aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/backend
diff options
context:
space:
mode:
authorM.Gergo2019-03-08 21:20:34 +0100
committerM.Gergo2019-03-08 21:20:34 +0100
commitf51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0 (patch)
treee13e60e4b94a3b58f1e2bfbe271102c8f04b67bd /mayor-orig/www/include/backend
parentc76a004b0135786f2742283f8d5f917106f58bd8 (diff)
downloadmayor-f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0.tar.gz
mayor-f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0.zip
további rendrakás
Diffstat (limited to 'mayor-orig/www/include/backend')
-rw-r--r--mayor-orig/www/include/backend/ads/auth/login.php358
-rw-r--r--mayor-orig/www/include/backend/ads/base/attrs.php160
-rw-r--r--mayor-orig/www/include/backend/ads/password/changePassword.php165
-rw-r--r--mayor-orig/www/include/backend/ads/session/accountInfo.php416
-rw-r--r--mayor-orig/www/include/backend/ads/session/base.php188
-rw-r--r--mayor-orig/www/include/backend/ads/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ads/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ads/session/search/searchAccount.php277
-rw-r--r--mayor-orig/www/include/backend/file/auth/login.php121
-rw-r--r--mayor-orig/www/include/backend/file/session/base.php6
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/auth/login.php163
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/base/attrs.php146
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/password/changePassword.php161
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php401
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/base.php184
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php271
-rw-r--r--mayor-orig/www/include/backend/ldap/auth/login.php144
-rw-r--r--mayor-orig/www/include/backend/ldap/base/attrs.php120
-rw-r--r--mayor-orig/www/include/backend/ldap/base/attrs.php.orig175
-rw-r--r--mayor-orig/www/include/backend/ldap/base/str.php53
-rw-r--r--mayor-orig/www/include/backend/ldap/password/changePassword.php102
-rw-r--r--mayor-orig/www/include/backend/ldap/session/accountInfo.php401
-rw-r--r--mayor-orig/www/include/backend/ldap/session/base.php255
-rw-r--r--mayor-orig/www/include/backend/ldap/session/createAccount.php204
-rw-r--r--mayor-orig/www/include/backend/ldap/session/createGroup.php103
-rw-r--r--mayor-orig/www/include/backend/ldap/session/search/searchAccount.php311
-rw-r--r--mayor-orig/www/include/backend/ldapng/auth/login.php163
-rw-r--r--mayor-orig/www/include/backend/ldapng/base/attrs.php137
-rw-r--r--mayor-orig/www/include/backend/ldapng/password/changePassword.php160
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/accountInfo.php399
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/base.php190
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php271
-rw-r--r--mayor-orig/www/include/backend/mysql/auth/login.php144
-rw-r--r--mayor-orig/www/include/backend/mysql/base/attrs.php48
-rw-r--r--mayor-orig/www/include/backend/mysql/password/changePassword.php75
-rw-r--r--mayor-orig/www/include/backend/mysql/session/accountInfo.php258
-rw-r--r--mayor-orig/www/include/backend/mysql/session/base.php52
-rw-r--r--mayor-orig/www/include/backend/mysql/session/createAccount.php106
-rw-r--r--mayor-orig/www/include/backend/mysql/session/createGroup.php37
-rw-r--r--mayor-orig/www/include/backend/mysql/session/search/searchAccount.php169
44 files changed, 0 insertions, 7811 deletions
diff --git a/mayor-orig/www/include/backend/ads/auth/login.php b/mayor-orig/www/include/backend/ads/auth/login.php
deleted file mode 100644
index 59cbf3e5..00000000
--- a/mayor-orig/www/include/backend/ads/auth/login.php
+++ /dev/null
@@ -1,358 +0,0 @@
-<?php
-/*
- Auth-ADS
-
- A név-jelszó pár ellenőrzése Active Directory adatbázis alapján
-*/
-
-/* --------------------------------------------------------------
-
- Felhasználók azonosítása az AD-ban tárolt person (konfigurálható)
- osztályok alapján történik.
-
- A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
- konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
-
- Sikeres hitelesítés esetén
- az egyéb account információkat (minimálisan a 'cn', azaz 'common name'
- attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
-
- Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
- elutasítás okát.
-
--------------------------------------------------------------- */
-
-######################################################################
-# Az LDAP protocol version 3 kötelező,
-# referals=0 nélkül használhatatlanul lassú
-######################################################################
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
-
- /**
- * A userAccountControl pár fontos flag-e:
- *
- * Forrás: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832%28v=vs.85%29.aspx
- *
- * 512 Enabled Account
- * 514 Disabled Account
- * 544 Enabled, Password Not Required
- * 546 Disabled, Password Not Required
- * 66048 Enabled, Password Doesn't Expire
- * 66050 Disabled, Password Doesn't Expire
- * 66080 Enabled, Password Doesn't Expire & Not Required
- * 66082 Disabled, Password Doesn't Expire & Not Required
- * 590336 Enabled, User Cannot Change Password, Password Never Expires
- *
- * Ha pwdLastSet=0 és UF_DONT_EXPIRE_PASSWD=0, akkor következő bejelentkezéskor jelszót _kell_ változtatni.
- **/
- define('ADS_UF_ACCOUNTDISABLE',0x00000002); // The user account is disabled.
- define('ADS_UF_PASSWD_NOTREQD',0x00000020); // No password is required.
- define('ADS_UF_PASSWD_CANT_CHANGE',0x00000040); // The user cannot change the password.
- define('ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED',0x00000080); // The user can send an encrypted password.
- define('ADS_UF_NORMAL_ACCOUNT',0x00000200); // This is a default account type that represents a typical user.
- define('ADS_UF_DONT_EXPIRE_PASSWD',0x00010000); // The password for this account will never expire.
- define('ADS_UF_PASSWORD_EXPIRED',0x00800000); // The user password has expired.
-
- /**
- * Ha az accountExpires = 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807), akkor az account sose jár le. (nem a jelszó! az account.)
- **/
- define('ADS_ACCOUNTEXPIRES_NEVER','9223372036854775807');
-
- /**
- * Forrás: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724284%28v=VS.85%29.aspx
- * - unixDays - Az eltelt napok száma 1970-01-01-től
- * - unixTimestamp - Az eltelt másodpercek száma 1970-01-01 00:00:00-től
- * - msFileTime - A 1601-01-01 00:00:00-tól elteltt 100 nanosecundum-os intervallumok száma (1/10000000 sec)
- **/
- function msFileTime2unixDays($pwdLastSet) {
- return floor((($pwdLastSet / 10000000) - 11644406783) / 86400);
- }
- function msFileTime2unixTimestamp($pwdLastSet) {
- return bcsub(bcdiv($pwdLastSet, '10000000'), '11644473600');
- }
-
- function getAccountStatus($userAccount, $toPolicy, $userinfo, $ds) {
-
- /**
- * Meghatározza a felhasználói jelszó lejárati dátumát és az account egyéb fontos jellemzőit
- *
- * @params: $userAccount - a lekérdezendő account
- * @params: $userinfo - A user adatait tartalmazó korábbi LDAP lekérdezés eredménye (useraccountcontrol, pwdlastchange)
- * @params: $ds - LDAP csatlakozás azonosító
- * @requires: bcmath http://www.php.net/manual/en/book.bc.php
- * MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx - a pwdLastSet 64 bites integer
- * @return: array
- * @param book $isGUID Is the username passed a GUID or a samAccountName
- **/
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = _POLICY;
- if (!function_exists('bcmod')) {
- $_SESSION['alert'][] = 'message:system_error:Nem támogatott függvényhívás [bcmod]! http://www.php.net/manual/en/book.bc.php';
- return false;
- };
-
- if (!$ds) {
- $closeLDAP = true;
- // Csatlakozzunk az LDAP kiszolgálóhoz!
