if ( self :: $initialized )
return true ;
2015-07-25 18:24:03 +02:00
try {
if ( ! self :: startLSconfig ()) {
2023-01-02 01:17:46 +01:00
return false ;
2015-07-25 18:24:03 +02:00
}
self :: startLSerror ();
2019-06-28 18:00:37 +02:00
self :: startLSlog ();
2020-04-29 17:15:27 +02:00
self :: loadLScli ();
2015-07-25 18:24:03 +02:00
self :: startLStemplate ();
2020-05-02 17:48:34 +02:00
self :: startLSurl ();
2015-07-25 18:24:03 +02:00
2020-04-29 15:15:41 +02:00
if ( php_sapi_name () != " cli " )
session_start ();
2015-07-25 18:24:03 +02:00
2020-05-06 16:06:05 +02:00
self :: startLSlang ( $lang , $encoding );
2015-07-25 18:24:03 +02:00
self :: loadLSaddons ();
self :: loadLSauth ();
}
catch ( Exception $e ) {
die ( 'LSsession : fail to initialize session. Error : ' . $e -> getMessage ());
2009-03-19 18:42:51 +01:00
}
2020-05-02 17:48:34 +02:00
self :: $initialized = true ;
2009-01-24 18:45:14 +01:00
return true ;
}
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Start and initialize LdapSaisie session
*
* LSsession initialization :
* - initiale LdapSaisie main components ( LSerror , LSlog , LScli , LStemplate , ... )
* - restore connected user info from session or trigger authentication ( or password recovery )
* - restore other session info from session ( cache / tmp files )
* - start LDAP connection
* - handle logout ( if $_GET [ 'LSsession_logout' ] is present )
* - load connected user profiles and access ( if connected )
* - enable / disable global search
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on intiatialization success and if user is authenticed , false otherwise .
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function startLSsession () {
if ( ! self :: initialize ()) {
2023-01-02 01:17:46 +01:00
return false ;
2009-01-24 18:45:14 +01:00
}
2020-04-29 15:54:21 +02:00
2020-05-12 19:23:24 +02:00
if ( isset ( $_SESSION [ 'LSsession' ][ 'LSuserObjectType' ]) && isset ( $_SESSION [ 'LSsession' ][ 'dn' ]) && ! isset ( $_GET [ 'LSsession_recoverPassword' ])) {
2020-05-08 15:51:21 +02:00
self :: log_debug ( 'existing session' );
2010-11-24 19:12:21 +01:00
// --------------------- Session existante --------------------- //
2020-05-12 19:23:24 +02:00
self :: $topDn = $_SESSION [ 'LSsession' ][ 'topDn' ];
self :: $dn = $_SESSION [ 'LSsession' ][ 'dn' ];
self :: $LSuserObjectType = $_SESSION [ 'LSsession' ][ 'LSuserObjectType' ];
self :: $rdn = $_SESSION [ 'LSsession' ][ 'rdn' ];
self :: $ldapServerId = $_SESSION [ 'LSsession' ][ 'ldapServerId' ];
self :: $tmp_file = $_SESSION [ 'LSsession' ][ 'tmp_file' ];
self :: $userLDAPcreds = $_SESSION [ 'LSsession' ][ 'userLDAPcreds' ];
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
if ( self :: cacheLSprofiles () && ! isset ( $_REQUEST [ 'LSsession_refresh' ]) ) {
self :: setLdapServer ( self :: $ldapServerId );
2010-11-24 19:12:21 +01:00
if ( ! LSauth :: start ()) {
2020-05-08 15:51:21 +02:00
self :: log_error ( " startLSsession(): can't start LSauth -> stop " );
2023-01-02 01:17:46 +01:00
return false ;
2010-11-24 19:12:21 +01:00
}
2009-01-24 18:45:14 +01:00
self :: $LSprofiles = $_SESSION [ 'LSsession' ][ 'LSprofiles' ];
self :: $LSaccess = $_SESSION [ 'LSsession' ][ 'LSaccess' ];
2015-08-21 17:51:52 +02:00
self :: $LSaddonsViewsAccess = $_SESSION [ 'LSsession' ][ 'LSaddonsViewsAccess' ];
2009-01-24 18:45:14 +01:00
if ( ! self :: LSldapConnect ())
2023-01-02 01:17:46 +01:00
return false ;
2009-01-24 18:45:14 +01:00
}
else {
self :: setLdapServer ( self :: $ldapServerId );
2010-11-24 19:12:21 +01:00
if ( ! LSauth :: start ()) {
2020-05-08 15:51:21 +02:00
self :: log_error ( " startLSsession(): can't start LSauth -> stop " );
2023-01-02 01:17:46 +01:00
return false ;
2010-11-24 19:12:21 +01:00
}
2009-01-24 18:45:14 +01:00
if ( ! self :: LSldapConnect ())
2023-01-02 01:17:46 +01:00
return false ;
2009-01-24 18:45:14 +01:00
self :: loadLSprofiles ();
2008-06-05 15:21:18 +02:00
}
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
if ( self :: cacheSudDn () && ( ! isset ( $_REQUEST [ 'LSsession_refresh' ])) ) {
2010-11-08 17:00:33 +01:00
self :: $_subDnLdapServer = (( isset ( $_SESSION [ 'LSsession_subDnLdapServer' ])) ? $_SESSION [ 'LSsession_subDnLdapServer' ] : NULL );
2009-01-24 18:45:14 +01:00
}
2020-04-29 15:54:21 +02:00
2020-05-12 19:23:24 +02:00
if ( ! self :: loadLSobject ( self :: $LSuserObjectType )) {
2023-01-02 01:17:46 +01:00
return false ;
2009-01-24 18:45:14 +01:00
}
2019-05-21 12:06:24 +02:00
LStemplate :: assign ( 'globalSearch' , self :: globalSearch ());
2020-04-29 15:54:21 +02:00
2010-03-10 19:36:23 +01:00
if ( isset ( $_GET [ 'LSsession_logout' ])) {
2019-03-27 18:02:04 +01:00
// Trigger LSauth logout
2010-11-24 19:12:21 +01:00
LSauth :: logout ();
2019-03-27 18:02:04 +01:00
// Delete temporaries files
2010-03-10 19:36:23 +01:00
if ( is_array ( $_SESSION [ 'LSsession' ][ 'tmp_file' ])) {
self :: $tmp_file = $_SESSION [ 'LSsession' ][ 'tmp_file' ];
}
self :: deleteTmpFile ();
2019-03-27 18:02:04 +01:00
// Destroy local session
2010-03-10 19:36:23 +01:00
unset ( $_SESSION [ 'LSsession' ]);
2019-03-27 18:02:04 +01:00
session_destroy ();
// Trigger LSauth after logout
LSauth :: afterLogout ();
// Redirect user on home page
2020-05-07 09:56:28 +02:00
LSurl :: redirect ();
2023-01-02 01:17:46 +01:00
return false ;
2010-03-10 19:36:23 +01:00
}
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
if ( ! self :: cacheLSprofiles () || isset ( $_REQUEST [ 'LSsession_refresh' ]) ) {
2015-08-21 17:49:04 +02:00
self :: loadLSprofiles ();
2009-01-24 18:45:14 +01:00
self :: loadLSaccess ();
2015-08-21 17:51:52 +02:00
self :: loadLSaddonsViewsAccess ();
2023-04-20 17:45:41 +02:00
self :: saveContextInfos ();
2009-01-24 18:45:14 +01:00
}
2020-04-29 15:54:21 +02:00
2013-06-17 23:39:22 +02:00
LStemplate :: assign ( 'LSsession_username' , self :: getLSuserObject () -> getDisplayName ());
2020-04-29 15:54:21 +02:00
2020-08-06 16:43:35 +02:00
if ( isset ( $_POST [ 'LSsession_topDn' ]) && $_POST [ 'LSsession_topDn' ])
self :: setSubDn ( $_POST [ 'LSsession_topDn' ]);
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
return true ;
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
}
else {
2010-11-24 19:12:21 +01:00
// --------------------- Session inexistante --------------------- //
2010-03-10 19:07:58 +01:00
if ( isset ( $_GET [ 'LSsession_recoverPassword' ])) {
session_destroy ();
}
2009-01-24 18:45:14 +01:00
// Session inexistante
2009-10-31 02:33:01 +01:00
if ( isset ( $_POST [ 'LSsession_ldapserver' ])) {
self :: setLdapServer ( $_POST [ 'LSsession_ldapserver' ]);
}
else {
self :: setLdapServer ( 0 );
}
2020-04-29 15:54:21 +02:00
2009-10-31 02:33:01 +01:00
// Connexion au serveur LDAP
if ( self :: LSldapConnect ()) {
// topDn
2010-11-16 19:26:49 +01:00
if ( isset ( $_POST [ 'LSsession_topDn' ]) && $_POST [ 'LSsession_topDn' ] != '' ){
2020-08-06 17:01:51 +02:00
self :: setSubDn ( $_POST [ 'LSsession_topDn' ]);
2008-02-08 18:39:24 +01:00
}
else {
2020-08-06 17:01:51 +02:00
self :: setSubDn ( self :: $ldapServer [ 'ldap_config' ][ 'basedn' ]);
2008-06-21 18:16:15 +02:00
}
2020-04-29 15:54:21 +02:00
2010-11-24 19:12:21 +01:00
if ( ! LSauth :: start ()) {
2020-05-08 15:51:21 +02:00
self :: log_error ( " startLSsession(): can't start LSauth -> stop " );
2023-01-02 01:17:46 +01:00
return false ;
2010-11-24 19:12:21 +01:00
}
2020-04-29 15:54:21 +02:00
2009-10-31 02:33:01 +01:00
if ( isset ( $_GET [ 'LSsession_recoverPassword' ])) {
2020-05-07 11:36:25 +02:00
$recoveryPasswordInfos = self :: recoverPasswd (
( isset ( $_REQUEST [ 'LSsession_user' ]) ? $_REQUEST [ 'LSsession_user' ] : '' ),
( isset ( $_GET [ 'recoveryHash' ]) ? $_GET [ 'recoveryHash' ] : '' )
);
2009-10-31 02:33:01 +01:00
}
else {
2010-11-24 19:12:21 +01:00
$LSuserObject = LSauth :: forceAuthentication ();
if ( $LSuserObject ) {
// Authentication successful
self :: $LSuserObject = $LSuserObject ;
2020-05-12 19:23:24 +02:00
self :: $LSuserObjectType = $LSuserObject -> getType ();
2010-11-24 19:12:21 +01:00
self :: $dn = $LSuserObject -> getValue ( 'dn' );
self :: $rdn = $LSuserObject -> getValue ( 'rdn' );
2021-08-26 20:16:22 +02:00
if (
isset ( self :: $ldapServer [ 'useUserCredentials' ]) &&
self :: $ldapServer [ 'useUserCredentials' ]
) {
if (
isset ( self :: $ldapServer [ 'useAuthzProxyControl' ]) &&
self :: $ldapServer [ 'useAuthzProxyControl' ]
) {
if ( ! LSldap :: setAuthzProxyControl ( self :: $dn )) {
2023-01-02 01:17:46 +01:00
return false ;
2021-08-26 20:16:22 +02:00
}
2014-11-18 13:16:38 +01:00
}
2021-08-26 20:16:22 +02:00
else {
self :: $userLDAPcreds = LSauth :: getLDAPcredentials ( $LSuserObject );
if ( ! is_array ( self :: $userLDAPcreds )) {
LSerror :: addErrorCode ( 'LSsession_14' );
self :: $userLDAPcreds = false ;
2023-01-02 01:17:46 +01:00
return false ;
2021-08-26 20:16:22 +02:00
}
if ( ! LSldap :: reconnectAs (
self :: $userLDAPcreds [ 'dn' ],
self :: $userLDAPcreds [ 'pwd' ],
self :: $ldapServer [ 'ldap_config' ]
)) {
LSerror :: addErrorCode ( 'LSsession_15' );
2023-01-02 01:17:46 +01:00
return false ;
2021-08-26 20:16:22 +02:00
}
2014-11-18 13:16:38 +01:00
}
}
2010-11-24 19:12:21 +01:00
self :: loadLSprofiles ();
self :: loadLSaccess ();
2015-08-21 17:51:52 +02:00
self :: loadLSaddonsViewsAccess ();
2013-06-17 23:39:22 +02:00
LStemplate :: assign ( 'LSsession_username' , self :: getLSuserObject () -> getDisplayName ());
2019-05-21 12:06:24 +02:00
LStemplate :: assign ( 'globalSearch' , self :: globalSearch ());
2023-04-20 17:45:41 +02:00
self :: saveContextInfos ();
2010-11-24 19:12:21 +01:00
return true ;
2008-02-08 18:39:24 +01:00
}
2008-06-05 15:21:18 +02:00
}
2009-01-24 18:45:14 +01:00
}
2009-10-31 02:33:01 +01:00
else {
LSerror :: addErrorCode ( 'LSsession_09' );
}
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
if ( self :: $ldapServerId ) {
2013-06-17 23:39:22 +02:00
LStemplate :: assign ( 'ldapServerId' , self :: $ldapServerId );
2009-01-24 18:45:14 +01:00
}
2022-12-31 04:09:56 +01:00
if ( isset ( $recoveryPasswordInfos )) {
2009-01-24 18:45:14 +01:00
self :: displayRecoverPasswordForm ( $recoveryPasswordInfos );
}
2010-11-24 19:12:21 +01:00
elseif ( LSauth :: displayLoginForm ()) {
2009-01-24 18:45:14 +01:00
self :: displayLoginForm ();
}
2009-10-31 02:33:01 +01:00
else {
2020-05-07 12:16:12 +02:00
self :: setTemplate ( 'base.tpl' );
2009-10-31 02:33:01 +01:00
LSerror :: addErrorCode ( 'LSsession_10' );
}
2023-01-02 01:17:46 +01:00
return false ;
2009-01-24 18:45:14 +01:00
}
}
2020-04-29 15:15:41 +02:00
/**
* Initialize a CLI session for LdapSaisie
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if intialized , false otherwise .
