* @version 1.0 */ /** * Path */ define('EVOADMIN_BASE','./'); /** * PHP cookies session */ session_name('EVOADMIN_SESS'); session_start(); if (isset($_SESSION['login'])) { // $login var need for debut.php $login = $_SESSION['login']; /** * Requires */ require_once EVOADMIN_BASE . 'common.php'; include EVOADMIN_BASE . 'haut.php'; include EVOADMIN_BASE . 'inc/add.js'; include EVOADMIN_BASE . 'debut.php'; $rdn = $_SESSION['rdn']; $group_dn = "ou=group,".LDAP_BASE; /** * Account modification */ if (isset($_GET['view'])) { $uid = Html::clean($_GET['view']); $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter="(uid=$uid)"; $sr=ldap_search($ldapconn, $rdn, $filter); $info = ldap_get_entries($ldapconn, $sr); $cn = $info[0]["cn"][0]; $sn = $info[0]["sn"][0]; $gid = $info[0]["gidnumber"][0]; // optional $mail = array_key_exists("mail",$info[0]) ? $info[0]["mail"][0] : ''; // Cas d'un compte Samba if (($conf['admin']['what'] == 2) || ($conf['admin']['what'] == 3)) { $displayname = $info[0]["displayname"][0]; $sambagroup = array_search($gid,getsambagroups('unix')); if (!$sambagroup) { $sambagroup = "!!undefined!!"; } } /** * Set account modification */ if ( (isset($_GET['modif'])) && ($_GET['modif'] == 'yes')) { print "
Modification en cours...
"; // TODO : contraintes sur cn, sn, etc. if ( $cn != Html::clean($_POST['cn']) ) { $new["cn"] = Html::justclean(Html::purgeaccents(utf8_decode($_POST['cn']))); if ($conf['evoadmin']['version'] == 1) { $new["sn"] = $new["cn"]; } } if ( ($conf['evoadmin']['version'] > 1) && (!$conf['domaines']['ldap']['virtual']) && ( $sn != Html::clean($_POST['sn']) ) ) { $new["sn"] = Html::justclean(Html::purgeaccents(utf8_decode($_POST['sn']))); } if ( (!$conf['domaines']['ldap']['virtual']) && ( $mail != Html::clean($_POST['mail']) )) { $new["mail"] = Html::clean($_POST['mail']); } if ( $_POST['pass1'] != '' ) { if ( $_POST['pass1'] != $_POST['pass2'] ) { print "Erreur, vous avez tapé deux mots de passe différents
"; EvoLog::log("Reinit password failed for $uid by $login"); exit(1); } if ( Auth::badpassword($_POST['pass1']) ) { print "Erreur, mot de passe invalide (trop court ou avec des caracteres incorrects)
"; EvoLog::log("Set password failed for $uid by $login"); exit(1); } $new["userPassword"] = "{SSHA}".Ldap::ssha($_POST['pass1']); // Cas d'un compte Samba if (($conf['admin']['what'] == 2) || ($conf['admin']['what'] == 3)) { $new["sambaPwdLastSet"] = strtotime("now"); $new["sambaLMPassword"] = Ldap::sambalm($_POST['pass1']); $new["sambaNTPassword"] = Ldap::sambant($_POST['pass1']); $new["shadowLastChange"] = floor(strtotime("now")/(3600*24)); } } if (($conf['admin']['what'] == 2) || ($conf['admin']['what'] == 3)) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $filter = "(memberUid=$uid)"; $attr = array("cn"); $sr=ldap_search($ldapconn, $group_dn, $filter, $attr); $result = ldap_get_entries($ldapconn, $sr); $arraycn = array(); for ($i=0; $i < $result["count"] ; $i++) { $arraycn[] = $result[$i]["cn"][0]; } if((isset($_POST['smbgroupsecondaire']) && !empty($_POST['smbgroupsecondaire'])) || (isset($_POST['smbgroupsecondaire']) == NULL)){ if ($_POST['smbgroupsecondaire'] == NULL ){ $arrayGroupes = []; if ($arrayGroupes != $arraycn) { $new2["cntosuppr"] = array_diff($arraycn, $arrayGroupes); } } else { $arrayGroupes = $_POST['smbgroupsecondaire']; foreach($arrayGroupes as $nameGroupe){ $arrayCnNew[] = $nameGroupe; } if ($arrayCnNew != $arraycn) { $new2["cntoadd"] = array_diff($arrayCnNew, $arraycn); $new2["cntosuppr"] = array_diff($arraycn, $arrayCnNew); } } } } $postisactive = (isset($_POST['isactive']) ? 'TRUE' : 'FALSE'); if ( $info[0]["isactive"][0] != $postisactive ) { $new["isActive"] = $postisactive; } $postisadmin = (isset($_POST['isadmin']) ? 