- // Kapcsolódás a szerverhez
- $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
- }
-
- if (!is_array($userinfo)) {
- // Kérdezzük le az account adatait!
- $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))";
- $justthese = array("sn","cn",$AUTH[$toPolicy]['adsStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax","pwdlastset","accountexpires","useraccountcontrol");
- $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- if ($closeLDAP) ldap_close($ds);
- return false;
- }
- $userinfo = ldap_get_entries($ds,$sr);
- if ( $userinfo['count'] === 0 || is_null($userinfo)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- if ($closeLDAP) ldap_close($ds);
- return false;
- }
- if ( $userinfo['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid";
- if ($closeLDAP) ldap_close($ds);
- return false;
- }
- }
- $pwdlastset = $userinfo[0]['pwdlastset'][0];
- $userAccountControl = $userinfo[0]['useraccountcontrol'][0];
-
- $status = array();
-
- $status['pwdLastSet'] = $pwdlastset;
- $status['pwdLastSetDt'] = date('Y-m-d H:i:s',msFileTime2unixTimestamp($pwdlastset));
- $status['accountExpires'] = $userinfo[0]['accountexpires'][0];
- $status['accountNeverExpires'] = (ADS_ACCOUNTEXPIRES_NEVER==$userinfo[0]['accountexpires'][0]) || ($userinfo[0]['accountexpires'][0] == 0);
- if (!$status['accountNeverExpires']) {
- $status['accountExpiresDt'] = date('Y-m-d H:i:s',msFileTime2unixTimestamp($userinfo[0]['accountexpires'][0]));
- $status['accountExpiresTimestamp'] = msFileTime2unixTimestamp($userinfo[0]['accountexpires'][0]);
- }
- $status['accountDisabled'] = (bool)($userAccountControl & ADS_UF_ACCOUNTDISABLE);
- $status['noPasswordRequired'] = (bool)($userAccountControl & ADS_UF_PASSWD_NOTREQD);
- $status['cannotChangePassword'] = (bool)($userAccountControl & ADS_UF_PASSWD_CANT_CHANGE);
- $status['normalAccount'] = (bool)($userAccountControl & ADS_UF_NORMAL_ACCOUNT);
- $status['passwordNeverExpire'] = (bool)($userAccountControl & ADS_UF_DONT_EXPIRE_PASSWD);
- $status['passwordExpired'] = (bool)($userAccountControl & ADS_UF_PASSWORD_EXPIRED); // Ez mintha nem működne...
- $status['mustChangePassword'] = ($pwdlastset === '0' && $status['passwordNeverExpire']);
-
- // A jelszó lejárati dátum az AD-ben két értékből számítható ki:
- // - A felhasználó saját pwdLastSet atribútuma: ez tárolja a jelszó utolsó módosításának időpontját
- // - A tartomány maxPwdAge atribútuma: milyen hosszú ideig lehet érvényes a jelszó a tartományban
- //
- // A Microsoft persze saját kiindulási időpontot és lépési egységet használ az idő tárolására.
- // Ez a függvény konvertálja ezt az értéket Unix időbélyeggé
-
- // Kérdezzük le a tartomány maxPwdAge attribútumát!
- $sr = ldap_read($ds, $AUTH[$toPolicy]['adsBaseDn'], 'objectclass=domain', array('maxPwdAge'));
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:getAccountStatus (ads backend)";
- if ($closeLDAP) ldap_close($ds);
- return false;
- }
- $info = ldap_get_entries($ds, $sr);
- $maxpwdage = $info[0]['maxpwdage'][0];
-
- // Lásd MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
- //
- // pwdLastSet tartalmazza az 1601 (UTC) január 1 óta eltelt 100 nanoszekundumos időintervallumok számát
- // 64 bit-es integer típusú értékként
- //
- // Ettől az időponttól a Unix időszámítás kezdetéig eltelt másodpercek száma 11644473600.
- //
- // maxPwdAge szintén large integer, ami a jelszóváltoztatás és a jelszó lejárat közötti 100 nanoszekundumos időintervallumok számát tárolja
-
- $status['maxPwdAgeInDays'] = bcdiv(bcsub(0,$maxpwdage),'36000000000')/24;
-
- // Ezt az étéket át kell váltanunk másodpercekre, de ez egy negatív mennyiség!
- //
- // Ha a maxPwdAge alsó 32 bites része 0, akkor a jelszavak nem járnak le
- //
- // Sajnos ezek a számok túl nagyok a PHP integer típusához, ezért kell a BCMath függvényeit használnunk
-
- $status['passwordsDoNotExpireInDomain'] = (bcmod($maxpwdage, 4294967296) === '0');
-
- // Adjuk össze a pwdlastset és maxpwdage értékeket (pontosabban az utóbbi negatív értéket
- // vonjuk ki az előbbiből), így megkapjuk a jelszó lejáratának időpontját a Microsoft féle
- // egységekben.
- $pwdexpire = bcsub($pwdlastset, $maxpwdage);
-
- // Konvertáljuk az MS féle időt unix időre
- $status['expiryTimestamp'] = bcsub(bcdiv($pwdexpire, '10000000'), '11644473600');
- $status['expiryDate'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdexpire, '10000000'), '11644473600'));
-
- if ($closeLDAP) ldap_close($ds);
-
- $status['userAccount'] = $userAccount;
- $status['usetAccountControl'] = $userAccountControl;
- $status['shadowLastChange'] = $userinfo[0]['shadowlastchange'][0];
- $status['shadowWarning'] = $userinfo[0]['shadowwarning'][0];
- $status['shadowInactive'] = $userinfo[0]['shadowinactive'][0];
- return array_merge($status);
-
-
- }
-
- function adsUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
-
- global $AUTH;
-
- if ($toPolicy == '') {
- if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
-// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
- else $toPolicy = _POLICY;
- }
-
- // Kapcsolódás a szerverhez
- $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return _AUTH_FAILURE;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return _AUTH_FAILURE;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))";
- $justthese = array("sn","cn",$AUTH[$toPolicy]['adsStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax","pwdlastset","accountexpires","useraccountcontrol");
- $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return _AUTH_FAILURE;
- }
- $info = ldap_get_entries($ds,$sr);
- if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- ldap_close($ds);
- return _AUTH_FAILURE_1;
- }
-
- if ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid";
- ldap_close($ds);
- return _AUTH_FAILURE_2;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
-
- $status = getAccountStatus($userAccount, $toPolicy, $info, $ds);
- // Lejárt-e
- // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
- // Esetünkben
- if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk
- $info[0]['shadowlastchange'][0] = msFileTime2unixDays($info[0]['pwdlastset'][0]);
- }
-
- // A globális beállítással kikényszeríthető a nagyobb warning időszak
- $shadowWarning = ($status['shadowWarning']<$AUTH[$toPolicy]['shadowWarning']) ? $AUTH[$toPolicy]['shadowWarning'] : $status['shadowWarning'];
-
-
- $disabled = ( // Ha az jelszavak lejárhatnak a domain-ben és a user jellszava is lejárhat és le is járt...