2020-04-29 15:15:41 +02:00
*/
public static function startCliLSsession () {
2023-01-02 01:17:46 +01:00
if ( php_sapi_name () != " cli " ) return false ;
if ( ! self :: initialize ()) return false ;
if ( ! self :: loadLScli ()) return false ;
2020-04-29 15:15:41 +02:00
return True ;
}
2009-10-30 01:03:17 +01:00
/**
* Do recover password
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $username The submited username
* @ param string $recoveryHash The submited recoveryHash
2020-04-29 15:54:21 +02:00
*
2023-01-02 01:17:46 +01:00
* @ return array | false The recoveryPassword infos for template , or false in case of error
2009-10-30 01:03:17 +01:00
**/
2020-05-12 19:23:24 +02:00
private static function recoverPasswd ( $username , $recoveryHash ) {
// Check feature is enabled and LSmail available
if ( ! isset ( self :: $ldapServer [ 'recoverPassword' ]) || ! self :: loadLSaddon ( 'mail' )) {
LSerror :: addErrorCode ( 'LSsession_18' );
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
// Start LSauth
if ( ! LSauth :: start ()) {
self :: log_error ( " recoverPasswd(): can't start LSauth -> stop " );
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
// Search user by recoveryHash or username
if ( ! empty ( $recoveryHash )) {
$users = array ();
$filter = Net_LDAP2_Filter :: create (
self :: $ldapServer [ 'recoverPassword' ][ 'recoveryHashAttr' ],
'equals' ,
$recoveryHash
);
foreach ( LSauth :: getAuthObjectTypes () as $objType => $objParams ) {
if ( ! self :: loadLSobject ( $objType ))
return false ;
$authobject = new $objType ();
$users = array_merge (
$users ,
2020-08-07 17:40:40 +02:00
$authobject -> listObjects ( $filter , self :: getTopDn (), array ( 'onlyAccessible' => false ))
2009-10-30 01:03:17 +01:00
);
2010-03-10 19:07:58 +01:00
}
2020-05-12 19:23:24 +02:00
}
elseif ( ! empty ( $username )) {
$users = LSauth :: username2LSobjects ( $username );
2020-08-06 17:01:51 +02:00
if ( ! is_array ( $users ))
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
else {
self :: log_debug ( 'recoverPasswd(): no username or recoveryHash provided.' );
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
// Check user found (and not duplicated)
$nbresult = count ( $users );
if ( $nbresult == 0 ) {
self :: log_debug ( 'recoverPasswd(): incorrect hash/username' );
LSerror :: addErrorCode ( 'LSsession_06' );
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
elseif ( $nbresult > 1 ) {
self :: log_debug ( " recoverPasswd(): duplicated user found with hash=' $recoveryHash ' / username=' $username ' " );
LSerror :: addErrorCode ( 'LSsession_07' );
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
2020-04-29 15:54:21 +02:00
2020-05-12 19:23:24 +02:00
$user = array_pop ( $users );
$rdn = $user -> getValue ( 'rdn' );
$username = $rdn [ 0 ];
self :: log_debug ( " recoverPasswd(): user found, username = ' $username ' " );
2020-04-29 15:54:21 +02:00
2020-05-12 19:23:24 +02:00
self :: log_debug ( " recoverPasswd(): start recovering password " );
$emailAddress = $user -> getValue ( self :: $ldapServer [ 'recoverPassword' ][ 'mailAttr' ]);
$emailAddress = $emailAddress [ 0 ];
if ( ! checkEmail ( $emailAddress )) {
LSerror :: addErrorCode ( 'LSsession_19' );
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
self :: log_debug ( " recoverPasswd(): Email = ' $emailAddress ' " );
self :: $dn = $user -> getDn ();
//
$recoveryPasswordInfos = array ();
// First step : send recoveryHash
if ( empty ( $recoveryHash )) {
$hash = self :: recoverPasswdFirstStep ( $user );
if ( $hash ) {
if ( self :: recoverPasswdSendMail ( $emailAddress , 1 , $hash )) {
// Recovery hash sent
$recoveryPasswordInfos [ 'recoveryHashMail' ] = $emailAddress ;
2009-10-30 01:03:17 +01:00
}
2020-05-12 19:23:24 +02:00
}
}
// Second step : generate and send new password
else {
$pwd = self :: recoverPasswdSecondStep ( $user );
if ( $pwd ) {
if ( self :: recoverPasswdSendMail ( $emailAddress , 2 , $pwd )) {
// New password sent
$recoveryPasswordInfos [ 'newPasswordMail' ] = $emailAddress ;
2009-10-30 01:03:17 +01:00
}
}
}
return $recoveryPasswordInfos ;
}
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
/**
* Send recover password mail
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $mail The user ' s mail
* @ param boolean $step The step
* @ param string $info The info for formatted message
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on success or False
2009-10-30 01:03:17 +01:00
**/
private static function recoverPasswdSendMail ( $mail , $step , $info ) {
// Header des mails
$sendParams = array ();
if ( self :: $ldapServer [ 'recoverPassword' ][ 'recoveryEmailSender' ]) {
$sendParams [ 'From' ] = self :: $ldapServer [ 'recoverPassword' ][ 'recoveryEmailSender' ];
}
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
if ( $step == 1 ) {
$subject = self :: $ldapServer [ 'recoverPassword' ][ 'recoveryHashMail' ][ 'subject' ];
$msg = getFData (
self :: $ldapServer [ 'recoverPassword' ][ 'recoveryHashMail' ][ 'msg' ],
2020-05-07 11:36:25 +02:00
LSurl :: get_public_absolute_url ( 'index' ) . " ?LSsession_recoverPassword&recoveryHash= $info "
2009-10-30 01:03:17 +01:00
);
}
else {
$subject = self :: $ldapServer [ 'recoverPassword' ][ 'newPasswordMail' ][ 'subject' ];
$msg = getFData (
self :: $ldapServer [ 'recoverPassword' ][ 'newPasswordMail' ][ 'msg' ],
$info
);
}
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
if ( ! sendMail ( $mail , $subject , $msg , $sendParams )) {
2020-05-08 15:51:21 +02:00
self :: log_debug ( " recoverPasswdSendMail( $mail , $step ): error sending email. " );
2009-10-30 01:03:17 +01:00
LSerror :: addErrorCode ( 'LSsession_20' , 4 );
2023-01-02 01:17:46 +01:00
return false ;
2009-10-30 01:03:17 +01:00
}
return true ;
}
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
/**
* Do first step of recovering password
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ param LSldapObject $user The LSldapObject of the user
2020-04-29 15:54:21 +02:00
*
2023-01-02 01:17:46 +01:00
* @ return string | false The recory hash on success or False
2009-10-30 01:03:17 +01:00
**/
private static function recoverPasswdFirstStep ( $user ) {
// Generer un hash
$rdn = $user -> getValue ( 'rdn' );
$rdn = $rdn [ 0 ];
$recovery_hash = md5 ( $rdn . strval ( time ()) . strval ( rand ()));
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
$lostPasswdForm = $user -> getForm ( 'lostPassword' );
$lostPasswdForm -> setPostData (
array (
self :: $ldapServer [ 'recoverPassword' ][ 'recoveryHashAttr' ] => $recovery_hash
)
, true
);
2020-04-29 15:54:21 +02:00
2009-10-30 01:03:17 +01:00
if ( $lostPasswdForm -> validate ()) {
if ( $user -> updateData ( 'lostPassword' )) {
// recoveryHash de l'utilisateur mis à jour
return $recovery_hash ;
}
else {
// Erreur durant la mise à jour de l'objet
2020-05-08 15:51:21 +02:00
self :: log_error ( " recoverPasswdFirstStep( $user ): error updating user. " );
2009-10-30 01:03:17 +01:00
LSerror :: addErrorCode ( 'LSsession_20' , 6 );
}
}
else {
// Erreur durant la validation du formulaire de modification de perte de password
2020-05-08 15:51:21 +02:00
self :: log_error ( " recoverPasswdFirstStep( $user ): error validating form. " );
2009-10-30 01:03:17 +01:00
LSerror :: addErrorCode ( 'LSsession_20' , 5 );
}
2023-01-02 01:17:46 +01:00
return false ;
2009-10-30 01:03:17 +01:00
}
/**
* Do second step of recovering password
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ param LSldapObject $user The LSldapObject of the user
2020-04-29 15:54:21 +02:00
*
2023-01-02 01:17:46 +01:00
* @ return string | false The new password on success or False
2009-10-30 01:03:17 +01:00
**/
private static function recoverPasswdSecondStep ( $user ) {
2020-05-12 19:23:24 +02:00
$pwd_attr_name = LSauth :: getUserPasswordAttribute ( $user );
if ( array_key_exists ( $pwd_attr_name , $user -> attrs )) {
$pwd_attr = $user -> attrs [ $pwd_attr_name ];
$pwd = generatePassword (
$pwd_attr -> getConfig ( 'html_options.chars' ),
2020-05-12 20:20:11 +02:00
$pwd_attr -> getConfig ( 'html_options.lenght' )
2009-10-30 01:03:17 +01:00
);
2020-05-12 19:23:24 +02:00
self :: log_debug ( " recoverPasswdSecondStep( $user ): new password = ' $pwd '. " );
2009-10-30 01:03:17 +01:00
$lostPasswdForm = $user -> getForm ( 'lostPassword' );
$lostPasswdForm -> setPostData (
array (
self :: $ldapServer [ 'recoverPassword' ][ 'recoveryHashAttr' ] => array ( '' ),
2020-05-12 19:23:24 +02:00
$pwd_attr_name => array ( $pwd )
2009-10-30 01:03:17 +01:00
)
, true
);
if ( $lostPasswdForm -> validate ()) {
if ( $user -> updateData ( 'lostPassword' )) {
2020-05-12 19:23:24 +02:00
return $pwd ;
2009-10-30 01:03:17 +01:00
}
else {
// Erreur durant la mise à jour de l'objet
2020-05-08 15:51:21 +02:00
self :: log_error ( " recoverPasswdSecondStep( $user ): error updating user. " );
2009-10-30 01:03:17 +01:00
LSerror :: addErrorCode ( 'LSsession_20' , 3 );
}
}
else {
// Erreur durant la validation du formulaire de modification de perte de password
2020-05-08 15:51:21 +02:00
self :: log_error ( " recoverPasswdSecondStep( $user ): error validating form. " );
2009-10-30 01:03:17 +01:00
LSerror :: addErrorCode ( 'LSsession_20' , 2 );
}
}
else {
// l'attribut password n'existe pas
2020-05-12 19:23:24 +02:00
self :: log_error ( " recoverPasswdSecondStep( $user ): password attribute ' $pwd_attr_name ' does not exists. " );
2009-10-30 01:03:17 +01:00
LSerror :: addErrorCode ( 'LSsession_20' , 1 );
}
2023-01-02 01:17:46 +01:00
return false ;
2009-10-30 01:03:17 +01:00
}
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve context information ( to store in PHP session )
2009-01-24 18:45:14 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return array Associative array of context information
2009-01-24 18:45:14 +01:00
*/
private static function getContextInfos () {
return array (
'tmp_file' => self :: $tmp_file ,
'topDn' => self :: $topDn ,
'dn' => self :: $dn ,
'rdn' => self :: $rdn ,
2020-05-12 19:23:24 +02:00
'LSuserObjectType' => self :: $LSuserObjectType ,
2014-11-18 13:16:38 +01:00
'userLDAPcreds' => self :: $userLDAPcreds ,
2009-01-24 18:45:14 +01:00
'ldapServerId' => self :: $ldapServerId ,
'ldapServer' => self :: $ldapServer ,
'LSprofiles' => self :: $LSprofiles ,
2015-08-21 17:51:52 +02:00
'LSaccess' => self :: $LSaccess ,
'LSaddonsViewsAccess' => self :: $LSaddonsViewsAccess
2009-01-24 18:45:14 +01:00
);
}
2020-04-29 15:54:21 +02:00
2023-04-20 17:45:41 +02:00
/**
* Save context information in PHP session
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
*
* @ return void
*/
private static function saveContextInfos () {
$_SESSION [ 'LSsession' ] = (
isset ( $_SESSION [ 'LSsession' ]) && is_array ( $_SESSION [ 'LSsession' ]) ?
array_merge ( $_SESSION [ 'LSsession' ], self :: getContextInfos ()) :
self :: getContextInfos ()
);
}
2009-01-24 18:45:14 +01:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve connected user LSobject ( as reference )
2009-01-24 18:45:14 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return LSldapObject | false Current connected user LSldapObject , or False in case of error
2009-01-24 18:45:14 +01:00
*/
2020-05-12 19:23:24 +02:00
public static function & getLSuserObject ( $dn = null ) {
2009-01-24 18:45:14 +01:00
if ( $dn ) {
self :: $dn = $dn ;
}
if ( ! self :: $LSuserObject ) {
2020-05-12 19:23:24 +02:00
if ( self :: $LSuserObjectType && self :: loadLSobject ( self :: $LSuserObjectType )) {
self :: $LSuserObject = new self :: $LSuserObjectType ();
if ( ! self :: $LSuserObject -> loadData ( self :: $dn )) {
self :: $LSuserObject = null ;
2021-08-25 18:02:37 +02:00
self :: log_error (
" getLSuserObject( $dn ): Fail to retrieve current connected user " .
" information from LDAP "
);
2023-01-02 01:17:46 +01:00
return false ;
2020-05-12 19:23:24 +02:00
}
2009-01-24 18:45:14 +01:00
}
else {
2021-08-25 18:02:37 +02:00
self :: log_error (
" getLSuserObject( $dn ): Current connected user object type not " .
" defined or can not be loaded ( " . self :: $LSuserObjectType . " ) "
);
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2009-01-24 18:45:14 +01:00
}
return self :: $LSuserObject ;
}
2020-04-29 15:54:21 +02:00
2020-05-07 12:16:12 +02:00
/**
* Check if user is connected
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user connected , false instead
2020-05-07 12:16:12 +02:00
*/
public static function isConnected () {
2020-05-12 19:23:24 +02:00
if ( self :: getLSuserObject ())
2020-05-07 12:16:12 +02:00
return true ;
return false ;
}
2009-01-24 18:45:14 +01:00
/**
* Retourne le DN de l ' utilisateur connecté
*
* @ author Benjamin Renard < brenard @ easter - eggs . com
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string Le DN de l ' utilisateur connecté
2009-01-24 18:45:14 +01:00
*/
public static function getLSuserObjectDn () {
return self :: $dn ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-07-29 15:45:02 +02:00
/**
2020-05-12 19:23:24 +02:00
* Live change of the connected user
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param LSldapObject $object The new connected user object
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on success , false otherwise
2008-07-29 15:45:02 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function changeAuthUser ( $object ) {
2020-11-30 16:13:36 +01:00
if ( ! ( $object instanceof LSldapObject )) {
2021-08-25 18:02:37 +02:00
self :: log_error (
" changeAuthUser(): An LSldapObject must be provided, not " . get_class ( $object )
);
2023-01-02 01:17:46 +01:00
return false ;
2020-11-30 16:13:36 +01:00
}
if ( ! array_key_exists ( $object -> getType (), LSauth :: getAuthObjectTypes ())) {
self :: log_error (
" changeAuthUser(): Invalid object provided, must be one of following types (not a " .
$object -> getType () . ') : ' . implode ( ', ' , array_keys ( LSauth :: getAuthObjectTypes ()))
);
2023-01-02 01:17:46 +01:00
return false ;
2020-11-30 16:13:36 +01:00
}
2021-08-25 18:02:37 +02:00
self :: log_info (
" Change authenticated user info (' " . self :: $dn . " ' -> ' " . $object -> getDn () . " ') "
);
2020-05-12 19:23:24 +02:00
self :: $dn = $object -> getDn ();
$rdn = $object -> getValue ( 'rdn' );
if ( is_array ( $rdn )) {
$rdn = $rdn [ 0 ];
}
self :: $rdn = $rdn ;
self :: $LSuserObject = $object ;
self :: $LSuserObjectType = $object -> getType ();
if ( self :: loadLSprofiles ()) {
self :: loadLSaccess ();
self :: loadLSaddonsViewsAccess ();
2023-04-20 17:45:41 +02:00
self :: saveContextInfos ();
2020-11-30 16:13:36 +01:00
self :: log_debug ( " changeAuthUser(): authenticated user successfully updated. " );
2020-05-12 19:23:24 +02:00
return true ;
2008-07-29 15:45:02 +02:00
}
2020-11-30 16:13:36 +01:00
self :: log_error ( " Fail to reload LSprofiles after updating auth user info. " );
2023-01-02 01:17:46 +01:00
return false ;
2008-07-29 15:45:02 +02:00
}
2008-05-15 12:56:55 +02:00
/**
2020-08-06 16:43:35 +02:00
* Set the LDAP server of the session
2008-02-08 18:39:24 +01:00
*
2020-08-06 16:43:35 +02:00
* Set the LDAP server of the session from its ID in configuration array
* LSconfig :: get ( 'ldap_servers' ) .
2008-02-08 18:39:24 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param int $id Index of LDAP server
* @ param string | null $subDn SubDN of LDAP server ( optional )
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if set , false otherwise
2008-02-08 18:39:24 +01:00
*/
2020-08-06 16:43:35 +02:00
public static function setLdapServer ( $id , $subDn = null ) {
2009-03-25 13:26:32 +01:00
$conf = LSconfig :: get ( " ldap_servers. $id " );
if ( is_array ( $conf ) ) {
2009-01-24 18:45:14 +01:00
self :: $ldapServerId = $id ;
2009-03-25 13:26:32 +01:00
self :: $ldapServer = $conf ;
2020-05-06 16:06:05 +02:00
LSlang :: setLocale ();
2014-12-12 22:11:32 +01:00
self :: setGlobals ();
2020-08-06 16:43:35 +02:00
if ( $subDn )
return self :: setSubDn ( $subDn );
2008-02-08 18:39:24 +01:00
return true ;
}
2020-08-06 16:43:35 +02:00
return false ;
}
/**
* Set the subDn of the session
*
2022-12-31 21:15:19 +01:00
* @ param string $subDn SubDN of LDAP server
2020-08-06 16:43:35 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if set , false otherwise
2020-08-06 16:43:35 +02:00
*/
public static function setSubDn ( $subDn ) {
if ( self :: validSubDnLdapServer ( $subDn )) {
self :: $topDn = $subDn ;
$_SESSION [ 'LSsession' ][ 'topDn' ] = $subDn ;
return true ;
2008-02-08 18:39:24 +01:00
}
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2008-02-08 18:39:24 +01:00
* Connexion au serveur Ldap
*
2022-12-31 05:52:31 +01:00
* @ return boolean True sinon false .