'TRUE' : 'FALSE'); if ( $info[0]["isadmin"][0] != $postisadmin ) { $new["isAdmin"] = $postisadmin; } if ($_POST['loginshell'] != $info[0]['loginshell'][0]) { $new["loginShell"] = Html::clean($_POST['loginshell']); } // only for mail mode if (($conf['admin']['what'] == 1) || ($conf['admin']['what'] == 3)) { $postaccountactive = (isset($_POST['accountactive']) ? 'TRUE' : 'FALSE'); if ( $info[0]["accountactive"][0] != $postaccountactive ) { $new["accountActive"] = $postaccountactive; } $postauthsmtpactive = (isset($_POST['authsmtpactive']) ? 'TRUE' : 'FALSE'); if ( $info[0]["authsmtpactive"][0] != $postauthsmtpactive ) { $new["authsmtpActive"] = $postauthsmtpactive; } $postwebmailactive = (isset($_POST['webmailactive']) ? 'TRUE' : 'FALSE'); if ( $info[0]["webmailactive"][0] != $postwebmailactive ) { $new["webmailActive"] = $postwebmailactive; } $postcourieractive = (isset($_POST['courieractive']) ? 'TRUE' : 'FALSE'); if ( $info[0]["courieractive"][0] != $postcourieractive ) { $new["courierActive"] = $postcourieractive; } // on obtient une table avec les nouveaux champs mailacceptinggeneralid // TODO : if driver == ldap, verifier le domaine !! $count = array_shift($info[0]["mailacceptinggeneralid"]); // Compatibilite anciens schemas LDAP et mode "virtuel" if (($conf['evoadmin']['version'] == 1) || ($conf['domaines']['ldap']['virtual'])) { // add @domain for each element array_walk($_POST['mailaccept'],'adddomain'); } $newmailaccept = array_pop($_POST['mailaccept']); if ( ($newmailaccept != NULL) | array_diff($info[0]["mailacceptinggeneralid"],$_POST['mailaccept']) ) { $new["mailacceptinggeneralid"] = $_POST['mailaccept']; $new["mailacceptinggeneralid"][$count]= $newmailaccept; // on vire les valeurs nulles en triant puis supprimant les premieres valeurs sort($new["mailacceptinggeneralid"]); while ( $new["mailacceptinggeneralid"][0] == NULL ) { array_shift($new["mailacceptinggeneralid"]); // on evite une boucle infinie if ( count($new["mailacceptinggeneralid"]) == 0 ) { print "Erreur, vous devez avoir au moins un mail entrant\n"; exit(1); } } } // idem avec maildrop $count = array_shift($info[0]["maildrop"]); $newmaildrop = array_pop($_POST['maildrop']); if ( ($newmaildrop != NULL) | array_diff($info[0]["maildrop"],$_POST['maildrop']) ) { $new["maildrop"] = $_POST['maildrop']; $new["maildrop"][$count]= $newmaildrop; // on vire les valeurs nulles sort($new["maildrop"]); while ( $new["maildrop"][0] == NULL ) { array_shift($new["maildrop"]); // on evite une boucle infinie if ( count($new["maildrop"]) == 0 ) { print "Erreur, vous devez avoir au moins une redirection.\n"; exit(1); } } } } // only for samba mode if (($conf['admin']['what'] == 2) || ($conf['admin']['what'] == 3)) { $postsmbactive = (isset($_POST['smbactive']) ? 'TRUE' : 'FALSE'); if ( $info[0]["smbactive"][0] != $postsmbactive ) { $new["smbActive"] = $postsmbactive; } if ( $displayname != Html::clean($_POST['displayname']) ) { $new["displayname"] = Html::clean($_POST['displayname']); } } // if $new not null, set modification if ((isset($new)) || (isset($new2))) { if ((isset($new))) { $sr=ldap_modify($ldapconn,"uid=" .$uid. ",".$rdn,$new); } if(count($new2["cntoadd"]) > 0) { foreach($new2["cntoadd"] as $nameGroupe){ $entry_groupe["memberUid"] = $uid; $addGroupe = ldap_mod_add($ldapconn, "cn=".$nameGroupe.",".$group_dn, $entry_groupe); } } if(count($new2["cntosuppr"]) > 0) { foreach($new2["cntosuppr"] as $nameGroupe){ $remove_groupe["memberUid"] = $uid; $rmGroupe = ldap_mod_del($ldapconn, "cn=".$nameGroupe.",".$group_dn, $remove_groupe); } } // Si LDAP est content, c'est bon :) if (!$sr && !$addGroupe && !$rmGroupe) { print "Erreur, envoyez le message d'erreur suivant à votre administrateur :
"; Evolog::log("Modify error of $uid by $login"); } else { print "Modifications effectuées.