- !$status['passwordNeverExpire']
- && !$status['passwordsDoNotExpireInDomain']
- && $status['expiryTimestamp'] < time()
- ) || ( // vagy az account lejárhat és le is járt
- !$status['accountNeverExpires']
- && $status['accountExpiresTimestamp']<time()
- ); // Akkor már nem lehet belépni/jelszót változtatni...
- $expired = ( // Ha a jelszavak lejárhatnak és a user jelszava is lejárhat, és shadowwarning-on belül le fog járni a jelszó
- !$status['passwordNeverExpire']
- && !$status['passwordsDoNotExpireInDomain']
- && $status['expiryTimestamp'] - ($shadowWarning*24*60*60) < time()
- ) || ( // Ha az account lejárhat és shadow warning-on belül le is fog járni az account
- !$status['accountNeverExpires']
- && $status['accountExpiresTimestamp'] - ($shadowWarning*24*60*60) < time()
- ); // ...
-
- /**
- * Más backend-ben csak $AUTH[$toPolicy]['onDisabled'] == 'refuse' esetén utasítanánk el, de itt nincs más lehetőség...
- **/
- if ($disabled) {
- $_SESSION['alert'][] = 'message:account_disabled';
- ldap_close($ds);
- return _AUTH_FAILURE_4;
- }
-
- $accountInformation['cn'] = $info[0]['cn'][0];
- $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['adsStudyIdAttr'] ][0];
- $accountInformation['dn'] = $info[0]['dn'];
- $accountInformation['account'] = $userAccount;
- // Jelszó ellenőrzés - lehet-e csatlakozni
- if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
- $_SESSION['alert'][] = 'message:bad_pw';
- return _AUTH_FAILURE_3;
- }
-
- ldap_close($ds);
- if (!$expired || $AUTH[$toPolicy]['onExpired'] == 'none') {
- return _AUTH_SUCCESS;
- } else {
- $pwLejar = floor(($status['expiryTimestamp'] - time()) / 86400);
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- $_SESSION['alert'][] = 'info:warn_account_disable:'.$pwLejar; // más backend esetén csak onDisable=refuse esetén szoktuk...
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- } else {
- return _AUTH_FAILURE;
- }
- }
-
-/*
- // Lejárt-e az azonosító
- if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
- // Lejárt-e
- $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
- if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- return _AUTH_SUCCESS;
- } elseif ($pwLejar <= 0) {
- $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
- if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- } else {
- return _AUTH_FAILURE;
- }
- }
- } // onExpired
- // Ha idáig eljut, akkor minden rendben.
- return _AUTH_SUCCESS;
-*/
- } // count == 1
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/base/attrs.php b/mayor-orig/www/include/backend/ads/base/attrs.php
deleted file mode 100644
index e01aa00c..00000000
--- a/mayor-orig/www/include/backend/ads/base/attrs.php
+++ /dev/null
@@ -1,160 +0,0 @@
-<?php
-/*
- Module: useradmin
-*/
-
- if (file_exists('lang/'._LANG.'/backend/ads/attrs.php')) {
- require('lang/'._LANG.'/backend/ads/attrs.php');
- } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ads/attrs.php')) {
- require('lang/'._DEFAULT_LANG.'/backend/ads/attrs.php');
- }
-
-######################################################
-# Alapértelmezett jogosultságok
-#
-# w - Írható/olvasható
-# r - olvasható
-# - - egyik sem
-#
-# Három karakter: admin, self, other jogai
-######################################################
-
- define('_DEFAULT_ADS_RIGHTS','wr-');
-
-######################################################
-# Az LDAP account attribútumok
-######################################################
-
- global $adsAccountAttrs;
- $adsAccountAttrs = array(
- 'cn',
- 'sn',
- 'serialnumber',
- 'givenname',
- 'displayname',
- 'name',
- 'padpwdcount',
- 'badpasswordtime',
- 'lastlogon',
- 'pwdlastset', // ~ shadowLastChane
- 'accountexpires', // != shadowExpired - henme mi? 1601.01.01-től (60*60*24*1000*1000*10)*napok száma
- 'samaccountname',
- 'userprincipalname',
- 'useraccountcontrol',
- 'objectcategory',
- 'uid',
- 'mssfu30name',
- 'uidnumber',
- 'gidnumber',
- 'unixhomedirectory',
- 'loginshell',
-
- 'shadowlastchange',
- 'shadowexpire',
- 'shadowwarning',
- 'shadowmin',
- 'shadowmax',
- 'shadowinactive',
-
-/*
- 'gecos',
- 'mail',
- 'telephonenumber',
- 'mobile',
- 'l',
- 'street',
- 'postaladdress',
- 'postalcode',
- 'homedirectory',
-*/
- );
-
- global $adsGroupAttrs;
- $adsGroupAttrs = array(
- 'cn',
- 'description',
- 'member',
- 'name',
- 'samaccountname',
- 'objectcategory',
- 'gidnumber', // ennek kellene lennie - mitől lesz?
-/* 'memberuid' */
- );
-
- global $accountAttrToADS; // Kis és nagybetű számít!!!