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function LSldapConnect () {
2020-06-15 10:40:48 +02:00
if ( ! self :: $ldapServer && ! self :: setLdapServer ( 0 )) {
2023-01-02 01:17:46 +01:00
return false ;
2020-06-15 10:40:48 +02:00
}
2023-01-02 01:17:46 +01:00
if ( ! self :: $ldapServer ) {
LSerror :: addErrorCode ( 'LSsession_03' );
return false ;
}
self :: includeFile ( LSconfig :: get ( 'NetLDAP2' ), true );
if ( ! self :: loadLSclass ( 'LSldap' )) {
return false ;
}
if (
self :: $dn && isset ( self :: $ldapServer [ 'useUserCredentials' ]) &&
self :: $ldapServer [ 'useUserCredentials' ]
) {
2021-08-25 18:02:37 +02:00
if (
2023-01-02 01:17:46 +01:00
isset ( self :: $ldapServer [ 'useAuthzProxyControl' ]) &&
self :: $ldapServer [ 'useAuthzProxyControl' ]
2021-08-25 18:02:37 +02:00
) {
2023-01-02 01:17:46 +01:00
// Firstly connect using main config and after, set authz proxy control
2021-08-26 20:16:22 +02:00
if (
2023-01-02 01:17:46 +01:00
! LSldap :: connect ( self :: $ldapServer [ 'ldap_config' ]) ||
! LSldap :: setAuthzProxyControl ( self :: $dn )
2021-08-26 20:16:22 +02:00
) {
2023-01-02 01:17:46 +01:00
LSerror :: addErrorCode ( 'LSsession_15' );
return false ;
2021-08-26 20:16:22 +02:00
}
2014-11-18 13:16:38 +01:00
}
else {
2023-01-02 01:17:46 +01:00
LSldap :: reconnectAs (
self :: $userLDAPcreds [ 'dn' ],
self :: $userLDAPcreds [ 'pwd' ],
self :: $ldapServer [ 'ldap_config' ]
);
2008-12-05 15:38:42 +01:00
}
2008-02-08 18:39:24 +01:00
}
else {
2023-01-02 01:17:46 +01:00
LSldap :: connect ( self :: $ldapServer [ 'ldap_config' ]);
2008-02-08 18:39:24 +01:00
}
2023-01-02 01:17:46 +01:00
return LSldap :: isConnected ();
2008-02-08 18:39:24 +01:00
}
2009-10-26 00:34:06 +01:00
/**
* Use this function to know if subDn is enabled for the curent LdapServer
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean
2009-10-26 00:34:06 +01:00
**/
public static function subDnIsEnabled () {
if ( ! isset ( self :: $ldapServer [ 'subDn' ])) {
2023-01-02 01:17:46 +01:00
return false ;
2009-10-26 00:34:06 +01:00
}
if ( ! is_array ( self :: $ldapServer [ 'subDn' ]) ) {
2023-01-02 01:17:46 +01:00
return false ;
2009-10-26 00:34:06 +01:00
}
return true ;
}
2008-05-15 12:56:55 +02:00
/**
2008-02-26 18:40:05 +01:00
* Retourne les sous - dns du serveur Ldap courant
*
2022-12-31 05:52:31 +01:00
* @ return mixed Tableau des subDn , false si une erreur est survenue .
2008-02-26 18:40:05 +01:00
*/
2010-11-16 11:50:18 +01:00
public static function getSubDnLdapServer ( $login = false ) {
$login = ( bool ) $login ;
2021-08-25 18:02:37 +02:00
if (
self :: cacheSudDn () &&
isset ( self :: $_subDnLdapServer [ self :: $ldapServerId ][ $login ])
) {
2010-11-26 14:46:48 +01:00
return self :: $_subDnLdapServer [ self :: $ldapServerId ][ $login ];
2008-06-18 14:27:35 +02:00
}
2009-10-26 00:34:06 +01:00
if ( ! self :: subDnIsEnabled ()) {
2009-01-02 17:00:25 +01:00
return ;
}
$return = array ();
2009-01-24 18:45:14 +01:00
foreach ( self :: $ldapServer [ 'subDn' ] as $subDn_name => $subDn_config ) {
2021-08-25 18:02:37 +02:00
if ( $login && isset ( $subDn_config [ 'nologin' ]) && $subDn_config [ 'nologin' ])
continue ;
2009-01-02 17:00:25 +01:00
if ( $subDn_name == 'LSobject' ) {
if ( is_array ( $subDn_config )) {
foreach ( $subDn_config as $LSobject_name => $LSoject_config ) {
2021-08-25 18:02:37 +02:00
if (
isset ( $LSoject_config [ 'basedn' ]) &&
! empty ( $LSoject_config [ 'basedn' ])
) {
2009-01-03 23:00:32 +01:00
$basedn = $LSoject_config [ 'basedn' ];
2009-01-02 17:00:25 +01:00
}
else {
2009-10-30 01:03:17 +01:00
$basedn = self :: getRootDn ();
2009-01-03 23:00:32 +01:00
}
2021-08-25 18:02:37 +02:00
if (
isset ( $LSoject_config [ 'displayName' ]) &&
! empty ( $LSoject_config [ 'displayName' ])
) {
$displayNameFormat = $LSoject_config [ 'displayName' ];
2009-01-03 23:00:32 +01:00
}
else {
2021-08-25 18:02:37 +02:00
$displayNameFormat = NULL ;
2009-01-02 17:00:25 +01:00
}
2017-03-23 16:26:28 +01:00
$sparams = array ();
2021-08-25 18:02:37 +02:00
$sparams [ 'onlyAccessible' ] = (
isset ( $LSoject_config [ 'onlyAccessible' ]) ?
$LSoject_config [ 'onlyAccessible' ] :
False
);
2009-01-24 18:45:14 +01:00
if ( self :: loadLSobject ( $LSobject_name ) ) {
2009-01-02 17:00:25 +01:00
if ( $subdnobject = new $LSobject_name ()) {
2021-08-25 18:02:37 +02:00
$tbl_return = $subdnobject -> getSelectArray (
NULL , // pattern
$basedn , $displayNameFormat ,
false , // approx
false , // cache
NULL , // filter
$sparams
);
2009-01-02 17:00:25 +01:00
if ( is_array ( $tbl_return )) {
2021-08-25 18:02:37 +02:00
$return = array_merge ( $return , $tbl_return );
2008-04-25 15:48:12 +02:00
}
else {
2021-08-25 18:02:37 +02:00
LSerror :: addErrorCode ( 'LSsession_17' , 3 );
2008-04-25 15:48:12 +02:00
}
}
else {
2021-08-25 18:02:37 +02:00
LSerror :: addErrorCode ( 'LSsession_17' , 2 );
2008-04-25 15:48:12 +02:00
}
}
}
2008-02-05 17:11:21 +01:00
}
else {
2009-01-24 18:45:14 +01:00
LSerror :: addErrorCode ( 'LSsession_17' , 1 );
2008-02-08 18:39:24 +01:00
}
}
2021-08-25 18:02:37 +02:00
elseif (
isCompatibleDNs (
$subDn_config [ 'dn' ],
self :: $ldapServer [ 'ldap_config' ][ 'basedn' ]
) && $subDn_config [ 'dn' ] != " "
) {
$return [ $subDn_config [ 'dn' ]] = __ ( $subDn_name );
2008-06-18 14:27:35 +02:00
}
2008-02-08 18:39:24 +01:00
}
2009-01-24 18:45:14 +01:00
if ( self :: cacheSudDn ()) {
2021-08-25 18:02:37 +02:00
self :: $_subDnLdapServer [ self :: $ldapServerId ][ $login ] = $return ;
2009-01-24 18:45:14 +01:00
$_SESSION [ 'LSsession_subDnLdapServer' ] = self :: $_subDnLdapServer ;
2008-02-08 18:39:24 +01:00
}
2009-01-02 17:00:25 +01:00
return $return ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2008-06-18 14:27:35 +02:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve currently used LDAP server subDn list sorted by depth
* in the LDAP tree ( descending order )
2020-04-29 15:54:21 +02:00
*
2021-08-25 18:02:37 +02:00
* @ return array Sorted array of LDAP server subDns
2020-04-29 15:54:21 +02:00
*/
2010-11-16 11:50:18 +01:00
public static function getSortSubDnLdapServer ( $login = false ) {
$subDnLdapServer = self :: getSubDnLdapServer ( $login );
2008-06-20 17:52:15 +02:00
if ( ! $subDnLdapServer ) {
return array ();
}
2021-08-25 18:02:37 +02:00
uksort ( $subDnLdapServer , " compareDn " );
2008-06-18 14:27:35 +02:00
return $subDnLdapServer ;
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve HTML options of current LDAP server topDNs
2008-02-08 18:39:24 +01:00
*
2023-01-02 01:17:46 +01:00
* @ return string | false HTML options of current LDAP server topDNs , or false in case of error
2008-02-08 18:39:24 +01:00
*/
2021-08-25 18:02:37 +02:00
public static function getSubDnLdapServerOptions ( $selected = NULL , $login = false ) {
2010-11-16 11:50:18 +01:00
$list = self :: getSubDnLdapServer ( $login );
2021-08-25 18:02:37 +02:00
if ( ! $list )
2023-01-02 01:17:46 +01:00
return false ;
2021-08-25 18:02:37 +02:00
asort ( $list );
$options = array ();
foreach ( $list as $dn => $txt ) {
$options [] = (
" <option value= \" $dn\ " " .(
$selected && $selected == $dn ?
" selected " :
" "
) . " > $txt </option> "
);
2008-02-08 18:39:24 +01:00
}
2021-08-25 18:02:37 +02:00
return implode ( '' , $options );
2008-04-25 15:48:12 +02:00
}
2009-01-24 18:45:14 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check a subDn is valid
2009-01-24 18:45:14 +01:00
*
2022-12-31 05:52:31 +01:00
* @ param string $subDn The subDn to check
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if subDn is valid , False otherwise
2009-01-24 18:45:14 +01:00
*/
public static function validSubDnLdapServer ( $subDn ) {
$listTopDn = self :: getSubDnLdapServer ();
2008-04-25 15:48:12 +02:00
if ( is_array ( $listTopDn )) {
foreach ( $listTopDn as $dn => $txt ) {
if ( $subDn == $dn ) {
return true ;
} // end if
} // end foreach
} // end if
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check a user password from an LSobject and a password
2008-02-08 18:39:24 +01:00
*
2021-08-25 18:02:37 +02:00
* Try to bind on LDAP server using the provided LSobject DN and password .
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ param LSldapObject $object The user LSobject
* @ param string $pwd The password to check
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on authentication success , false otherwise .
2008-02-08 18:39:24 +01:00
*/
2021-08-25 18:02:37 +02:00
public static function checkUserPwd ( $object , $pwd ) {
return LSldap :: checkBind ( $object -> getValue ( 'dn' ), $pwd );
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Display login form
2008-02-08 18:39:24 +01:00
*
2021-08-25 18:02:37 +02:00
* Define template information allowing to display login form .
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function displayLoginForm () {
2020-05-07 11:36:25 +02:00
LStemplate :: assign ( 'pagetitle' , _ ( 'Connection' ));
$ldapservers = array ();
foreach ( LSconfig :: get ( 'ldap_servers' ) as $id => $infos )
$ldapservers [ $id ] = __ ( $infos [ 'name' ]);
LStemplate :: assign ( 'ldapservers' , $ldapservers );
LStemplate :: assign ( 'ldapServerId' , ( self :: $ldapServerId ? self :: $ldapServerId : 0 ));
2009-01-24 18:45:14 +01:00
self :: setTemplate ( 'login.tpl' );
2020-05-28 16:56:36 +02:00
LStemplate :: addJSscript ( 'LSsession_login.js' );
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Display password recovery form
2008-06-05 15:21:18 +02:00
*
2021-08-25 18:02:37 +02:00
* Define template information allowing to display password recovery form .
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param array $recoveryPasswordInfos Password recovery process state information
2008-06-05 15:21:18 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-06-05 15:21:18 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function displayRecoverPasswordForm ( $recoveryPasswordInfos ) {
2020-05-07 11:36:25 +02:00
LStemplate :: assign ( 'pagetitle' , _ ( 'Recovery of your credentials' ));
2008-06-05 15:21:18 +02:00
2020-05-07 11:36:25 +02:00
$ldapservers = array ();
foreach ( LSconfig :: get ( 'ldap_servers' ) as $id => $infos )
$ldapservers [ $id ] = __ ( $infos [ 'name' ]);
LStemplate :: assign ( 'ldapservers' , $ldapservers );
LStemplate :: assign ( 'ldapServerId' , ( self :: $ldapServerId ? self :: $ldapServerId : 0 ));
2020-04-29 15:54:21 +02:00
2019-03-08 11:26:54 +01:00
$recoverpassword_step = 'start' ;
2009-02-12 13:38:56 +01:00
$recoverpassword_msg = _ ( 'Please fill the identifier field to proceed recovery procedure' );
2020-04-29 15:54:21 +02:00
2008-06-05 15:21:18 +02:00
if ( isset ( $recoveryPasswordInfos [ 'recoveryHashMail' ])) {
2019-03-08 11:26:54 +01:00
$recoverpassword_step = 'token_sent' ;
2008-06-19 16:20:59 +02:00
$recoverpassword_msg = getFData (
2009-02-12 13:38:56 +01:00
_ ( " An email has been sent to % { mail}. " .
" Please follow the instructions on it. " ),
2008-06-19 16:20:59 +02:00
$recoveryPasswordInfos [ 'recoveryHashMail' ]
2008-06-05 15:21:18 +02:00
);
}
2020-04-29 15:54:21 +02:00
2008-06-05 15:21:18 +02:00
if ( isset ( $recoveryPasswordInfos [ 'newPasswordMail' ])) {
2019-03-08 11:26:54 +01:00
$recoverpassword_step = 'new_password_sent' ;
2008-06-19 16:20:59 +02:00
$recoverpassword_msg = getFData (
2020-04-29 15:38:41 +02:00
_ ( " Your new password has been sent to % { mail}. " ),
2008-06-19 16:20:59 +02:00
$recoveryPasswordInfos [ 'newPasswordMail' ]
2008-06-05 15:21:18 +02:00
);
}
2020-04-29 15:54:21 +02:00
2020-05-07 11:36:25 +02:00
LStemplate :: assign ( 'recoverpassword_step' , $recoverpassword_step );
LStemplate :: assign ( 'recoverpassword_msg' , $recoverpassword_msg );
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
self :: setTemplate ( 'recoverpassword.tpl' );
2020-05-28 16:56:36 +02:00
LStemplate :: addJSscript ( 'LSsession_recoverPassword.js' );
2008-06-05 15:21:18 +02:00
}
/**
2021-08-25 18:02:37 +02:00
* Set the template file that will display
2008-02-08 18:39:24 +01:00
*
2021-08-25 18:02:37 +02:00
* Note : template files are normally store in templates directory .
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ param string $template The name of the template file
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function setTemplate ( $template ) {
self :: $template = $template ;
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2020-05-05 12:48:52 +02:00
/**
* Add a JS script to load on page
*
2022-12-31 21:15:19 +01:00
* @ param string $file The JS filename
* @ param string | null $path The sub - directory path that contain this file .