"; print "Voir le compte modifié"; } } else { print "Aucune modification nécessaire.
"; } print "Erreur, compte inexistant
"; EvoLog::log("login $uid unknown"); exit(1); } print "Modifiez les champs que vous désirez changer.
[*] indique ceux qui ne doivent pas être nuls.
Vous pouvez réinitialiser le mot de passe si besoin.
Suppression $uid en cours...
"; // Verify if person exists... // TODO : /!\ il faudrait verifier le DN plutot que le uid if (!Ldap::is_uid($uid)) { print "Erreur, compte inexistant
"; EvoLog::log("Delete $uid failed (user doesn't exist)."); // *Try* to verify if user is always in aliases... } elseif (Ldap::is_what($uid,'maildrop')>1) { print "Erreur, compte encore présent dans certains alias
"; EvoLog::log("Delete $uid failed (user always in aliases)."); // LDAP deletion } elseif (Ldap::lda_del($ldapconn,"uid=" .$uid. "," .$rdn)) { if (!$conf['domaines']['ldap']['virtual']) { if($result["count"] > 0) { for ($i=0; $i < $result["count"] ; $i++) { $arraycn[] = $result[$i]["cn"][0]; } foreach($arraycn as $nameGroupe){ $remove_groupe["memberUid"] = $uid; $rmGroupe = ldap_mod_del($ldapconn, "cn=".$nameGroupe.",".$group_dn, $remove_groupe); } } // script suppression systeme unix_del($uid); } // TODO : suppression params HORDE // $query = 'delete from horde_prefs where pref_uid="' .$uid. '"'; print "Suppression $uid effectuée.
"; EvoLog::log("Del user ".$uid); } else { print "$uid
";
print "Tous ses messages et paramètres seront définitivement perdus.
Erreur, mot de passe invalide (trop court ou avec des caracteres incorrects)
"; EvoLog::log("Set password failed for $postuid by $login"); exit(1); } $cn = Html::justclean(Html::purgeaccents(utf8_decode($_POST['cn']))); if (badname($postuid)) { print "Erreur, mail deja present !
"; EvoLog::log("$mail already exists by $login"); exit(1); } // ...sinon on le change legerement ! $tmp = 1; $uid = $postuid; while (Ldap::is_uid($uid)) { $tmp++; $uid = $postuid.$tmp; } } else { $uid = $mail; if (Ldap::is_uid($uid)) { print "Erreur, mail deja present !
"; EvoLog::log("$uid already exists by $login"); exit(1); } } // Cas d'un compte Samba if (($conf['admin']['what'] == 2) || ($conf['admin']['what'] == 3)) { $ldapconn = Ldap::lda_connect(LDAP_ADMIN_DN,LDAP_ADMIN_PASS); $smbgroup = Html::clean($_POST['smbgroup']); $tmp = getsambagroups('unix'); $gid = $tmp[$smbgroup]; if(isset($_POST['smbgroupsecondaire']) && !empty($_POST['smbgroupsecondaire'])){ $arrayGroupes = $_POST['smbgroupsecondaire']; foreach($arrayGroupes as $nameGroupe){ $entry_groupe["memberUid"] = $uid; ldap_mod_add($ldapconn, "cn=".$nameGroupe.",".$group_dn, $entry_groupe); } } } else { $gid = getgid($_SESSION['domain']); } if ( $gid < 1 ) { print "Erreur, groupe non detecte..."; exit(1); } print "Ajout effectué.
"; print "Voir le compte créé"; EvoLog::log("Add user ".$uid); // notification par mail mailnotify($info,$_SESSION['domain'],$_POST['pass1']); if ($conf['samba']['admin_default'] == true) { // ajout dans le groupe smbadmins par defaut #7015 $entry_group_smbadmins["memberUid"] = $uid; ldap_mod_add($ldapconn, "cn=smbadmins,".$group_dn, $entry_group_smbadmins); } } else { print "Erreur, envoyez le message d'erreur suivant à votre administrateur :
"; var_dump($info); EvoLog::log("Add $uid failed"); } print "