- $accountAttrToADS = array(
- 'userAccount' => 'sAMAccountName',
- 'userCn' => 'displayName',
- 'mail' => 'mail',
- 'studyId' => 'serialNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns
- 'shadowLastChange' => 'shadowLastChange',
- 'shadowWarning' => 'shadowWarning',
- 'shadowMin' => 'shadowMin',
- 'shadowMax' => 'shadowMax',
- 'shadowExpire' => 'shadowExpire',
- 'shadowInactive' => 'shadowInactive',
- );
-
- global $groupAttrToADS;
- $groupAttrToADS = array(
- 'groupCn' => 'cn',
- 'groupDesc' => 'description',
- 'member' => 'member',
- );
-
- global $adsAccountAttrDef;
- $adsAccountAttrDef = array(
- 'dn' => array('desc' => _ADSDN, 'type' => 'text', 'rights' => 'rrr'),
- 'cn' => array('desc' => _ADSCN, 'type' => 'text', 'rights' => 'rrr'),
- 'sn' => array('desc' => _ADSSN, 'type' => 'text', 'rights' => 'wrr'),
- 'givenname' => array('desc' => _ADSGIVENNAME, 'type' => 'text'),
- 'serialnumber' => array('desc' => _ADSSERIALNUMBER, 'type' => 'int', 'rights' => 'wrr'),
- 'displayname' => array('desc' => _ADSCN, 'type' => 'text', 'rights' => 'wrr'),
- 'name' => array('desc' => _ADSNAME, 'type' => 'text', 'rights' => 'r--'),
- 'padpwdcount' => array('desc' => _ADSBADPWDCOUNT, 'type' => 'int', 'rights' => 'wrr'),
- 'badpasswordtime' => array('desc' => _ADSBADPASSWORDTIME, 'type' => 'int', 'rights' => 'r--'),
- 'lastlogon' => array('desc' => _ADSLASTLOGON, 'type' => 'int', 'rights' => 'r--'),
- 'pwdlastset' => array('desc' => _ADSPWDLASTSET, 'type' => 'int', 'rights' => 'r--'),
- 'accountexpires' => array('desc' => _ADSACCOUNTEXPIRES, 'type' => 'int', 'rights' => 'wrr'),
- 'samaccountname' => array('desc' => _ADSSAMACCOUNTNAME, 'type' => 'text', 'rights' => 'wrr'),
- 'useraccountcontrol' => array('desc' => _USERACCOUNTCONTROL, 'type' => 'text', 'rights' => 'wrr'),
- 'userprincipalname' => array('desc' => _ADSUSERPRINCIPALNAME, 'type' => 'text', 'rights' => 'wrr'),
- 'objectcategory' => array('desc' => _ADSOBJECTCATEGORY, 'type' => 'text', 'rights' => 'r--'),
- 'uid' => array('desc' => _ADSUID, 'type' => 'text', 'rights' => 'rrr'),
- 'uidnumber' => array('desc' => _ADSUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'gidnumber' => array('desc' => _ADSGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'mssfu30name' => array('desc' => _ADSUID, 'type' => 'text', 'rights' => 'r--'),
- 'unixhomedirectory' => array('desc' => _ADSUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'),
- 'loginshell' => array('desc' => _ADSLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowlastchange' => array('desc' => _ADSSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowexpire' => array('desc' => _ADSSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowwarning' => array('desc' => _ADSSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowmin' => array('desc' => _ADSSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowmax' => array('desc' => _ADSSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowinactive' => array('desc' => _ADSSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
-/*
- 'gecos' => array('desc' => _ADSGECOS, 'type' => 'text', 'rights' => 'w--'),
- 'mail' => array('desc' => _ADSMAIL, 'type' => 'text', 'rights' => 'wwr'),
- 'telephonenumber' => array('desc' => _ADSTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
- 'mobile' => array('desc' => _ADSMOBILE, 'type' => 'text', 'rights' => 'ww-'),
- 'l' => array('desc' => _ADSL, 'type' => 'text'),
- 'street' => array('desc' => _ADSSTREET, 'type' => 'text'),
- 'postaladdress' => array('desc' => _ADSPOSTALADDRESS, 'type' => 'text'),
- 'postalcode' => array('desc' => _ADSPOSTALCODE, 'type' => 'text'),
-*/
- );
-
- global $adsGroupAttrDef;
- $adsGroupAttrDef = array(
- 'cn' => array('desc' => _ADSCN, 'type' => 'text','rights' => 'rrr'),
- 'name' => array('desc' => _ADSNAME, 'type' => 'text','rights' => 'rrr'),
- 'samaccountname' => array('desc' => _ADSSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'),
- 'description' => array('desc' => _ADSDESCRIPTION, 'type' => 'text'),
- 'gidnumber' => array('desc' => _ADSGIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'member' => array('desc' => _ADSMEMBER, 'type' => 'select'),
- 'objectcategory' => array('desc' => _ADSOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'),
-
- 'memberuid' => array('desc' => _ADSMEMBERUID, 'type' => 'select'),
- );
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/password/changePassword.php b/mayor-orig/www/include/backend/ads/password/changePassword.php
deleted file mode 100644
index 6d686b34..00000000
--- a/mayor-orig/www/include/backend/ads/password/changePassword.php
+++ /dev/null
@@ -1,165 +0,0 @@
-<?php
-/*
-
- Module: base/password
-
- Active Directory-ban csak ldaps-sel lehet megváltoztatni a jelszót!
- Az AD a shadow attribútumokat nem kezeli, helyettük más attribútumokat állít automatikusan.
- De azért beállítjuk őket, abból baj nem lehet...
-
- function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
- A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
- Ennek eldöntése a függvényt hívó program feladata
-*/
-
-############################################################################
-# Jelszó kódolása az Active Directory számára
-############################################################################
-
-function ADSEncodePassword($password) {
-
- return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8");
-
-}
-
-############################################################################
-# Saját jelszó megváltoztatása
-############################################################################
-
-/* *************************************************************************
- A leírások szerint a felhasználó maga is megváltoztathatja jelszavát.
- Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint),
- és felvétele új értékkel - mindenz elvileg egy lépésben.
-
- A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem
- támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból
- sem működik...
-************************************************************************* */
-
-function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
-
- // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!)
- $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- // nem sikerült csatlakozni
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-
- // Az eredeti jelszó ellenőrzése - csatlakozással
- $b_ok = ldap_bind($ds,$userDn,$userPassword);
- if (!$b_ok) {
- // Talán a régi jelszót elgépelte, vagy le van tiltva...
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?';
- ldap_close($ds);
- return false;
- }
-
- // A régi és új jelszavak átkódolása
- $newUnicodePwd = base64_encode(ADSEncodePassword($newPassword));
- $oldUnicodePwd = base64_encode(ADSEncodePassword($userPassword));
- // A php ldap_mod* függvényei nem tudnak egy lépésben többféle módosítást elküldeni
- // ezért a parancssoros ldapmodify-t kell meghívnunk...
- $ldif=<<<EOT
-dn: $userDn
-changetype: modify
-delete: unicodePwd
-unicodePwd:: $oldUnicodePwd
--
-add: unicodePwd
-unicodePwd:: $newUnicodePwd
--
-EOT;
- $cmd = sprintf("/usr/bin/ldapmodify -H %s -D '%s' -x -w %s", $AUTH[$toPolicy]['adsHostname'], $userDn, $userPassword);
- // KHM!
- if (($fh = popen($cmd, 'w')) === false ) {
- // Nem sikerült megnyitni a csatornát - mikor is lehet ilyen? Ha nincs ldapmodify?
- $_SESSION['alert'][] = 'message:popen_failure';
- return false;
- }
- fwrite($fh, "$ldif\n");
- pclose($fh);
-
- // Sikeres volt-e a jelszóváltoztatás? Próbáljunk újra csatlakozni az új jelszóval!