2020-05-28 16:56:36 +02:00
* @ deprecated
* @ see LStemplate :: addJSscript ()
2020-05-05 12:48:52 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-05 12:48:52 +02:00
*/
public static function addJSscript ( $file , $path = NULL ) {
if ( $path )
$file = $path . $file ;
2020-05-28 16:56:36 +02:00
LStemplate :: addJSscript ( $file );
LSerror :: addErrorCode (
'LSsession_27' ,
array (
2020-06-04 19:05:23 +02:00
'old' => 'LSsession :: addJSscript()' ,
2020-05-28 16:56:36 +02:00
'new' => 'LStemplate :: addJSscript()' ,
'context' => LSlog :: get_debug_backtrace_context (),
)
);
2020-05-05 12:48:52 +02:00
}
/**
* Add a library JS file to load on page
*
2022-12-31 21:15:19 +01:00
* @ param string $file The JS filename
2020-05-28 16:56:36 +02:00
* @ deprecated
* @ see LStemplate :: addLibJSscript ()
2020-05-05 12:48:52 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-05 12:48:52 +02:00
*/
public static function addLibJSscript ( $file ) {
2020-05-28 16:56:36 +02:00
LStemplate :: addLibJSscript ( $file );
LSerror :: addErrorCode (
'LSsession_27' ,
array (
2020-06-04 19:05:23 +02:00
'old' => 'LSsession :: addLibJSscript()' ,
2020-05-28 16:56:36 +02:00
'new' => 'LStemplate :: addLibJSscript()' ,
'context' => LSlog :: get_debug_backtrace_context (),
)
);
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-07-18 16:02:46 +02:00
/**
2021-08-25 18:02:37 +02:00
* Add Javascript configuration parameter
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $name The name of the JS config paramenter
* @ param string $val The value of the JS config paramenter
2020-05-28 16:56:36 +02:00
* @ deprecated
* @ see LStemplate :: addJSconfigParam ()
2008-07-18 16:02:46 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-07-18 16:02:46 +02:00
*/
2020-05-28 16:56:36 +02:00
public static function addJSconfigParam ( $name , $val ) {
LStemplate :: addJSconfigParam ( $name , $val );
LSerror :: addErrorCode (
'LSsession_27' ,
array (
2020-06-04 19:05:23 +02:00
'old' => 'LSsession :: addJSconfigParam()' ,
2020-05-28 16:56:36 +02:00
'new' => 'LStemplate :: addJSconfigParam()' ,
'context' => LSlog :: get_debug_backtrace_context (),
),
false
);
2008-07-18 16:02:46 +02:00
}
2008-05-15 12:56:55 +02:00
/**
2020-05-05 12:48:52 +02:00
* Add a CSS file to load on page
2008-02-08 18:39:24 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $file The CSS filename
* @ param string | null $path The sub - directory path that contain this file .
2020-05-28 16:56:36 +02:00
* @ deprecated
* @ see LStemplate :: addCssFile ()
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-08 18:39:24 +01:00
*/
2020-05-05 12:48:52 +02:00
public static function addCssFile ( $file , $path = NULL ) {
if ( $path )
2013-06-19 03:06:29 +02:00
$file = $path . $file ;
2020-05-28 16:56:36 +02:00
LStemplate :: addCssFile ( $file );
LSerror :: addErrorCode (
'LSsession_27' ,
array (
2020-06-04 19:05:23 +02:00
'old' => 'LSsession :: addCssFile()' ,
2020-05-28 16:56:36 +02:00
'new' => 'LStemplate :: addCssFile()' ,
'context' => LSlog :: get_debug_backtrace_context (),
)
);
2020-05-05 12:48:52 +02:00
}
/**
* Add a library CSS file to load on page
*
2022-12-31 21:15:19 +01:00
* @ param string $file The CSS filename
2020-05-28 16:56:36 +02:00
* @ deprecated
* @ see LStemplate :: addLibCssFile ()
2020-05-05 12:48:52 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-05-05 12:48:52 +02:00
*/
public static function addLibCssFile ( $file ) {
2020-05-28 16:56:36 +02:00
LStemplate :: addLibCssFile ( $file );
LSerror :: addErrorCode (
'LSsession_27' ,
array (
2020-06-04 19:05:23 +02:00
'old' => 'LSsession :: addLibCssFile()' ,
2020-05-28 16:56:36 +02:00
'new' => 'LStemplate :: addLibCssFile()' ,
'context' => LSlog :: get_debug_backtrace_context (),
)
);
2008-02-08 18:39:24 +01:00
}
2008-02-05 17:11:21 +01:00
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Show the template
2008-02-08 18:39:24 +01:00
*
2021-08-25 18:02:37 +02:00
* Load dependencies of show the previously selected template file
2008-02-08 18:39:24 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-08 18:39:24 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function displayTemplate () {
2022-12-31 21:15:19 +01:00
if ( self :: $api_mode ) {
self :: displayAjaxReturn ();
return ;
}
2009-03-25 13:26:32 +01:00
$KAconf = LSconfig :: get ( 'keepLSsessionActive' );
2020-04-29 15:54:21 +02:00
if (
2021-08-25 18:02:37 +02:00
(
( ! isset ( self :: $ldapServer [ 'keepLSsessionActive' ]))
&&
( ! ( $KAconf === false ))
) || self :: $ldapServer [ 'keepLSsessionActive' ]
) {
LStemplate :: addJSconfigParam (
'keepLSsessionActive' , ini_get ( 'session.gc_maxlifetime' )
);
2020-05-28 16:56:36 +02:00
}
2020-04-29 15:54:21 +02:00
// Access
2019-06-05 12:40:56 +02:00
LStemplate :: assign ( 'LSaccess' , self :: getLSaccess ());
2020-05-28 16:56:36 +02:00
LStemplate :: assign ( 'LSaddonsViewsAccess' , self :: $LSaddonsViewsAccess );
2020-04-29 15:54:21 +02:00
2008-04-25 15:48:12 +02:00
// Niveau
2009-01-24 18:45:14 +01:00
$listTopDn = self :: getSubDnLdapServer ();
2008-04-25 15:48:12 +02:00
if ( is_array ( $listTopDn )) {
2008-07-19 21:14:57 +02:00
asort ( $listTopDn );
2021-08-25 18:02:37 +02:00
LStemplate :: assign ( 'LSsession_subDn_level' , self :: getSubDnLabel ());
LStemplate :: assign ( 'LSsession_subDn_refresh' , _ ( 'Refresh' ));
2008-04-25 15:48:12 +02:00
$LSsession_topDn_index = array ();
$LSsession_topDn_name = array ();
foreach ( $listTopDn as $index => $name ) {
2021-08-25 18:02:37 +02:00
$LSsession_topDn_index [] = $index ;
$LSsession_topDn_name [] = $name ;
2008-04-25 15:48:12 +02:00
}
2021-08-25 18:02:37 +02:00
LStemplate :: assign ( 'LSsession_subDn_indexes' , $LSsession_topDn_index );
LStemplate :: assign ( 'LSsession_subDn_names' , $LSsession_topDn_name );
LStemplate :: assign ( 'LSsession_subDn' , self :: $topDn );
LStemplate :: assign ( 'LSsession_subDnName' , self :: getSubDnName ());
2008-04-25 15:48:12 +02:00
}
2020-04-29 15:54:21 +02:00
2020-05-06 16:06:05 +02:00
LStemplate :: assign ( 'LSlanguages' , LSlang :: getLangList ());
LStemplate :: assign ( 'LSlang' , LSlang :: getLang ());
LStemplate :: assign ( 'LSencoding' , LSlang :: getEncoding ());
2020-04-29 15:54:21 +02:00
2021-08-25 18:02:37 +02:00
LStemplate :: assign ( 'displayLogoutBtn' , LSauth :: displayLogoutBtn ());
LStemplate :: assign ( 'displaySelfAccess' , LSauth :: displaySelfAccess ());
2008-09-09 17:48:07 +02:00
// Infos
2021-08-25 16:50:29 +02:00
LStemplate :: assign (
'LSinfos' ,
base64_encode (
json_encode (
isset ( $_SESSION [ 'LSsession_infos' ]) && is_array ( $_SESSION [ 'LSsession_infos' ]) ?
$_SESSION [ 'LSsession_infos' ] :
array ()
)
)
);
$_SESSION [ 'LSsession_infos' ] = array ();
// Errors
LSerror :: display ();
// LSdebug
LSdebug_print ();
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
if ( ! self :: $template )
2020-05-07 12:16:12 +02:00
self :: setTemplate ( 'base_connected.tpl' );
2020-04-29 15:54:21 +02:00
2013-06-17 23:39:22 +02:00
LStemplate :: display ( self :: $template );
2009-01-24 18:45:14 +01:00
}
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
/**
2021-02-03 14:40:28 +01:00
* Set Ajax display mode
*
2022-12-31 21:15:19 +01:00
* @ param boolean $val True to enable Ajax display mode ( optional , default : true )
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2009-01-24 18:45:14 +01:00
*/
public static function setAjaxDisplay ( $val = true ) {
self :: $ajaxDisplay = ( boolean ) $val ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2021-02-03 14:40:28 +01:00
/**
* Check if Ajax display mode is enabled
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if Ajax display mode is enabled , False otherwise
2021-02-03 14:40:28 +01:00
*/
public static function getAjaxDisplay () {
return ( boolean ) self :: $ajaxDisplay ;
}
2008-11-10 00:14:51 +01:00
/**
2021-08-25 18:02:37 +02:00
* Show Ajax return
2008-11-10 00:14:51 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-11-10 00:14:51 +01:00
*/
2021-02-03 14:40:28 +01:00
public static function displayAjaxReturn ( $data = array (), $pretty = false ) {
2021-02-04 10:22:10 +01:00
// Adjust content-type
header ( 'Content-Type: application/json' );
2021-03-11 17:29:20 +01:00
// Adjust HTTP error code on unsuccessfull request
if ( isset ( $data [ 'success' ]) && ! $data [ 'success' ] && http_response_code () == 200 )
http_response_code ( 400 );
2021-08-25 16:50:29 +02:00
// If redirection set, just redirect user and not handling messages/errors to
2021-02-04 10:22:10 +01:00
// keep it in session and show it on next page
2021-08-25 16:50:29 +02:00
if ( ! isset ( $data [ 'LSredirect' ]) || LSdebugDefined ()) {
if ( ! self :: $api_mode && class_exists ( 'LStemplate' ))
$data [ 'LSjsConfig' ] = LStemplate :: getJSconfigParam ();
// Infos
if (
! empty ( $_SESSION [ 'LSsession_infos' ]) &&
is_array ( $_SESSION [ 'LSsession_infos' ])
) {
2021-02-03 14:40:28 +01:00
$data [ 'messages' ] = $_SESSION [ 'LSsession_infos' ];
2021-08-25 16:50:29 +02:00
$_SESSION [ 'LSsession_infos' ] = array ();
2021-02-03 14:40:28 +01:00
}
2021-08-25 16:50:29 +02:00
if ( LSerror :: errorsDefined ()) {
2022-12-31 04:09:56 +01:00
$data [ 'errors' ] = LSerror :: getErrors ();
2008-11-10 00:14:51 +01:00
}
2020-04-29 15:54:21 +02:00
2021-08-25 16:50:29 +02:00
if ( ! self :: $api_mode && LSdebugDefined ()) {
$data [ 'LSdebug' ] = LSdebug_print ( true );
}
2008-11-10 00:14:51 +01:00
}
2021-02-03 14:40:28 +01:00
if ( ! self :: $api_mode && isset ( $_REQUEST [ 'imgload' ])) {
2008-11-10 00:14:51 +01:00
$data [ 'imgload' ] = $_REQUEST [ 'imgload' ];
}
2021-08-25 16:50:29 +02:00
echo json_encode (
$data ,
(
$pretty || isset ( $_REQUEST [ 'pretty' ]) ?
JSON_PRETTY_PRINT :
0
)
);
2021-02-03 14:40:28 +01:00
}
/**
* Set API mode
*
2022-12-31 21:15:19 +01:00
* @ param boolean $val True to enable API mode ( optional , default : true )
2021-02-03 14:40:28 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2021-02-03 14:40:28 +01:00
*/
public static function setApiMode ( $val = true ) {
self :: $api_mode = ( boolean ) $val ;
2021-11-16 13:59:17 +01:00
self :: setAjaxDisplay ( self :: $api_mode );
2008-11-10 00:14:51 +01:00
}
2020-04-29 15:54:21 +02:00
2008-10-15 19:40:04 +02:00
/**
2021-08-25 18:02:37 +02:00
* Fetch builded template
2008-10-15 19:40:04 +02:00
*
2022-12-31 05:52:31 +01:00
* @ param string $template The template file to build
2022-12-31 21:15:19 +01:00
* @ param array $variables Template variables to set before building
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string The template builded HTML code
2008-10-15 19:40:04 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function fetchTemplate ( $template , $variables = array ()) {
2008-10-15 19:40:04 +02:00
foreach ( $variables as $name => $val ) {
2013-06-17 23:39:22 +02:00
LStemplate :: assign ( $name , $val );
2008-10-15 19:40:04 +02:00
}
2013-06-17 23:39:22 +02:00
return LStemplate :: fetch ( $template );
2008-10-15 19:40:04 +02:00
}
2020-04-29 15:54:21 +02:00
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
/**
*
2021-08-25 18:02:37 +02:00
* Takes an array of LSobject and reduce it using a search filter on
* another type of LSobject .
*
* If an error is present in the filter definition array , an empty
* array is returned .
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $LSobject The default LSobject type
2023-01-02 01:17:46 +01:00
* @ param array < LSldapObject > $set Array of LSobjects
2022-12-31 21:15:19 +01:00
* @ param array $filter_def Definition of the search filter for reduction
* @ param string | null $basedn Base DN for search , null by default
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return array The reduced array of LSobjects
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
*/
private static function reduceLdapSet ( $LSobject , $set , $filter_def , $basedn = null ) {
if ( empty ( $set )) {
return array ();
}
if ( ! isset ( $filter_def [ 'filter' ]) &&
( ! isset ( $filter_def [ 'attr' ]) ||
! isset ( $filter_def [ 'attr_value' ]))) {
2020-05-08 15:51:21 +02:00
self :: log_debug ( " reduceLdapSet(): LSobject LSprofil filter invalid : " . varDump ( $filter_def ));
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
return array ();
}
2020-05-08 15:51:21 +02:00
self :: log_debug ( 'reduceLdapSet(): reducing set of' );
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
foreach ( $set as $object ) {
LSdebug ( 'LSsession :: -> ' . $object -> getDn ());
}
$LSobject = isset ( $filter_def [ 'LSObject' ]) ? $filter_def [ 'LSobject' ] : $LSobject ;
2020-05-08 15:51:21 +02:00
self :: log_debug ( 'reduceLdapSet(): LSobject = ' . $LSobject );
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
$filters = array ();
foreach ( $set as $object ) {
if ( isset ( $filter_def [ 'filter' ])) {
$filters [] = $object -> getFData ( $filter_def [ 'filter' ]);
}
else {
$value = $object -> getFData ( $filter_def [ 'attr_value' ]);
$filters [] = Net_LDAP2_Filter :: create ( $filter_def [ 'attr' ], 'equals' , $value );
}
}
$filter = LSldap :: combineFilters ( 'or' , $filters );
$params = array (
2022-09-28 16:50:24 +02:00
'basedn' => isset ( $filter_def [ 'basedn' ]) ? self :: getLSuserObject () -> getFData ( $filter_def [ 'basedn' ]) : $basedn ,
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
'filter' => $filter ,
2017-03-23 14:43:23 +01:00
'onlyAccessible' => False
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
);
if ( isset ( $filter_def [ 'params' ]) && is_array ( $filter_def [ 'params' ])) {
$params = array_merge ( $filter_def [ 'params' ], $params );
}
$LSsearch = new LSsearch ( $LSobject , 'LSsession :: loadLSprofiles' , $params , true );
$LSsearch -> run ( false );
$set = $LSsearch -> listObjects ();
2020-05-08 15:51:21 +02:00
self :: log_debug ( 'reduceLdapSet(): reduced set to' );
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
foreach ( $set as $object ) {
2020-05-08 15:51:21 +02:00
self :: log_debug ( 'reduceLdapSet(): -> ' . $object -> getDn ());
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
}
return $set ;
}
/**
2021-08-25 18:02:37 +02:00
* Loading user ' s profiles : load profile on specific LSobject type
*
* Regarding configuration , user profile on specific list on the specified
* LSobject type will be loaded .
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $profile The LSprofile
* @ param string $LSobject The LSobject type
* @ param array $listInfos The parameters to list of granted objects
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
*/
private static function loadLSprofilesLSobjects ( $profile , $LSobject , $listInfos ) {
if ( ! self :: loadLSclass ( 'LSsearch' )) {
2020-05-08 15:51:21 +02:00
self :: log_error ( 'Fail to load class LSsearch' );
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
return ;
}
# we are gonna grow a set of objects progressively, we start from the user
$set = array ( self :: getLSuserObject ());
2022-09-28 16:50:24 +02:00
$basedn = isset ( $listInfos [ 'basedn' ]) ? self :: getLSuserObject () -> getFData ( $listInfos [ 'basedn' ]) : null ;
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
$LSobject = isset ( $listInfos [ 'LSobject' ]) ? $listInfos [ 'LSobject' ] : $LSobject ;
if ( isset ( $listInfos [ 'filters' ]) && is_array ( $listInfos [ 'filters' ])) {
foreach ( $listInfos [ 'filters' ] as $filter_def ) {
$set = self :: reduceLdapSet ( $LSobject , $set , $filter_def , $basedn );
}
}
if ( isset ( $listInfos [ 'filter' ]) || ( isset ( $listInfos [ 'attr' ]) && isset ( $listInfos [ 'attr_value' ]))) {
# support legacy profile definition
$set = self :: reduceLdapSet ( $LSobject , $set , $listInfos , $basedn );
}
$DNs = [];
foreach ( $set as $object ) {
$DNs [] = $object -> getDn ();
}
2020-12-14 19:37:13 +01:00
if ( ! isset ( self :: $LSprofiles [ $profile ])) {
Allow a sequence of filters in LSobjects profile configurations
It's now possible for example to define a profile on an LSobject whose
attribute would contain the DN of a group the user is member of instead
of directly the dn of the user. A possible configuation using this new feature:
'LSprofile' => array(
'admin' => array(
'LSobjects' => array(
'LSsupannGroupAdminByGroup' => array(
'filters' => array(
array(
'basedn' => $basedn,
'attr' => 'member',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
),
array(
'basedn' => $basedn,
'attr' => 'supannGroupeAdminDN',
'attr_value' => '%{dn}',
'LSobject' => 'LSsupannGroup',
)
),
),
),
),
)
Signed-off-by: Benjamin Renard <brenard@easter-eggs.com>
2014-12-13 12:15:37 +01:00
self :: $LSprofiles [ $profile ] = $DNs ;
}
else {
foreach ( $DNs as $dn ) {
if ( ! in_array ( $dn , self :: $LSprofiles [ $profile ])) {
self :: $LSprofiles [ $profile ][] = $dn ;
}
}
}
}
2008-02-08 18:39:24 +01:00
/**
2021-08-25 18:02:37 +02:00
* Loading user ' s profiles
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on success , false otherwise
2008-02-08 18:39:24 +01:00
**/
2009-01-24 18:45:14 +01:00
private static function loadLSprofiles () {
2020-08-24 17:56:42 +02:00
if ( ! is_array ( self :: $ldapServer [ 'LSprofiles' ])) {
self :: log_warning ( 'loadLSprofiles(): Current LDAP server have no configured LSprofile.' );
2023-01-02 01:17:46 +01:00
return false ;
2020-08-24 17:56:42 +02:00
}
self :: log_trace ( " loadLSprofiles(): Current LDAP server LSprofile configuration: " . varDump ( self :: $ldapServer [ 'LSprofiles' ]));
2023-01-09 17:38:41 +01:00
self :: $LSprofiles = array ();
2020-08-24 17:56:42 +02:00
foreach ( self :: $ldapServer [ 'LSprofiles' ] as $profile => $profileInfos ) {
if ( ! is_array ( $profileInfos )) {
self :: log_warning ( " loadLSprofiles(): Invalid configuration for LSprofile ' $profile ' (must be an array). " );
continue ;
}
foreach ( $profileInfos as $topDn => $rightsInfos ) {
// Do not handle 'label' key as a topDn
if ( $topDn == 'label' ) {
continue ;
}
elseif ( $topDn == 'LSobjects' ) {
/*
* If $topDn == 'LSobject' , we search for each LSobject type to find
* all items on witch the user will have powers .
*/
if ( ! is_array ( $rightsInfos )) {
self :: log_warning ( 'loadLSprofiles(): LSobjects => [] must be an array' );
continue ;
}
foreach ( $rightsInfos as $LSobject => $listInfos ) {
self :: log_debug ( 'loadLSprofiles(): loading LSprofile ' . $profile . ' for LSobject ' . $LSobject . ' with params ' . var_export ( $listInfos , true ));
self :: loadLSprofilesLSobjects ( $profile , $LSobject , $listInfos );
}
}
else {
/*
* Otherwise , we are normally in case of $topDn == a base DN and
* $rightsInfos is :
* - an array ( see above )
* - a user DN
*/
if ( is_array ( $rightsInfos )) {
2009-01-02 17:00:25 +01:00
/*
2020-08-24 17:56:42 +02:00
* $rightsInfos is an array , so we could have :
* - users DNs as key and null as value
* - DN of an object as key and an array of parameters to list users from one
* of its attribute as value
2009-01-02 17:00:25 +01:00
*/
2020-08-24 17:56:42 +02:00
foreach ( $rightsInfos as $dn => $conf ) {
if ( is_array ( $conf ) && isset ( $conf [ 'attr' ]) && isset ( $conf [ 'LSobject' ])) {
2021-08-25 18:02:37 +02:00
// We have to retrieve this LSobject and list one of its attribute to retrieve
2020-08-24 17:56:42 +02:00
// users key info.
if ( ! self :: loadLSobject ( $conf [ 'LSobject' ])) {
// Warning log message is already emited by self :: loadLSobject()
continue ;
2008-02-08 18:39:24 +01:00
}
2020-08-24 17:56:42 +02:00
2021-08-25 18:02:37 +02:00
// Instanciate object and retrieve its data
2020-08-24 17:56:42 +02:00
$object = new $conf [ 'LSobject' ]();
if ( ! $object -> loadData ( $dn )) {
self :: log_warning ( " loadLSprofiles(): fail to load DN ' $dn '. " );
continue ;
2008-11-12 17:57:40 +01:00
}
2020-08-24 17:56:42 +02:00
2021-08-25 18:02:37 +02:00
// Retrieve users key info values from object attribute
2020-08-24 17:56:42 +02:00
$list_users_key_values = $object -> getValue ( $conf [ 'attr' ]);
if ( ! is_array ( $list_users_key_values )) {
2021-08-25 18:02:37 +02:00
self :: log_warning ( " loadLSprofiles(): fail to retrieve values of attribute ' " . $conf [ 'attr' ] . " ' of LSobject " . $conf [ 'LSobject' ] . " with DN=' $dn ' " );
2020-08-24 17:56:42 +02:00
continue ;
}
2021-08-25 18:02:37 +02:00
self :: log_trace ( " loadLSprofiles(): retrieved values of attribute ' " . $conf [ 'attr' ] . " ' of LSobject " . $conf [ 'LSobject' ] . " with DN=' $dn ': ' " . implode ( " ', ' " , $list_users_key_values ) . " ' " );
2020-08-24 17:56:42 +02:00
2021-08-25 18:02:37 +02:00
// Retrieve current connected key value
2020-08-24 17:56:42 +02:00
$user_key_value_format = ( isset ( $conf [ 'attr_value' ]) ? $conf [ 'attr_value' ] : '%{dn}' );
$user_key_value = self :: getLSuserObject () -> getFData ( $user_key_value_format );
// Check current connected user is list in attribute values
if ( in_array ( $user_key_value , $list_users_key_values )) {
self :: log_trace ( " loadLSprofiles(): current connected user is present in attribute ' " . $conf [ 'attr' ] . " ' of LSobject " . $conf [ 'LSobject' ] . " with DN=' $dn ' (user key value: ' $user_key_value ') " );
self :: $LSprofiles [ $profile ][] = $topDn ;
}
else
self :: log_trace ( " loadLSprofiles(): current connected user is not list in attribute ' " . $conf [ 'attr' ] . " ' of LSobject " . $conf [ 'LSobject' ] . " with DN=' $dn ' (user key value: ' $user_key_value ') " );
2008-02-08 18:39:24 +01:00
}
2008-11-12 17:57:40 +01:00
else {
2020-08-24 17:56:42 +02:00
// $conf is not an array, users DNs could be the key $dn and we don't care
// about $conf value (normally null)
if ( self :: $dn == $dn ) {
self :: log_trace ( " loadLSprofiles(): current connected user DN is explicitly list in $profile LSprofile configuration " );
2009-01-24 18:45:14 +01:00
self :: $LSprofiles [ $profile ][] = $topDn ;
2008-11-12 17:57:40 +01:00
}
2020-08-24 17:56:42 +02:00
else
self :: log_trace ( " loadLSprofiles(): current connected user DN is NOT explicitly list in $profile LSprofile configuration " );
2008-11-12 17:57:40 +01:00
}
2020-08-24 17:56:42 +02:00
}
}
else {
// $rightsInfos is not an array => its could be a user DN
if ( self :: $dn == $rightsInfos ) {
self :: log_trace ( " loadLSprofiles(): current connected user DN is explicitly appointed as $profile LSprofile in configuration " );
self :: $LSprofiles [ $profile ][] = $topDn ;
}
else
self :: log_trace ( " loadLSprofiles(): current connected user DN is NOT explicitly appointed as $profile LSprofile in configuration " );
}
} // fin else ($topDn == 'LSobjects' or 'label')
} // fin foreach($profileInfos)
} // fin foreach LSprofiles
self :: log_debug ( " loadLSprofiles(): LSprofiles = " . print_r ( self :: $LSprofiles , 1 ));
return true ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2008-02-12 18:59:44 +01:00
/**
2021-08-25 18:02:37 +02:00
* Load user access rights to build interface menu
2008-02-12 18:59:44 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-12 18:59:44 +01:00
*/
2009-01-24 18:45:14 +01:00
private static function loadLSaccess () {
2008-06-21 18:16:15 +02:00
$LSaccess = array ();
2010-11-16 19:31:07 +01:00
if ( isset ( self :: $ldapServer [ 'subDn' ]) && is_array ( self :: $ldapServer [ 'subDn' ])) {
2009-01-24 18:45:14 +01:00
foreach ( self :: $ldapServer [ 'subDn' ] as $name => $config ) {
2008-06-21 18:16:15 +02:00
if ( $name == 'LSobject' ) {
if ( is_array ( $config )) {
2020-04-29 15:54:21 +02:00
// Définition des subDns
2008-06-21 18:16:15 +02:00
foreach ( $config as $objectType => $objectConf ) {
2009-01-24 18:45:14 +01:00
if ( self :: loadLSobject ( $objectType )) {
2008-06-21 18:16:15 +02:00
if ( $subdnobject = new $objectType ()) {
2017-03-23 15:15:31 +01:00
$tbl = $subdnobject -> getSelectArray ( NULL , self :: getRootDn (), NULL , NULL , false , NULL , array ( 'onlyAccessible' => False ));
2008-06-21 18:16:15 +02:00
if ( is_array ( $tbl )) {
// Définition des accès
$access = array ();
if ( is_array ( $objectConf [ 'LSobjects' ])) {
foreach ( $objectConf [ 'LSobjects' ] as $type ) {
2009-01-24 18:45:14 +01:00
if ( self :: loadLSobject ( $type )) {
if ( self :: canAccess ( $type )) {
2009-03-25 13:26:32 +01:00
$access [ $type ] = LSconfig :: get ( 'LSobjects.' . $type . '.label' );
2008-06-21 18:16:15 +02:00
}
}
}
}
foreach ( $tbl as $dn => $dn_name ) {
$LSaccess [ $dn ] = $access ;
}
}
}
}
}
}
}
else {
2009-01-24 18:45:14 +01:00
if (( isCompatibleDNs ( self :: $ldapServer [ 'ldap_config' ][ 'basedn' ], $config [ 'dn' ])) && ( $config [ 'dn' ] != '' )) {
2008-06-21 18:16:15 +02:00
$access = array ();
if ( is_array ( $config [ 'LSobjects' ])) {
foreach ( $config [ 'LSobjects' ] as $objectType ) {
2009-01-24 18:45:14 +01:00
if ( self :: loadLSobject ( $objectType )) {
if ( self :: canAccess ( $objectType )) {
2009-03-25 13:26:32 +01:00
$access [ $objectType ] = LSconfig :: get ( 'LSobjects.' . $objectType . '.label' );
2008-06-21 18:16:15 +02:00
}
}
}
}
$LSaccess [ $config [ 'dn' ]] = $access ;
}
}
}
2008-02-12 18:59:44 +01:00
}
else {
2009-01-24 18:45:14 +01:00
if ( is_array ( self :: $ldapServer [ 'LSaccess' ])) {
2008-06-21 18:16:15 +02:00
$access = array ();
2009-01-24 18:45:14 +01:00
foreach ( self :: $ldapServer [ 'LSaccess' ] as $objectType ) {
if ( self :: loadLSobject ( $objectType )) {
2020-05-25 11:09:32 +02:00
if ( self :: canAccess ( $objectType ))
$access [ $objectType ] = $objectType :: getLabel ();
else
self :: log_debug ( " loadLSaccess(): authenticated user have no access to $objectType " );
2008-06-21 18:16:15 +02:00
}
}
2020-08-07 17:40:40 +02:00
$LSaccess [ self :: getTopDn ()] = $access ;
2008-02-08 18:39:24 +01:00
}
}
2010-11-25 12:39:35 +01:00
if ( LSauth :: displaySelfAccess ()) {
foreach ( $LSaccess as $dn => $access ) {
$LSaccess [ $dn ] = array_merge (
array (
'SELF' => 'My account'
),
$access
);
}
2008-06-21 18:16:15 +02:00
}
2009-01-24 18:45:14 +01:00
self :: $LSaccess = $LSaccess ;
2008-06-21 18:16:15 +02:00
$_SESSION [ 'LSsession' ][ 'LSaccess' ] = $LSaccess ;
2008-02-08 18:39:24 +01:00
}
2015-08-21 17:51:52 +02:00
2019-06-05 12:40:56 +02:00
/**
* Get user access
*
2022-12-31 21:15:19 +01:00
* @ param string | null $topDn Top DN ( optional , default : current )
2019-06-05 12:40:56 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return array User ' s access
2019-06-05 12:40:56 +02:00
**/
public static function getLSaccess ( $topDn = null ) {
2020-08-07 17:40:40 +02:00
if ( is_null ( $topDn )) $topDn = self :: getTopDn ();
if ( isset ( self :: $LSaccess [ $topDn ])) {
return self :: $LSaccess [ $topDn ];
2019-06-05 12:40:56 +02:00
}
return array ();
}
2015-08-21 17:51:52 +02:00
/**
* Load user access to LSaddons views
*
2022-12-31 05:52:31 +01:00
* @ return void
2015-08-21 17:51:52 +02:00
*/
private static function loadLSaddonsViewsAccess () {
$LSaddonsViewsAccess = array ();
foreach ( self :: $LSaddonsViews as $addon => $conf ) {
foreach ( $conf as $viewId => $viewConf ) {
if ( self :: canAccessLSaddonView ( $addon , $viewId )) {
2018-09-13 18:36:45 +02:00
$LSaddonsViewsAccess [ " $addon :: $viewId " ] = array (
2015-08-21 17:51:52 +02:00
'LSaddon' => $addon ,
'id' => $viewId ,
2015-08-24 12:24:33 +02:00
'label' => $viewConf [ 'label' ],
'showInMenu' => $viewConf [ 'showInMenu' ]
2015-08-21 17:51:52 +02:00
);
}
}
}
self :: $LSaddonsViewsAccess = $LSaddonsViewsAccess ;
$_SESSION [ 'LSsession' ][ 'LSaddonsViewsAccess' ] = $LSaddonsViewsAccess ;
}
2008-02-12 18:59:44 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check if user is a specified profile on specified DN
2008-02-12 18:59:44 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $dn DN of the object to check
* @ param string $profile The profile
2017-01-25 15:39:06 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is a specified profile on specified DN , false otherwise .