- if (!@ldap_bind($ds, $userDn, $newPassword)) {
- $_SESSION['alert'][] = 'message:bad_pw';
- return false;
- }
-
- // Shadow attribútumok beállítása
- // Ezekre nincs jogosultsága a felhasználónak, így csak AccountOperator-ként módosítható
- // Ráadásul Windoes alatt változtatva a jelszót ezek nem változnak, így nem lehet számítani rájuk...
- if (isset($AUTH[$toPolicy]['adsAccountOperatorUser'])) {
- $shadowLastChange = floor(time()/(60*60*24));
- $info['shadowLastChange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
-
- $b_ok = ldap_bind($ds,$AUTH[$toPolicy]['adsAccountOperatorUser'],$AUTH[$toPolicy]['adsAccountOperatorPw']);
- if (!$b_ok) { $_SESSION['alert'][] = 'message:ldap_bind_failure'; return false; }
- $r = @ldap_mod_replace($ds, $userDn, $info);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:changeMyPassword';
- return false;
- }
- }
- ldap_close($ds);
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
-
-}
-
-############################################################################
-# Adminisztrátori jelszó változtatás
-############################################################################
-
-function changePassword($userAccount, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = _POLICY;
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
- $shadowLastChange = floor(time()/(60*60*24));
-
- $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if ($ds) {
- $b_ok = ldap_bind($ds,BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if ($b_ok) {
- $info['unicodePwd'][0] = ADSEncodePassword($newPassword);
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowLastChange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $r = @ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword';
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword';
- ldap_close($ds);
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-}
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/session/accountInfo.php b/mayor-orig/www/include/backend/ads/session/accountInfo.php
deleted file mode 100644
index eef90fd4..00000000
--- a/mayor-orig/www/include/backend/ads/session/accountInfo.php
+++ /dev/null
@@ -1,416 +0,0 @@
-<?php
-/*
- Module: base/auth-ads
- Backend: ads
-
- function getADSInfo($userDn, $attrList=array('cn'), $toPolicy = '')
- function adsGetAccountInfo($userAccount, $toPolicy = _POLICY)
- function adsGetUserInfo($userAccount, $toPolicy = _POLICY)
- function adsChangeAccountInfo($userAccount, $toPolicy = _POLICY)
- function adsGetGroupInfo($groupCn, $toPolicy = _POLICY)
-
-*/
-
-######################################################
-# getADSInfo - általános ADS lekérdezés
-######################################################
-
-
- function getADSInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = '(objectclass=*)';
- $sr = @ldap_search($ds, $userDn, $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-###########################################################
-# adsGetAccountInfo - felhasználói információk (backend)
-###########################################################
-
- function adsGetAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $backendAttrs, $backendAttrDef;
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
-
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
-
- $result = getADSInfo($userDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // ADS schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- }
- return $return[0];
-
- }
-
- }
-
-#############################################################
-# adsGetUserInfo - felhasználói információk (keretrendszer)
-#############################################################
-
- function adsGetUserInfo($userAccount, $toPolicy = _POLICY) {
-
- global $accountAttrToADS, $adsAttrDef;
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
-
- $result = getADSInfo($userDn, array_values($accountAttrToADS), $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + ADS --> MaYoR schema
- foreach ($accountAttrToADS as $attr => $adsAttr) {
- $adsAttr = kisbetus($adsAttr);
- if (isset($result[0][$adsAttr])) $return[$attr] = $result[0][$adsAttr];
- else $return[$attr] = array('count' => 0);
- }
- return $return;
-
- }
-
- }
-
-###############################################################
-# adsChangeAccountInfo - felhasználói információk módosítása
-###############################################################
-
- function adsChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
- $_alert = array();
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_ADS_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
- }
-
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$userDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$userDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
-###########################################################
-# adsGetGroupInfo - csoport információk (backend)
-###########################################################
-
- function adsGetGroupInfo($groupCn, $toPolicy = _POLICY, $SET = array()) {
-
- global $backendAttrs, $backendAttrDef;
-
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
-
- $groupDn = ADSgroupCnToDn($groupCn, $toPolicy);
-
- $result = getADSInfo($groupDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // Accountok lekérdezése
- $info = getADSaccounts($toPolicy);
- for ($i = 0; $i < $info['count']; $i++) {
- $accountUid[] = array(
- 'value' => $info[$i]['uid'][0],
- 'txt' => $info[$i]['displayname'][0]
- );
- $accountDn[] = array(
- 'value' => $info[$i]['dn'],
- 'txt' => $info[$i]['displayname'][0]
- );
- $DN2CN[$info[$i]['dn']] = $info[$i]['displayname'][0];
- }
-
- // ADS schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif($attr == 'member') {
- $_TMP = array();
- for ($j=0; $j<$result[$i][$attr]['count']; $j++) {
- $_dn = $result[$i][$attr][$j];
- $_TMP[] = array(
- 'type'=>'member',
- 'value'=>$_dn,
- 'txt'=>($DN2CN[$_dn]==''?str_replace(',',' ',$_dn):$DN2CN[$_dn])
- );
- }
- $return[$i][$attr] = $_TMP;
- }
-
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
-
- if ($SET['withNewAccounts']===true) {
- $return[$i]['member']['new'] = $accountDn;
- $return[$i]['memberuid']['new'] = $accountUid;
- }
- }
-
- return $return[0];
-
- }
-
- }
-
-###############################################################
-# adsChangeGroupInfo - csoport információk módosítása
-###############################################################
-
- function adsChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
-
-// !!!! A memberuid / member szinkronjára nem figyel!!
-
- global $AUTH, $backendAttrs, $backendAttrDef;
- $groupDn = ADSgroupCnToDn($groupCn, $toPolicy);
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
-
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
- $_alert = array();
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_ADS_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '')
- if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
- else $values[0] = '';
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
-
- }
-
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
- function getADSaccounts($toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $attrList = array('cn','uid','displayName','samaccountname');
- $filter = '(&(objectclass=person)(!(objectclass=computer)))';
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- }
-
- ldap_sort($ds, $sr, 'displayname');
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/session/base.php b/mayor-orig/www/include/backend/ads/session/base.php
deleted file mode 100644
index 3a727c3b..00000000
--- a/mayor-orig/www/include/backend/ads/session/base.php
+++ /dev/null
@@ -1,188 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ads (for Active Directory)
-
- function ADSuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
- function adsMemberOf($userAccount, $group, $toPolicy = _POLICY)
-
-*/
-
- require('include/backend/ads/base/attrs.php');
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
-
- if ($AUTH[_POLICY]['backend'] == 'ads') {
- /* why not put into session cache */
- if ($AUTH[_POLICY]['cacheable']=='yes') {
- $userDn = _queryCache('RDN',_POLICY,'value');
- }
- if (!isset($userDn)) $userDn = ADSuserAccountToDn();
- define('_USERDN', $userDn); // --TODO DEPRECATED
- define('BACKEND_CONNECT_DN', $AUTH[_POLICY]['adsUser']);
- define('BACKEND_CONNECT_PASSWORD', $AUTH[_POLICY]['adsPw']);
- if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
- unset($userDn);
- }
-
-######################################################
-# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
-######################################################
-
- function ADSuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))";
- $justthese=array('cn','sn','givenName');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid:$userAccount";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
- return $info[0]['dn'];
- }
-
- }
-
-
-######################################################
-# A groupCn(cn)-hez tartozó dn lekérdezése
-######################################################
-
- function ADSgroupCnToDn($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e ilyen csoport?