2008-02-12 18:59:44 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function isLSprofile ( $dn , $profile ) {
if ( is_array ( self :: $LSprofiles [ $profile ])) {
foreach ( self :: $LSprofiles [ $profile ] as $topDn ) {
2008-11-12 17:57:40 +01:00
if ( $dn == $topDn ) {
return true ;
}
else if ( isCompatibleDNs ( $dn , $topDn ) ) {
return true ;
}
2008-02-08 18:39:24 +01:00
}
}
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2017-01-25 15:39:06 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check if user is at least one of specified profiles on specified DN
2017-01-25 15:39:06 +01:00
*
2022-12-31 21:15:19 +01:00
* @ param string $dn DN of the object to check
2023-01-02 01:17:46 +01:00
* @ param array < string > $profiles The profiles list
2017-01-25 15:39:06 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is at least one of specified profiles on specified DN , false otherwise .
2017-01-25 15:39:06 +01:00
*/
public static function isLSprofiles ( $dn , $profiles ) {
foreach ( $profiles as $profile ) {
if ( self :: isLSprofile ( $dn , $profile ))
return true ;
}
return false ;
}
2020-04-29 15:54:21 +02:00
2008-02-12 18:59:44 +01:00
/**
2020-12-01 16:40:21 +01:00
* Return connected user ' s LSprofiles on a specific object .
2008-02-12 18:59:44 +01:00
*
2022-12-31 05:52:31 +01:00
* @ param string $dn The object ' s DN
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return array Array of LSprofiles of the connected user on the specified object
2008-02-12 18:59:44 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function whoami ( $dn ) {
2008-11-12 17:57:40 +01:00
$retval = array ( 'user' );
2020-04-29 15:54:21 +02:00
2020-05-25 11:09:32 +02:00
if ( self :: $LSuserObjectType )
$retval [] = self :: $LSuserObjectType ;
2009-01-24 18:45:14 +01:00
foreach ( self :: $LSprofiles as $profile => $infos ) {
2020-08-07 18:19:24 +02:00
if ( self :: isLSprofile ( $dn , $profile )) {
$retval [] = $profile ;
self :: log_trace ( " whoami( $dn ): is ' $profile ' " );
2008-11-12 17:57:40 +01:00
}
2020-08-07 18:19:24 +02:00
else
self :: log_trace ( " whoami( $dn ): is NOT ' $profile ' " );
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2009-01-24 18:45:14 +01:00
if ( self :: $dn == $dn ) {
2020-08-07 18:19:24 +02:00
$retval [] = 'self' ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2020-08-07 18:19:24 +02:00
self :: log_trace ( " whoami( $dn ): ' " . implode ( " ', ' " , $retval ) . " ' " );
2008-11-12 17:57:40 +01:00
return $retval ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2008-02-12 18:59:44 +01:00
/**
2021-02-03 12:44:38 +01:00
* Return user access right to access to specify LSobject
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $LSobject The LSobject type
* @ param string | null $dn The LSobject DN ( optional , default : the container_dn of the LSobject type )
* @ param string | null $right The requested access right ( 'r' or 'w' , optional , default : 'r' or 'w' )
* @ param string | null $attr The requested attribute name ( optional , default : any )
2008-02-12 18:59:44 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True is user can access to the specify LSobject , False otherwise
2008-02-12 18:59:44 +01:00
*/
2021-02-03 12:44:38 +01:00
public static function canAccess ( $LSobject , $dn = NULL , $right = NULL , $attr = NULL ) {
2009-01-24 18:45:14 +01:00
if ( ! self :: loadLSobject ( $LSobject )) {
2023-01-02 01:17:46 +01:00
return false ;
2008-06-21 18:16:15 +02:00
}
2020-05-01 15:46:07 +02:00
// Access always granted in CLI mode
if ( php_sapi_name () == " cli " )
return true ;
2008-02-08 18:39:24 +01:00
if ( $dn ) {
2009-01-24 18:45:14 +01:00
$whoami = self :: whoami ( $dn );
2021-02-03 12:44:38 +01:00
if ( $dn == self :: getLSuserObject () -> getValue ( 'dn' )) {
2009-01-24 18:45:14 +01:00
if ( ! self :: in_menu ( 'SELF' )) {
2020-08-07 18:19:24 +02:00
self :: log_trace ( " canAccess(' $LSobject ', ' $dn ', ' $right ', ' $attr '): SELF not in menu " );
2023-01-02 01:17:46 +01:00
return false ;
2008-06-21 18:16:15 +02:00
}
}
else {
$obj = new $LSobject ();
$obj -> dn = $dn ;
2009-10-30 01:03:17 +01:00
if ( ! self :: in_menu ( $LSobject , $obj -> subDnValue )) {
2020-08-07 18:19:24 +02:00
self :: log_trace ( " canAccess(' $LSobject ', ' $dn ', ' $right ', ' $attr '): $LSobject (for subDN=' " . $obj -> subDnValue . " ') not in menu " );
2023-01-02 01:17:46 +01:00
return false ;
2008-06-21 18:16:15 +02:00
}
}
2008-02-08 18:39:24 +01:00
}
else {
2020-08-07 17:40:40 +02:00
$objectdn = LSconfig :: get ( 'LSobjects.' . $LSobject . '.container_dn' ) . ',' . self :: getTopDn ();
2020-08-07 18:19:24 +02:00
self :: log_trace ( " canAccess(' $LSobject ', ' $dn ', ' $right ', ' $attr '): use object $LSobject container DN => ' $objectdn ' " );
2009-01-24 18:45:14 +01:00
$whoami = self :: whoami ( $objectdn );
2008-02-12 18:59:44 +01:00
}
2020-04-29 15:54:21 +02:00
2021-08-25 18:02:37 +02:00
// On specific attribute
2008-02-12 18:59:44 +01:00
if ( $attr ) {
if ( $attr == 'rdn' ) {
2009-03-25 13:26:32 +01:00
$attr = LSconfig :: get ( 'LSobjects.' . $LSobject . '.rdn' );
2020-08-07 18:19:24 +02:00
self :: log_trace ( " canAccess(' $LSobject ', ' $dn ', ' $right ', 'rdn'): RDN attribute = $attr " );
2008-02-12 18:59:44 +01:00
}
2009-03-25 13:26:32 +01:00
if ( ! is_array ( LSconfig :: get ( 'LSobjects.' . $LSobject . '.attrs.' . $attr ))) {
2020-08-07 18:19:24 +02:00
self :: log_warning ( " canAccess(' $LSobject ', ' $dn ', ' $right ', ' $attr '): Attribute ' $attr ' doesn't exists " );
2023-01-02 01:17:46 +01:00
return false ;
2008-02-12 18:59:44 +01:00
}
2008-11-12 17:57:40 +01:00
$r = 'n' ;
foreach ( $whoami as $who ) {
2009-03-25 13:26:32 +01:00
$nr = LSconfig :: get ( 'LSobjects.' . $LSobject . '.attrs.' . $attr . '.rights.' . $who );
2008-11-12 17:57:40 +01:00
if ( $nr == 'w' ) {
2021-02-03 12:44:38 +01:00
self :: log_trace ( " canAccess(' $LSobject ', ' $dn ', ' $right ', ' $attr '): grant WRITE access via LSprofile ' $who '. " );
2008-11-12 17:57:40 +01:00
$r = 'w' ;
}
else if ( $nr == 'r' ) {
if ( $r == 'n' ) {
2021-02-03 12:44:38 +01:00
self :: log_trace ( " canAccess(' $LSobject ', ' $dn ', ' $right ', ' $attr '): grant READ access via LSprofile ' $who '. " );
2008-11-12 17:57:40 +01:00
$r = 'r' ;
}
}
}
2020-08-07 18:19:24 +02:00
self :: log_trace ( " canAccess( $LSobject , $dn , $right , $attr ): right detected = ' $r ' " );
2020-04-29 15:54:21 +02:00
2023-01-02 01:17:46 +01:00
if ( $right == 'r' || $right == 'w' )
2021-02-02 19:05:09 +01:00
return self :: checkRight ( $right , $r );
2023-01-02 01:17:46 +01:00
return ( $r == 'r' || $r == 'w' );
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2021-08-25 18:02:37 +02:00
// On any attributes
2009-03-25 13:26:32 +01:00
$attrs_conf = LSconfig :: get ( 'LSobjects.' . $LSobject . '.attrs' );
if ( is_array ( $attrs_conf )) {
2008-02-08 18:39:24 +01:00
if (( $right == 'r' ) || ( $right == 'w' )) {
2008-11-12 17:57:40 +01:00
foreach ( $whoami as $who ) {
2009-03-25 13:26:32 +01:00
foreach ( $attrs_conf as $attr_name => $attr_config ) {
2021-02-02 19:05:09 +01:00
if ( isset ( $attr_config [ 'rights' ][ $who ]) && self :: checkRight ( $right , $attr_config [ 'rights' ][ $who ])) {
2008-11-12 17:57:40 +01:00
return true ;
}
2008-02-08 18:39:24 +01:00
}
}
}
else {
2008-11-12 17:57:40 +01:00
foreach ( $whoami as $who ) {
2009-03-25 13:26:32 +01:00
foreach ( $attrs_conf as $attr_name => $attr_config ) {
2010-11-16 19:32:10 +01:00
if ( ( isset ( $attr_config [ 'rights' ][ $who ])) && ( ( $attr_config [ 'rights' ][ $who ] == 'r' ) || ( $attr_config [ 'rights' ][ $who ] == 'w' ) ) ) {
2008-11-12 17:57:40 +01:00
return true ;
}
2008-02-08 18:39:24 +01:00
}
}
}
}
2023-01-02 01:17:46 +01:00
return false ;
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2021-02-02 19:05:09 +01:00
/**
* Check a requested right against maximum right of a user
* @ param string $requested The requested right
* @ param string $authorized The authorized maximum right
* @ return boolean
*/
2022-12-31 02:01:17 +01:00
public static function checkRight ( $requested , $authorized ) {
2021-02-02 19:05:09 +01:00
if ( $requested == $authorized )
return true ;
if ( $requested == 'r' && $authorized == 'w' )
return true ;
return false ;
}
2008-02-12 18:59:44 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check if user can edit a specified object
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $LSobject The LSobject type
* @ param string | null $dn The DN of the object ( optional , default : the container_dn of the LSobject type )
* @ param string | null $attr The attribue name of attribute to check ( optional , default : any attributes )
2008-02-12 18:59:44 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2008-02-12 18:59:44 +01:00
*/
2021-08-25 18:02:37 +02:00
public static function canEdit ( $LSobject , $dn = NULL , $attr = NULL ) {
return self :: canAccess ( $LSobject , $dn , 'w' , $attr );
2008-02-08 18:39:24 +01:00
}
2008-02-12 18:59:44 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check if user can remove a specified object
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $LSobject The LSobject type
* @ param string $dn The DN of the object ( optional , default : the container_dn of the LSobject type )
2008-02-12 18:59:44 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2020-04-29 15:54:21 +02:00
*/
2021-08-25 18:02:37 +02:00
public static function canRemove ( $LSobject , $dn ) {
return self :: canAccess ( $LSobject , $dn , 'w' , 'rdn' );
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2008-02-12 18:59:44 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check if user can create a specific object type
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $LSobject The LSobject type
2008-02-12 18:59:44 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2020-04-29 15:54:21 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function canCreate ( $LSobject ) {
2010-08-02 14:39:50 +02:00
if ( ! self :: loadLSobject ( $LSobject )) {
2023-01-02 01:17:46 +01:00
return false ;
2010-08-02 14:39:50 +02:00
}
if ( LSconfig :: get ( " LSobjects. $LSobject .disable_creation " )) {
2023-01-02 01:17:46 +01:00
return false ;
2010-08-02 14:39:50 +02:00
}
2009-01-24 18:45:14 +01:00
return self :: canAccess ( $LSobject , NULL , 'w' , 'rdn' );
2008-02-08 18:39:24 +01:00
}
2020-04-29 15:54:21 +02:00
2021-02-03 14:40:28 +01:00
/**
* Check user right to compute the result of a LSformat
*
2022-12-31 21:15:19 +01:00
* @ param string $LSformat The LSformat string to check
* @ param string $LSobject The LSobject type
* @ param string | null $dn The LSobject DN ( optional , default : the container_dn of the LSobject type )
2021-02-03 14:40:28 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True is user can compute the result of the LSformat , False otherwise
2021-02-03 14:40:28 +01:00
*/
public static function canComputeLSformat ( $LSformat , $LSobject , $dn = NULL ) {
foreach ( getFieldInFormat ( $LSformat ) as $attr )
if ( ! self :: canAccess ( $LSobject , $dn , 'r' , $attr ))
return false ;
return true ;
}
2008-02-26 18:40:05 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check user right to manage a specified relation of specified object
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $dn The LSobject DN ( optional , default : the container_dn of the LSobject type )
* @ param string $LSobject The LSobject type
* @ param string $relationName The relation name of the object
* @ param string | null $right The right to check ( possible values : 'r' or 'w' , optional , default : any )
2008-02-26 18:40:05 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2008-02-26 18:40:05 +01:00
*/
2009-01-24 18:45:14 +01:00
public static function relationCanAccess ( $dn , $LSobject , $relationName , $right = NULL ) {
2009-03-25 13:26:32 +01:00
$relConf = LSconfig :: get ( 'LSobjects.' . $LSobject . '.LSrelation.' . $relationName );
2021-02-03 12:44:38 +01:00
if ( ! is_array ( $relConf )) {
self :: log_trace ( " relationCanAccess( $dn , $LSobject , $relationName , $right ): unknown relation " );
2023-01-02 01:17:46 +01:00
return false ;
2021-02-03 12:44:38 +01:00
}
2020-05-01 15:46:07 +02:00
// Access always granted in CLI mode
if ( php_sapi_name () == " cli " )
return true ;
2009-01-24 18:45:14 +01:00
$whoami = self :: whoami ( $dn );
2021-02-03 12:44:38 +01:00
self :: log_trace ( " relationCanAccess( $dn , $LSobject , $relationName , $right ): whoami = " . varDump ( $whoami ));
2008-04-25 15:48:12 +02:00
2008-02-26 18:40:05 +01:00
if (( $right == 'w' ) || ( $right == 'r' )) {
2008-11-12 17:57:40 +01:00
$r = 'n' ;
foreach ( $whoami as $who ) {
2010-11-16 19:34:04 +01:00
$nr = (( isset ( $relConf [ 'rights' ][ $who ])) ? $relConf [ 'rights' ][ $who ] : '' );
2008-11-12 17:57:40 +01:00
if ( $nr == 'w' ) {
2021-02-03 12:44:38 +01:00