- $filter="(&(cn=$groupCn)(objectClass=".$AUTH[$toPolicy]['adsGroupObjectClass']."))";
- $justthese=array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
- if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen cn is van
- $_SESSION['alert'][] = "message:multi_gid:$groupCn";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen csoport
- return $info[0]['dn'];
- }
-
- }
-
-######################################################
-# memberOf - csoport tag-e
-######################################################
-
- function adsMemberOf($userAccount, $group, $toPolicy = _POLICY) {
-
- global $AUTH;
- //global $ADS2Mayor;
-
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
- if (in_array($group, $AUTH[$toPolicy]['categories'])) {
- if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
-# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába...
-# else return false;
- }
-
- if (substr($group,0,3) != 'cn=') {
- $groupDn = ADSgroupCnToDn(ekezettelen($group));
- if (!$groupDn) return false; // Ha nincs ilyen csoport az ADS fában
- } else {
- $groupDn = $group;
- }
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $justthese = array('cn'); // valamit le kell kérdezni...
- $filter = "(&(objectClass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(member=$userDn))";
- $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = ldap_get_entries($ds, $sr);
- ldap_close($ds);
-
- if ($info['count'] > 0) {
- return true;
- } else {
- return false;
- }
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/session/createAccount.php b/mayor-orig/www/include/backend/ads/session/createAccount.php
deleted file mode 100644
index 02809f07..00000000
--- a/mayor-orig/www/include/backend/ads/session/createAccount.php
+++ /dev/null
@@ -1,157 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
- require_once('include/backend/ads/password/changePassword.php');
-
- /*
- $SET = array(
- container => a konténer elem - ha nincs, akkor CN=Users alá rakja
- category => tanár, diák... egy kiemelt fontosságú csoport tagság
- groups => egyéb csoportok
- policyAttrs => policy függő attribútumok
- )
- */
- function adsCreateAccount(
- $userCn, $userAccount, $userPassword, $toPolicy, $SET
- ) {
-
- global $AUTH;
-
- $shadowLastChange = floor(time() / (60*60*24));
-
- // $toPolicy --> ads backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ads') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $ginfo = Array();
-
- // uid ütközés ellenőrzése
- $filter = "(sAMAccountName=$userAccount)";
- $justthese = array('sAMAccountName');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- $uinfo = ldap_get_entries($ds, $sr);
- $uidCount = $uinfo['count'];
- ldap_free_result($sr);
- if ($uidCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
- return false;
- }
-
- // Az következő uidNumber megállapítása
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsUserObjectClass'].")(uidNumber=*))";
- $justthese = array('uidNumber', 'msSFU30UidNumber');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- ldap_sort($ds, $sr, 'uidNumber');
- $uinfo = ldap_get_entries($ds, $sr);
- ldap_free_result($sr);
- if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
- else $info['uidNumber'] = array(1001);
-
- // shadow attributumok...
- // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
- $info['shadowLastChange'] = array($shadowLastChange);
- if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
- if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
- if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
- if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
- if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
-
- // A szokásos attribútumok
- $Name = explode(' ',$userCn);
- $Dn = ldap_explode_dn($AUTH[$toPolicy]['adsBaseDn'], 1); unset($Dn['count']);
- $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
- $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
- $info['displayName'] = array($userCn);
- $info['sn'] = array($Name[0]);
- $info['givenName'] = array($Name[ count($Name)-1 ]);
- $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
- $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
- $info['loginShell'] = array('/bin/bash');
- $info['objectClass'] = array($AUTH[$toPolicy]['adsUserObjectClass'], 'user');
-
- $policyAccountAttrs = $SET['policyAttrs'];
- if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['adsStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
- foreach ($policyAccountAttrs as $attr => $value)
- if ($attr != 'studyId' && isset($accountAttrToADS[$attr]))
- $info[ $accountAttrToADS[$attr] ] = array($value);
-
- if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
- else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['adsBaseDn'];
-
- // user felvétel
- $_r1 = @ldap_add($ds,$dn,$info);
- if (!$_r1) {
- $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
- //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // Jelszó beállítás
- if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
-
- // Engedélyezés
- $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
- $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
- if (!$_r1) {
- $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
- //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // Kategória csoportba és egyéb csoportokba rakás
- if (isset($SET['category'])) {
- if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
- else $SET['groups'] = array($SET['category']);
-
- $ginfo['member'] = $dn;
-
- for ($i = 0; $i < count($SET['groups']); $i++) {
- $groupDn = ADSgroupCnToDn($SET['groups'][$i], $toPolicy);
- if ($groupDn !== false) {
- $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
- if (!$_r3) {
- $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
- //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
- }
- }
- }
- }
-
- ldap_close($ds);
-
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['createAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
- fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
- fclose($sfp);
- }
- }
- $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/session/createGroup.php b/mayor-orig/www/include/backend/ads/session/createGroup.php
deleted file mode 100644
index 0a0a8c1d..00000000
--- a/mayor-orig/www/include/backend/ads/session/createGroup.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
-
- function adsCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
-
- global $AUTH;
- $category = ekezettelen($SET['category']);
-
- // $toPolicy --> ads backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ads') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $ginfo = Array();
-
- // cn ütközés ellenőrzése
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(cn=$groupCn))";
- $justthese = array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- $ginfo = ldap_get_entries($ds, $sr);
- $gCount = $ginfo['count'];
- ldap_free_result($sr);
- if ($gCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
- return false;
- }
-
- // Az következő gidNumber megállapítása
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(gidNumber=*))";
- $justthese = array('gidNumber', 'msSFU30GidNumber');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese);
- ldap_sort($ds, $sr, 'gidNumber');
- $ginfo = ldap_get_entries($ds, $sr);
- ldap_free_result($sr);
- if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
- else $info['gidNumber'] = array(1001);
-
- // A szokásos attribútumok
- $info['sAMAccountName'] = $info['cn'] = array($groupCn);
- $info['description'] = array($groupDesc);
-
- // A kategória függő attribútumok
- if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
- else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['adsBaseDn'];
-
- // objectum osztályok
- $info['objectClass'] = array($AUTH[$toPolicy]['adsGroupObjectClass']);
-
- // csoport felvétel
- $_r1 = ldap_add($ds,$dn,$info);
- if (!$_r1) {
- printf("ADS-Error: %s<br>\n", ldap_error($ds));
- var_dump($info);
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ads/session/search/searchAccount.php b/mayor-orig/www/include/backend/ads/session/search/searchAccount.php
deleted file mode 100644
index 01298382..00000000
--- a/mayor-orig/www/include/backend/ads/session/search/searchAccount.php
+++ /dev/null
@@ -1,277 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ads
-
- ! -- Csak publikus mezőkre lehet keresni! -- !
- function ADSSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
- function adsSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
- function adsSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
-
-*/
-
-######################################################
-# Általános ADS kereső függvény
-######################################################
-
- function ADSSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
-
- global $AUTH;
-
- if ($pattern == '') {
- $_SESSION['alert'][] = 'message:empty_field';
- return false;
- }
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
-
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:ADSSearch';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- if (
- strpos(kisbetus($attr),'number') !== false
- && $attr != 'serialNumber'
- ) $filter = "(&$filter($attr=$pattern))";
- else $filter = "(&$filter($attr=*$pattern*))";
-
- $filter = "(&$filter($attr=*$pattern*))";
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $searchAttrs);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-######################################################
-# adsSearchAccount - felhasználó kereső függvény
-######################################################
-
- function adsSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
-
- global $accountAttrToADS;
-
- // A keresendő attribútum konvertálása ADS attribútummá
- if ($accountAttrToADS[ $attr ] != '') $attrADS = $accountAttrToADS[ $attr ];
- else $attrADS = $attr;
- if ($attrADS == 'dn') $attrADS = 'uid'; // dn-re nem megy a keresés!!
-
- // A lekérendő attribútumok konvertálása ADS attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($accountAttrToADS[ $searchAttrs[$i] ] != '') $searchAttrsADS[$i] = $accountAttrToADS[ $searchAttrs[$i] ];
- else $searchAttrsADS[$i] = $searchAttrs[$i];
- }
- $result = ADSSearch($attrADS, $pattern, $searchAttrsADS, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // ADS schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (isset($result[$i][ kisbetus($accountAttrToADS[$a]) ])) {
- if ($accountAttrToADS[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToADS[$a]) ];
- else $return[$i][$a] = $result[$i][$a];
- } else {
- $return[$i][$a] = array('count' => 0) ;
- }
- }
- $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
- $return[$i]['category']['count'] = count($return[$i]['category']);
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# adsSearchGroup - csoport kereső függvény
-######################################################
-
- function adsSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
-
- global $groupAttrToADS;
-
- // A keresendő attribútum konvertálása ADS attribútummá
- if ($groupAttrToADS[ $attr ] != '') $attrADS = $groupAttrToADS[ $attr ];
- else $attrADS = $attr;
- if ($attrADS == 'dn') $attrADS = 'cn'; // dn-re nem megy a keresés!!
-
- // A lekérendő adtibútumok konvertálása ADS attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($groupAttrToADS[ $searchAttrs[$i] ] != '') $searchAttrsADS[$i] = $groupAttrToADS[ $searchAttrs[$i] ];
- else $searchAttrsADS[$i] = $searchAttrs[$i];
- }
-
- $result = ADSSearch($attrADS, $pattern, $searchAttrsADS, '(objectclass=group)', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // ADS schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (!isset($groupAttrToADS[$a]) || $groupAttrToADS[$a] != '') {
- if (isset($result[$i][ $groupAttrToADS[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToADS[$a] ];
- else $return[$i][$a] = '';
- } else {
- $return[$i][$a] = $result[$i][$a];
- }
- }
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# adsDeleteAccount - account törlése
-######################################################
-
- function adsDeleteAccount($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> ads backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ads') {
- $_SESSION['alert'][] = 'page:wrong_backend:ads!='.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- $userDn = ADSuserAccountToDn($userAccount, $toPolicy);
- if ($userDn === false) return false;
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Az uidNumber, a unixHomeDirectory lekerdezése
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsUserObjectClass'].")(!(objectclass=computer)))";
- $justthese = array('uidNumber','unixHomedirectory');
- $sr = @ldap_search($ds,$userDn,$filter,$justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- } ;
-
- $info = @ldap_get_entries($ds,$sr);
- $uidNumber = $info[0]['uidnumber'][0];
- $homeDirectory = $info[0]['unixhomedirectory'][0];
- $uid=$userAccount;
-
- // user törlése
- if (!@ldap_delete($ds,$userDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
- }
-
- ldap_close($ds);
-
- /*
- Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
- A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
- lista: userAccount, uidNumber, homeDirectory
- */
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['deleteAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
- fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
- fclose($sfp);
- }
- }
-
- $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
- return true;
-
- }
-
-######################################################
-# adsDeleteGroup - account törlése
-######################################################
-
- function adsDeleteGroup($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> ads backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ads') {
- $_SESSION['alert'][] = 'page:wrong_backend:ads!='.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- $groupDn = ADSgroupCnToDn($groupCn, $toPolicy);
- if ($groupDn === false) return false;
-
- // Kapcsolódás az ADS szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- if (!@ldap_delete($ds, $groupDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
- return true;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/file/auth/login.php b/mayor-orig/www/include/backend/file/auth/login.php
deleted file mode 100644
index bc77f9f7..00000000
--- a/mayor-orig/www/include/backend/file/auth/login.php
+++ /dev/null
@@ -1,121 +0,0 @@
-<?php
-/*
- Auth-File
-
- A név-jelszó pár ellenőrzése file-ból történik
-*/
-
-/* --------------------------------------------------------------
-
- Felhasználók azonosítása egyszerű szöveges file-ból
-
- A file szerkezete:
- Soronként egy account adatai, egymástól kettősponttal elválasztott mezők:
- azonosító:név:jelszó:oktAzon:shadowLastChange:shadowMin:shadowMax:shadowWarning:shadowInactive:shadowExpire
-
- A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
- konstansok valamelyikével tér vissza.
-
- Sikeres hitelesítés esetén
- az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név'
- attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
-
- Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
- elutasítás okát.