self :: log_trace ( " relationCanAccess( $dn , $LSobject , $relationName , $right ): grant WRITE access via LSprofile ' $who '. " );
2008-11-12 17:57:40 +01:00
$r = 'w' ;
}
else if ( $nr == 'r' ) {
if ( $r == 'n' ) {
2021-02-03 12:44:38 +01:00
self :: log_trace ( " relationCanAccess( $dn , $LSobject , $relationName , $right ): grant READ access via LSprofile ' $who '. " );
2008-11-12 17:57:40 +01:00
$r = 'r' ;
}
}
}
2021-02-03 12:44:38 +01:00
self :: log_trace ( " relationCanAccess( $dn , $LSobject , $relationName , $right ): right detected = ' $r ' " );
2020-04-29 15:54:21 +02:00
2021-02-03 12:44:38 +01:00
if ( self :: checkRight ( $right , $r )) {
2008-02-26 18:40:05 +01:00
return true ;
}
}
else {
2008-11-12 17:57:40 +01:00
foreach ( $whoami as $who ) {
2010-11-16 19:34:04 +01:00
if (( isset ( $relConf [ 'rights' ][ $who ])) && ( ( $relConf [ 'rights' ][ $who ] == 'w' ) || ( $relConf [ 'rights' ][ $who ] == 'r' ) ) ) {
2021-02-03 12:44:38 +01:00
self :: log_trace ( " relationCanAccess( $dn , $LSobject , $relationName , $right ): granted via LSprofile ' $who '. " );
2008-11-12 17:57:40 +01:00
return true ;
}
2008-02-26 18:40:05 +01:00
}
}
2023-01-02 01:17:46 +01:00
return false ;
2008-02-26 18:40:05 +01:00
}
/**
2021-08-25 18:02:37 +02:00
* Check user right to edit a specified relation of specified object
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $dn The LSobject DN ( optional , default : the container_dn of the LSobject type )
* @ param string $LSobject The LSobject type
* @ param string $relationName The relation name of the object
2008-02-26 18:40:05 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2020-04-29 15:54:21 +02:00
*/
2021-08-25 18:02:37 +02:00
public static function relationCanEdit ( $dn , $LSobject , $relationName ) {
return self :: relationCanAccess ( $dn , $LSobject , $relationName , 'w' );
2008-02-26 18:40:05 +01:00
}
2011-03-25 18:05:26 +01:00
/**
2021-08-25 18:02:37 +02:00
* Check user right to execute a customAction on specified object
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $dn The LSobject DN
* @ param string $LSobject The LSobject type
* @ param string $customActionName The customAction name
2011-03-25 18:05:26 +01:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2011-03-25 18:05:26 +01:00
*/
2021-08-25 18:02:37 +02:00
public static function canExecuteCustomAction ( $dn , $LSobject , $customActionName ) {
2011-03-25 18:05:26 +01:00
$conf = LSconfig :: get ( 'LSobjects.' . $LSobject . '.customActions.' . $customActionName );
if ( ! is_array ( $conf ))
2023-01-02 01:17:46 +01:00
return false ;
2020-05-01 15:46:07 +02:00
// Access always granted in CLI mode
if ( php_sapi_name () == " cli " )
return true ;
2011-03-25 18:05:26 +01:00
$whoami = self :: whoami ( $dn );
if ( isset ( $conf [ 'rights' ]) && is_array ( $conf [ 'rights' ])) {
2023-01-09 19:53:41 +01:00
if ( $dn == self :: $dn && in_array ( 'self' , $conf [ 'rights' ]))
return True ;
2011-03-25 18:05:26 +01:00
foreach ( $whoami as $who ) {
2023-01-09 19:53:41 +01:00
if ( $who != 'self' && in_array ( $who , $conf [ 'rights' ])) {
2011-03-25 18:05:26 +01:00
return True ;
}
}
}
2020-04-29 15:54:21 +02:00
2023-01-02 01:17:46 +01:00
return false ;
2011-03-25 18:05:26 +01:00
}
2014-10-08 17:24:30 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check user right to execute a customAction on a specifed search
2014-10-08 17:24:30 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param LSsearch $LSsearch The LSsearch search
* @ param string $customActionName The customAction name
2014-10-08 17:24:30 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2014-10-08 17:24:30 +02:00
*/
public static function canExecuteLSsearchCustomAction ( $LSsearch , $customActionName ) {
$conf = LSconfig :: get ( 'LSobjects.' . $LSsearch -> LSobject . '.LSsearch.customActions.' . $customActionName );
if ( ! is_array ( $conf ))
2023-01-02 01:17:46 +01:00
return false ;
2020-05-01 15:46:07 +02:00
// Access always granted in CLI mode
if ( php_sapi_name () == " cli " )
return true ;
2014-10-08 17:24:30 +02:00
$dn = $LSsearch -> basedn ;
if ( is_null ( $dn )) $dn = self :: getTopDn ();
$whoami = self :: whoami ( $dn );
if ( isset ( $conf [ 'rights' ]) && is_array ( $conf [ 'rights' ])) {
foreach ( $whoami as $who ) {
if ( in_array ( $who , $conf [ 'rights' ])) {
return True ;
}
}
}
2023-01-02 01:17:46 +01:00
return false ;
2014-10-08 17:24:30 +02:00
}
2015-08-21 17:51:52 +02:00
/**
* Return user right to access to a LSaddon view
*
2022-12-31 21:15:19 +01:00
* @ param string $LSaddon The LSaddon
* @ param string $viewId The LSaddon view ID
2015-08-21 17:51:52 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if user is granted , false otherwise
2015-08-21 17:51:52 +02:00
*/
public static function canAccessLSaddonView ( $LSaddon , $viewId ) {
if ( self :: loadLSaddon ( $LSaddon )) {
if ( ! isset ( self :: $LSaddonsViews [ $LSaddon ]) || ! isset ( self :: $LSaddonsViews [ $LSaddon ][ $viewId ]))
2023-01-02 01:17:46 +01:00
return false ;
if ( ! is_array ( self :: $LSaddonsViews [ $LSaddon ][ $viewId ][ 'allowedLSprofiles' ])) {
return true ;
}
$whoami = self :: whoami ( self :: getTopDn ());
2015-08-21 17:51:52 +02:00
2023-01-02 01:17:46 +01:00
if ( isset ( self :: $LSaddonsViews [ $LSaddon ][ $viewId ][ 'allowedLSprofiles' ]) && is_array ( self :: $LSaddonsViews [ $LSaddon ][ $viewId ][ 'allowedLSprofiles' ])) {
2015-08-21 17:51:52 +02:00
foreach ( $whoami as $who ) {
if ( in_array ( $who , self :: $LSaddonsViews [ $LSaddon ][ $viewId ][ 'allowedLSprofiles' ])) {
return True ;
}
}
}
}
2023-01-02 01:17:46 +01:00
return false ;
2015-08-21 17:51:52 +02:00
}
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Add a temporary file that stored a specifed value
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param mixed $value The value stored in the temporary file
* @ param string $filePath The temporary file path
2008-02-26 18:40:05 +01:00
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-26 18:40:05 +01:00
**/
2021-08-25 18:02:37 +02:00
public static function addTmpFile ( $value , $filePath ) {
2008-02-26 18:40:05 +01:00
$hash = mhash ( MHASH_MD5 , $value );
2009-01-24 18:45:14 +01:00
self :: $tmp_file [ $filePath ] = $hash ;
2008-02-26 18:40:05 +01:00
$_SESSION [ 'LSsession' ][ 'tmp_file' ][ $filePath ] = $hash ;
}
2020-04-29 15:54:21 +02:00
2008-02-26 18:40:05 +01:00
/**
2021-08-25 18:02:37 +02:00
* Return the path of a temporary file that store the specified value ( is exists )
2020-04-29 15:54:21 +02:00
*
2008-02-26 18:40:05 +01:00
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ param mixed $value The value stored in the temporary file
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string | false The temporary file path if exists , False otherwise
2008-02-26 18:40:05 +01:00
**/
2009-01-24 18:45:14 +01:00
public static function tmpFileExist ( $value ) {
2008-02-26 18:40:05 +01:00
$hash = mhash ( MHASH_MD5 , $value );
2009-01-24 18:45:14 +01:00
foreach ( self :: $tmp_file as $filePath => $contentHash ) {
2008-02-26 18:40:05 +01:00
if ( $hash == $contentHash ) {
return $filePath ;
}
}
return false ;
}
2020-04-29 15:54:21 +02:00
2008-02-26 18:40:05 +01:00
/**
2021-08-25 18:02:37 +02:00
* Return the path of a temporary file that store the specified value
2020-04-29 15:54:21 +02:00
*
2021-08-25 18:02:37 +02:00
* The temporary file will be created if not already exists .
2020-04-29 15:54:21 +02:00
*
2008-02-26 18:40:05 +01:00
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ param mixed $value The value to store in the temporary file
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string | false The path of the temporary file , false in case of error
2008-02-26 18:40:05 +01:00
**/
2009-01-24 18:45:14 +01:00
public static function getTmpFile ( $value ) {
2021-08-25 18:02:37 +02:00
$path = self :: tmpFileExist ( $value );
if ( ! $path ) {
$path = LS_TMP_DIR_PATH . rand () . '.tmp' ;
$fp = fopen ( $path , " w " );
2008-02-26 18:40:05 +01:00
fwrite ( $fp , $value );
fclose ( $fp );
2021-08-25 18:02:37 +02:00
self :: addTmpFile ( $value , $path );
2008-02-26 18:40:05 +01:00
}
2021-08-25 18:02:37 +02:00
return $path ;
2008-02-26 18:40:05 +01:00
}
2020-04-29 15:15:41 +02:00
/**
2021-08-25 18:02:37 +02:00
* Return the URL of a temporary file that store the specified value
2020-04-29 15:15:41 +02:00
*
2021-08-25 18:02:37 +02:00
* The temporary file will be created if not already exists .
2020-04-29 15:15:41 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2022-12-31 05:52:31 +01:00
* @ param mixed $value The value to store in the temporary file
2020-04-29 15:15:41 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string | false The URL of the temporary file , false in case of error
2020-04-29 15:15:41 +02:00
**/
public static function getTmpFileURL ( $value ) {
$path = self :: getTmpFile ( $value );
2020-05-06 21:23:07 +02:00
if ( $path && is_file ( $path ))
return " tmp/ " . basename ( $path );
2020-04-29 15:15:41 +02:00
return False ;
}
2020-05-04 17:55:46 +02:00
/**
2021-08-25 18:02:37 +02:00
* Return the path of a temporary file specified by its filename ( if exists )
2020-05-04 17:55:46 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2022-12-31 05:52:31 +01:00
* @ param string $filename The filename
2020-05-04 17:55:46 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string | false The path of the temporary file if found , false otherwise
2020-05-04 17:55:46 +02:00
**/
public static function getTmpFileByFilename ( $filename ) {
foreach ( self :: $tmp_file as $filePath => $contentHash ) {
if ( basename ( $filePath ) == $filename ) {
return $filePath ;
}
}
return False ;
}
2008-05-15 12:56:55 +02:00
/**
2021-08-25 18:02:37 +02:00
* Delete one or all temporary files
2020-04-29 15:54:21 +02:00
*
2008-02-26 18:40:05 +01:00
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string | null $filePath A specific temporary file path to delete
2021-08-25 18:02:37 +02:00
* ( optional , default : all temporary files wil be deleted )
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-02-26 18:40:05 +01:00
**/
2009-01-24 18:45:14 +01:00
public static function deleteTmpFile ( $filePath = NULL ) {
2008-02-26 18:40:05 +01:00
if ( $filePath ) {
@ unlink ( $filePath );
2009-01-24 18:45:14 +01:00
unset ( self :: $tmp_file [ $filePath ]);
2008-02-26 18:40:05 +01:00
unset ( $_SESSION [ 'LSsession' ][ 'tmp_file' ][ $filePath ]);
}
else {
2009-01-24 18:45:14 +01:00
foreach ( self :: $tmp_file as $file => $content ) {
2008-02-26 18:40:05 +01:00
@ unlink ( $file );
}
2009-01-24 18:45:14 +01:00
self :: $tmp_file = array ();
2008-02-26 18:40:05 +01:00
$_SESSION [ 'LSsession' ][ 'tmp_file' ] = array ();
}
}
2008-02-12 18:59:44 +01:00
2008-06-18 14:27:35 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check if LSprofiles cache is enabled
2008-06-18 14:27:35 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if LSprofiles cache is enabled , false otherwise .
2008-06-18 14:27:35 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function cacheLSprofiles () {
2020-08-06 13:48:43 +02:00
return LSconfig :: get (
'cacheLSprofiles' ,
LSconfig :: get ( 'cacheLSprofiles' , false , 'bool' ), // Default
'bool' ,
self :: $ldapServer
);
2008-06-18 14:27:35 +02:00
}
/**
2021-08-25 18:02:37 +02:00
* Check if subDn cache is enabled
2008-06-18 14:27:35 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if subDn cache is enabled , false otherwise .
2008-06-18 14:27:35 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function cacheSudDn () {
2020-08-06 13:48:43 +02:00
return LSconfig :: get (
'cacheSubDn' ,
LSconfig :: get ( 'cacheSubDn' , false , 'bool' ), // Default
'bool' ,
self :: $ldapServer
);
2008-06-18 14:27:35 +02:00
}
2020-04-29 15:54:21 +02:00
2008-06-18 14:27:35 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check if searchs cache is enabled
2008-06-18 14:27:35 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if searchs cache is enabled , false otherwise .
2008-06-18 14:27:35 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function cacheSearch () {
2020-08-06 13:48:43 +02:00
return LSconfig :: get (
'cacheSearch' ,
LSconfig :: get ( 'cacheSearch' , false , 'bool' ), // Default
'bool' ,
self :: $ldapServer
);
2008-06-18 14:27:35 +02:00
}
2019-05-21 12:06:24 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check if global search is enabled
2019-05-21 12:06:24 +02:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if global search is enabled , false instead
2019-05-21 12:06:24 +02:00
*/
public static function globalSearch () {
2020-08-06 13:48:43 +02:00
return LSconfig :: get (
'globalSearch' ,
LSconfig :: get ( 'globalSearch' , true , 'bool' ), // Default
'bool' ,
self :: $ldapServer
);
2019-05-21 12:06:24 +02:00
}
2008-06-18 14:27:35 +02:00
/**
2021-08-25 18:02:37 +02:00
* Retrieve label of current LDAP server subDn
*
* Note : the label is returned untranslated .
2020-04-29 15:54:21 +02:00
*
2008-06-18 14:27:35 +02:00
* @ author Benjamin Renard < brenard @ easter - eggs . com >
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string The label of current LDAP server subDn
2008-06-18 14:27:35 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function getSubDnLabel () {
2020-08-06 13:48:43 +02:00
return __ (
LSconfig :: get (
'subDnLabel' ,
___ ( 'Level' ), // default value (to translate)
'string' ,
self :: $ldapServer
)
);
2008-06-18 14:27:35 +02:00
}
2020-04-29 15:54:21 +02:00
2008-06-18 14:27:35 +02:00
/**
2021-08-25 18:02:37 +02:00
* Return the name of a specifed subDn
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string | false $subDn The subDn ( optional , default : the current one )
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string The name of the current subDn if found or an empty string otherwise
2008-06-18 14:27:35 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function getSubDnName ( $subDn = false ) {
2008-06-18 14:27:35 +02:00
if ( ! $subDn ) {
2020-08-07 17:40:40 +02:00
$subDn = self :: getTopDn ();
2008-06-18 14:27:35 +02:00
}
2020-08-07 17:40:40 +02:00
$subDns = self :: getSubDnLdapServer ( false );
if ( is_array ( $subDns )) {
if ( isset ( $subDns [ $subDn ])) {
return $subDns [ $subDn ];
2008-06-18 14:27:35 +02:00
}
}
return '' ;
}
2008-06-20 17:52:15 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check if object type is used to list current LDAP server subDns
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $type The LSobject type
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if specified object type is used to list current LDAP server subDns , false otherwise
2008-06-20 17:52:15 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function isSubDnLSobject ( $type ) {
2008-06-20 17:52:15 +02:00
$result = false ;
2010-11-16 19:34:57 +01:00
if ( isset ( self :: $ldapServer [ 'subDn' ][ 'LSobject' ]) && is_array ( self :: $ldapServer [ 'subDn' ][ 'LSobject' ])) {
2009-01-24 18:45:14 +01:00
foreach ( self :: $ldapServer [ 'subDn' ][ 'LSobject' ] as $key => $value ) {
2008-06-20 17:52:15 +02:00
if ( $key == $type ) {
$result = true ;
}
}
}
return $result ;
}
2020-04-29 15:54:21 +02:00
2008-06-21 18:16:15 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check if specified LSobject type is in current interface menu
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $LSobject The LSobject type
* @ param string | null $topDn The topDn to check ( optional , default : current one )
2021-08-25 18:02:37 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if specified LSobject type is in current interface menu , false otherwise
2008-06-21 18:16:15 +02:00
*/
2021-08-25 18:02:37 +02:00
public static function in_menu ( $LSobject , $topDn = NULL ) {
2008-06-21 18:16:15 +02:00
if ( ! $topDn ) {
2020-08-07 17:40:40 +02:00
$topDn = self :: getTopDn ();
2008-06-21 18:16:15 +02:00
}
2009-01-24 18:45:14 +01:00
return isset ( self :: $LSaccess [ $topDn ][ $LSobject ]);
2008-06-21 18:16:15 +02:00
}
2020-04-29 15:54:21 +02:00
2008-07-05 22:28:49 +02:00
/**
2021-08-25 18:02:37 +02:00
* Check if current LDAP server have subDns
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True if current LDAP server have subDns , false otherwise
2008-07-05 22:28:49 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function haveSubDn () {
2010-11-08 17:02:35 +01:00
return ( isset ( self :: $ldapServer [ 'subDn' ]) && is_array ( self :: $ldapServer [ 'subDn' ]));
2008-07-05 22:28:49 +02:00
}
2008-09-09 17:48:07 +02:00
/**
2021-08-25 18:02:37 +02:00
* Add an information to display to user ( on next displayed page or in API result )
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $msg The message
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-09-09 17:48:07 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function addInfo ( $msg ) {
2008-09-09 17:48:07 +02:00
$_SESSION [ 'LSsession_infos' ][] = $msg ;
}
2020-04-29 15:54:21 +02:00
2008-09-09 17:48:07 +02:00
/**
2020-05-04 18:28:20 +02:00
* Redirect user to another URL
2020-04-29 15:54:21 +02:00
*
2020-05-04 18:28:20 +02:00
* /! \ DEPRECATED /! \ : please use LSurl :: redirect ()
*
2022-12-31 21:15:19 +01:00
* @ param string $url The destination URL
* @ param boolean $exit Unsed ( keep for reto - compatibility )
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-04-29 15:54:21 +02:00
*/
2020-05-04 18:28:20 +02:00
public static function redirect ( $url , $exit = true ) {
2020-05-28 16:56:36 +02:00
LSerror :: addErrorCode (
'LSsession_27' ,
array (
'old' => 'LSsession :: redirect()' ,
'new' => 'LSurl :: redirect()' ,
'context' => LSlog :: get_debug_backtrace_context (),
)
);
2020-05-04 18:28:20 +02:00
LSurl :: redirect ( $url );
2008-09-09 17:48:07 +02:00
}
2020-04-29 15:54:21 +02:00
2008-09-25 17:15:33 +02:00
/**
2021-08-25 18:02:37 +02:00
* Return the sender email address configured for the current LDAP server
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return string The sender email address ( if configured ), false otherwise
2008-09-25 17:15:33 +02:00
*/
2009-01-24 18:45:14 +01:00
public static function getEmailSender () {
2021-08-25 18:02:37 +02:00
return (
is_array ( self :: $ldapServer ) && isset ( self :: $ldapServer [ 'emailSender' ]) && self :: $ldapServer [ 'emailSender' ] ?
self :: $ldapServer [ 'emailSender' ] :
null
);
2008-09-25 17:15:33 +02:00
}
2018-09-13 18:36:45 +02:00
/**
* Redirect to default view ( if defined )
*
2022-12-31 05:52:31 +01:00
* @ return void
2018-09-13 18:36:45 +02:00
*/
public static function redirectToDefaultView ( $force = false ) {
if ( isset ( self :: $ldapServer [ 'defaultView' ])) {
2020-08-07 17:40:40 +02:00
if ( array_key_exists ( self :: $ldapServer [ 'defaultView' ], self :: $LSaccess [ self :: getTopDn ()])) {
2020-05-03 18:48:33 +02:00
LSurl :: redirect ( 'object/' . self :: $ldapServer [ 'defaultView' ]);
2018-09-13 18:36:45 +02:00
}
elseif ( array_key_exists ( self :: $ldapServer [ 'defaultView' ], self :: $LSaddonsViewsAccess )) {
$addon = self :: $LSaddonsViewsAccess [ self :: $ldapServer [ 'defaultView' ]];
2020-05-03 18:48:33 +02:00
LSurl :: redirect ( 'addon/' . urlencode ( self :: $LSaddonsViewsAccess [ self :: $ldapServer [ 'defaultView' ]][ 'LSaddon' ]) . " / " . urlencode ( self :: $LSaddonsViewsAccess [ self :: $ldapServer [ 'defaultView' ]][ 'id' ]));
2018-09-13 18:36:45 +02:00
}
}
if ( $force )
2020-05-07 09:56:28 +02:00
LSurl :: redirect ();
2018-09-13 18:36:45 +02:00
}
2020-04-29 15:54:21 +02:00
2008-11-10 03:10:42 +01:00
/**
2020-06-04 19:04:48 +02:00
* Add help info
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param string $group The group name of this information
* @ param array $info Array of the information to add ( name => value )
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2008-11-10 03:10:42 +01:00
*/
2020-06-04 19:04:48 +02:00
public static function addHelpInfos ( $group , $info ) {
LStemplate :: addHelpInfo ( $group , $info );
LSerror :: addErrorCode (
'LSsession_27' ,
array (
'old' => 'LStemplate :: addHelpInfo()' ,
'new' => 'LStemplate :: addHelpInfo()' ,
'context' => LSlog :: get_debug_backtrace_context (),
)
);
2008-11-10 03:10:42 +01:00
}
2020-04-29 15:54:21 +02:00
2009-01-25 15:37:03 +01:00
/**
2021-08-25 18:02:37 +02:00
* Define error codes relative to LSsession PHP class
*
* Note : could not be directly defined after PHP class declaration ( like in othe class files )
* because LSerror is not already loaded and initialized . It ' s done on self :: startLSerror () .
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2020-04-29 15:54:21 +02:00
*/
2009-01-25 15:37:03 +01:00
private static function defineLSerrors () {
/*
* Error Codes
*/
LSerror :: defineError ( 'LSsession_01' ,
2020-09-03 18:31:53 +02:00
___ ( " LSsession : The constant '% { const}' is not defined. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_02' ,
2020-09-03 18:31:53 +02:00
___ ( " LSsession : The addon '% { addon}' support is uncertain. Verify system compatibility and the add-on configuration. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_03' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : LDAP server's configuration data are invalid. Can't connect. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_04' ,
2020-09-03 18:31:53 +02:00
___ ( " LSsession : Failed to load LSobject type '% { type}' : unknon type. " )
2009-01-25 15:37:03 +01:00
);
2009-10-26 00:34:06 +01:00
LSerror :: defineError ( 'LSsession_05' ,
2020-09-03 18:31:53 +02:00
___ ( " LSsession : Failed to load LSclass '% { class}'. " )
2009-10-26 00:34:06 +01:00
);
2009-01-25 15:37:03 +01:00
LSerror :: defineError ( 'LSsession_06' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Login or password incorrect. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_07' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Impossible to identify you : Duplication of identities. " )
2009-01-25 15:37:03 +01:00
);
2009-10-31 02:33:01 +01:00
LSerror :: defineError ( 'LSsession_08' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Can't load class of authentification (% { class}). " )
2009-10-31 02:33:01 +01:00
);
2009-01-25 15:37:03 +01:00
LSerror :: defineError ( 'LSsession_09' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Can't connect to LDAP server. " )
2009-01-25 15:37:03 +01:00
);
2009-10-31 02:33:01 +01:00
LSerror :: defineError ( 'LSsession_10' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Impossible to authenticate you. " )
2009-10-31 02:33:01 +01:00
);
2009-01-25 15:37:03 +01:00
LSerror :: defineError ( 'LSsession_11' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Your are not authorized to do this action. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_12' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Some informations are missing to display this page. " )
2009-01-25 15:37:03 +01:00
);
2011-03-25 18:05:26 +01:00
LSerror :: defineError ( 'LSsession_13' ,
2020-12-16 17:42:55 +01:00
___ ( " LSsession : The function '% { function}' of the custom action '% { customAction}' does not exists or is not configured. " )
2011-03-25 18:05:26 +01:00
);
2014-11-18 13:16:38 +01:00
LSerror :: defineError ( 'LSsession_14' ,
2021-08-25 18:02:37 +02:00
___ ( " LSsession : Fail to retrieve user's LDAP credentials from LSauth. " )
2014-11-18 13:16:38 +01:00
);
LSerror :: defineError ( 'LSsession_15' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Fail to reconnect to LDAP server with user's LDAP credentials. " )
2014-11-18 13:16:38 +01:00
);
2015-07-30 16:37:42 +02:00
LSerror :: defineError ( 'LSsession_16' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : No import/export format define for this object type. " )
2015-07-30 16:37:42 +02:00
);
2009-01-25 15:37:03 +01:00
LSerror :: defineError ( 'LSsession_17' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Error during creation of list of levels. Contact administrators. (Code : % { code}) " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_18' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : The password recovery is disabled for this LDAP server. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_19' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Some informations are missing to recover your password. Contact administrators. " )
2009-01-25 15:37:03 +01:00
);
LSerror :: defineError ( 'LSsession_20' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : Error during password recovery. Contact administrators.(Step : % { step}) " )
2009-01-25 15:37:03 +01:00
);
2015-08-12 14:16:25 +02:00
LSerror :: defineError ( 'LSsession_21' ,
2020-09-03 18:31:53 +02:00
___ ( " LSsession : The function '% { func}' configured for the view '% { view}' of the LSaddon '% { addon}' is not declared in the LSaddon file. " )
2009-01-25 15:37:03 +01:00
);
2021-06-10 17:56:34 +02:00
LSerror :: defineError ( 'LSsession_22' ,
___ ( " LSsession : Failed to load resource file '% { file}'. " )
);
2015-08-21 17:51:52 +02:00
LSerror :: defineError ( 'LSsession_23' ,
2020-09-03 18:31:53 +02:00
___ ( " LSsession : The function '% { func}' configured for the view '% { view}' of the LSaddon '% { addon}' doesn't exist. " )
2015-08-21 17:51:52 +02:00
);
2017-08-02 12:00:11 +02:00
LSerror :: defineError ( 'LSsession_24' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : invalid related object's DN pass in parameter. " )
2017-08-02 12:00:11 +02:00
);
2020-05-02 18:32:31 +02:00
LSerror :: defineError ( 'LSsession_25' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : the LSaddon % { addon} keep using old-style addon view URL. Please upgrade it. " )
2020-05-02 18:32:31 +02:00
);
2020-05-03 18:48:33 +02:00
LSerror :: defineError ( 'LSsession_26' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : You have been redirect from an old-style URL % { url}. Please upgrade this link. " )
2020-05-03 18:48:33 +02:00
);
2020-05-04 18:28:20 +02:00
LSerror :: defineError ( 'LSsession_27' ,
2020-08-25 17:31:50 +02:00
___ ( " LSsession : You always seem to use % { old} in your custom code: Please upgrade it and use % { new}.<pre> \n Context: \n % { context}</pre> " )
2020-05-04 18:28:20 +02:00
);
2009-01-25 15:37:03 +01:00
}
2009-02-20 15:05:22 +01:00
2009-10-30 01:03:17 +01:00
/**
2020-08-06 17:01:51 +02:00
* Ajax method when change ldapserver on login / recoveryPassword form
2020-04-29 15:54:21 +02:00
*
2022-12-31 21:15:19 +01:00
* @ param array & $data The return data address
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2009-10-30 01:03:17 +01:00
**/
2020-04-29 15:54:21 +02:00
public static function ajax_onLdapServerChangedLogin ( & $data ) {
2009-02-20 15:05:22 +01:00
if ( isset ( $_REQUEST [ 'server' ]) ) {
self :: setLdapServer ( $_REQUEST [ 'server' ]);
$data = array ();
if ( self :: LSldapConnect () ) {
2010-11-16 19:36:26 +01:00
if ( session_id () == " " ) session_start ();
2009-02-20 15:05:22 +01:00
if ( isset ( $_SESSION [ 'LSsession_topDn' ])) {
$sel = $_SESSION [ 'LSsession_topDn' ];
}
else {
$sel = NULL ;
}
2010-11-16 11:50:18 +01:00
$list = self :: getSubDnLdapServerOptions ( $sel , true );
2009-02-20 15:05:22 +01:00
if ( is_string ( $list )) {
$data [ 'list_topDn' ] = " <select name='LSsession_topDn' id='LSsession_topDn'> " . $list . " </select> " ;
$data [ 'subDnLabel' ] = self :: getSubDnLabel ();
}
}
$data [ 'recoverPassword' ] = isset ( self :: $ldapServer [ 'recoverPassword' ]);
}
}
2020-04-29 15:54:21 +02:00
2015-08-21 17:50:31 +02:00
/**
* Set globals from the ldap server
*
2022-12-31 05:52:31 +01:00
* @ return void
2015-08-21 17:50:31 +02:00
*/
public static function setGlobals () {
if ( isset ( self :: $ldapServer [ 'globals' ])) {
foreach ( self :: $ldapServer [ 'globals' ] as $key => $value ) {
$GLOBALS [ $key ] = $value ;
}
}
}
2015-08-21 17:51:52 +02:00
/**
* Register a LSaddon view
*
2022-12-31 21:15:19 +01:00
* @ param string $LSaddon The LSaddon
* @ param string $viewId The view ID
* @ param string $label The view ' s label
* @ param callable $viewFunction The view ' s function name
2023-01-02 01:17:46 +01:00
* @ param array < string >| null $allowedLSprofiles Array listing allowed profiles .
2015-08-21 17:51:52 +02:00
* If null , no access control will
* be done for this view .
2022-12-31 21:15:19 +01:00
* @ param boolean $showInMenu Show ( or not ) this view in menu
2015-08-24 12:24:33 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return bool True is the view have been registred , false otherwise
2015-08-21 17:51:52 +02:00
**/
2015-08-24 12:24:33 +02:00
public static function registerLSaddonView ( $LSaddon , $viewId , $label , $viewFunction , $allowedLSprofiles = null , $showInMenu = True ) {
2015-08-21 17:51:52 +02:00
if ( function_exists ( $viewFunction )) {
$func = new ReflectionFunction ( $viewFunction );
if ( basename ( $func -> getFileName ()) == " LSaddons. $LSaddon .php " ) {
self :: $LSaddonsViews [ $LSaddon ][ $viewId ] = array (
'LSaddon' => $LSaddon ,
'label' => $label ,
'function' => $viewFunction ,
2015-08-24 12:24:33 +02:00
'allowedLSprofiles' => $allowedLSprofiles ,
'showInMenu' => ( bool ) $showInMenu
2015-08-21 17:51:52 +02:00
);
return True ;
}
else {
2020-09-03 18:31:53 +02:00
LSerror :: addErrorCode (
'LSsession_21' ,
array (
'func' => $func -> getName (),
2022-12-31 02:01:17 +01:00
'addon' => $LSaddon ,
2020-09-03 18:31:53 +02:00
'view' => $viewId ,
)
);
2015-08-21 17:51:52 +02:00
}
}
else {
2020-09-03 18:31:53 +02:00
LSerror :: addErrorCode (
'LSsession_23' ,
array (
'func' => $viewFunction ,
2022-12-31 02:01:17 +01:00
'addon' => $LSaddon ,
2020-09-03 18:31:53 +02:00
'view' => $viewId ,
)
);
2015-08-21 17:51:52 +02:00
}
return False ;
}
/**
* Show LSaddon view
*
2022-12-31 21:15:19 +01:00
* @ param string $LSaddon The LSaddon
* @ param string $viewId The view ID
2015-08-21 17:51:52 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return void
2015-08-21 17:51:52 +02:00
**/
public static function showLSaddonView ( $LSaddon , $viewId ) {
if ( self :: canAccessLSaddonView ( $LSaddon , $viewId )) {
call_user_func ( self :: $LSaddonsViews [ $LSaddon ][ $viewId ][ 'function' ]);
}
}
2019-03-11 22:42:20 +01:00
2015-08-21 17:51:52 +02:00
}