-
--------------------------------------------------------------- */
- function fileUserAuthentication($userAccount, $userPassword, &$accountInformation) {
-
- global $AUTH;
-
- $toPolicy = $accountInformation['policy'];
- $fp = @fopen($AUTH[$toPolicy]['file account file'],'r');
- if (!$fp) {
- // nem lehet megnyitni a file-t
- $_SESSION['alert'][] = 'message:file_open_failure:'.$AUTH[$toPolicy]['file account file'];
- return _AUTH_FAILURE;
- }
-
- $valid = false;
- while (!$valid and $sor = chop(fgets($fp, 1024))) {
-
- list(
- $_userAccount,
- $_userCn,
- $_userPassword,
- $_studyId,
- $shadowLastChange,
- $shadowMin,
- $shadowMax,
- $shadowWarning,
- $shadowInactive,
- $shadowExpire
- ) = explode(':',$sor);
- $valid = ($_userAccount == $userAccount and $_userPassword == $userPassword); // itt lehetne a kódolt jelszót eltárolni és azzal hasonlítani
-
- }
-
- fclose($fp);
-
- if ($valid) {
-
- $accountInformation['cn'] = $_userCn;
- $accountInformation['studyId'] = $_studyId;
-
- if ( // onDisabled: none | refuse
- $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
- (
- (
- $shadowExpire != '' &&
- $shadowExpire <= floor(time()/(60*60*24))
- ) ||
- (
- $shadowLastChange != '' &&
- $shadowMax != '' &&
- $shadowInactive != '' &&
- ( $shadowLastChange
- + $shadowMax
- + $shadowInactive ) <= floor(time()/(60*60*24))
- )
- )
- ) {
- // Le van tiltva
- $_SESSION['alert'][] = 'message:account_disabled';
- return _AUTH_FAILURE_4;
- } // onDisabled
-
- // Lejárt-e az azonosító
- if (
- $AUTH[$toPolicy]['onExpired'] != 'none' && // onExpired: none | warning | force update
- $shadowLastChange != '' &&
- $shadowMax != ''
- ) {
- // Lejárt-e
- $pwLejar = ($shadowLastChange + $shadowMax) - floor(time()/(60*60*24));
- if (0 < $pwLejar && $shadowWarning != '' && $pwLejar < $shadowWarning) {
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- return _AUTH_SUCCESS;
- } elseif ($pwLejar <= 0) {
- $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
- if ($AUTH[$toPolicy]['onDisabled'] == 'refuse')
- $_SESSION['alert'][] = 'info:warn_account_disable:'.($shadowInactive+$pwLejar);
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- }
- }
- } // onExpired
-
- return _AUTH_SUCCESS;
-
- } else {
-
- $_SESSION['alert'][] = 'message:bad_pw';
- return _AUTH_FAILURE_3;
-
- }
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/file/session/base.php b/mayor-orig/www/include/backend/file/session/base.php
deleted file mode 100644
index 4902e9c8..00000000
--- a/mayor-orig/www/include/backend/file/session/base.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
- function fileMemberOf() {
- return false;
- }
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/auth/login.php b/mayor-orig/www/include/backend/ldap-ng/auth/login.php
deleted file mode 100644
index 3eb9854e..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/auth/login.php
+++ /dev/null
@@ -1,163 +0,0 @@
-<?php
-/*
- Auth-LDAP-NG
-
- A név-jelszó pár ellenőrzése LDAP adatbázis alapján
-*/
-
-/* --------------------------------------------------------------
-
- Felhasználók azonosítása az LDAP-ban tárolt konfigurálható
- osztályok alapján történik.
-
- A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
- konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
-
- Sikeres hitelesítés esetén
- az egyéb account információkat (minimálisan a 'cn', azaz 'common name'
- attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
-
- Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
- elutasítás okát (ldap_connect_failure, ldap_bind_failure, ldap_search_failure, no_account, multi_uid,
- account_disabled, bad_pw, account_warning, account_expired, warn_account_disable.
-
--------------------------------------------------------------- */
-
-######################################################################
-# Az LDAP protocol version 3 kötelező,
-# referals=0 nélkül használhatatlanul lassú
-######################################################################
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
-
-
- function ldap_ngUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
-
- global $AUTH;
-
- if ($toPolicy == '') {
- if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
-// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
- else $toPolicy = _POLICY;
- }
-
- // Kapcsolódás a szerverhez
- $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return _AUTH_FAILURE;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return _AUTH_FAILURE;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
- $justthese = array("sn",$AUTH[$toPolicy]['ldapCnAttr'],$AUTH[$toPolicy]['ldapStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax");
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return _AUTH_FAILURE;
- }
- $info = ldap_get_entries($ds,$sr);
-
- if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- ldap_close($ds);
- return _AUTH_FAILURE_1;
- }
-
- if ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid";
- ldap_close($ds);
- return _AUTH_FAILURE_2;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
-
-
- $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0];
- $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0];
-
- $accountInformation['dn'] = $info[0]['dn'];
- $accountInformation['account'] = $userAccount;
- // Lejárt-e
- // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
- if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk
-// if ($info[0]['shadowlastchange'][0] != '')
-// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]);
-// else
- $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]);
- }
- if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk
-// if ($info[0]['shadowexpire'][0] != '')
-// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]);
-// else
- $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]);
- }
- if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0];
- if (
- $info[0]['shadowmax'][0] != '' &&
- (
- !isset($expireTimestamp) ||
- $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]
- )
- ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0];
- // lejárt, ha lejárat ideje már elmúlt
- $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
-
- // Le van-e tiltva
- // Ha több mint shadowInactive napja lejárt
- if ( // onDisabled: none | refuse
- $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
- isset($expireTimestamp) &&
- $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24))
- ) {
- // Le van tiltva
- $_SESSION['alert'][] = 'message:account_disabled';
- ldap_close($ds);
- return _AUTH_FAILURE_4;
- } // onDisabled
-
- // Jelszó ellenőrzés - lehet-e csatlakozni
- if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
- $_SESSION['alert'][] = 'message:bad_pw';
- return _AUTH_FAILURE_3;
- }
-
- ldap_close($ds);
- // Lejárt-e az azonosító
- if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
- // Lejárt-e
- $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
- if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- return _AUTH_SUCCESS;
- } elseif ($pwLejar <= 0) {
- $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
- if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- } else {
- return _AUTH_FAILURE;
- }
- }
- } // onExpired
- // Ha idáig eljut, akkor minden rendben.
- return _AUTH_SUCCESS;
-
- } // count == 1
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/base/attrs.php b/mayor-orig/www/include/backend/ldap-ng/base/attrs.php
deleted file mode 100644
index 2a2f327a..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/base/attrs.php
+++ /dev/null
@@ -1,146 +0,0 @@
-<?php
-/*
- Module: useradmin
-*/
-
- if (file_exists('lang/'._LANG.'/backend/ldap-ng/attrs.php')) {
- require('lang/'._LANG.'/backend/ldap-ng/attrs.php');
- } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap-ng/attrs.php')) {
- require('lang/'._DEFAULT_LANG.'/backend/ldap-ng/attrs.php');
- }
-
-######################################################
-# Alapértelmezett jogosultságok
-#
-# w - Írható/olvasható
-# r - olvasható
-# - - egyik sem
-#
-# Három karakter: admin, self, other jogai
-######################################################
-
- define('_DEFAULT_LDAP_RIGHTS','wr-');
-
-######################################################
-# Az LDAP account attribútumok
-######################################################
-
- global $ldapAccountAttrs;
- $ldapAccountAttrs = array(
- 'cn',
- 'serialnumber',
- 'uid',
- 'uidnumber',
- 'gidnumber',
- 'unixhomedirectory',
- 'loginshell',
-
- 'shadowlastchange',
- 'shadowexpire',
- 'shadowwarning',
- 'shadowmin',
- 'shadowmax',
- 'shadowinactive',
-
-/*
- 'gecos',
- 'mail',
- 'telephonenumber',
- 'mobile',
- 'l',
- 'street',
- 'postaladdress',
- 'postalcode',
- 'homedirectory',
-*/
- );
-
- global $ldapGroupAttrs;
- $ldapGroupAttrs = array(
- 'cn',
- 'description',
- 'member',
- 'name',
- 'samaccountname',
- 'objectcategory',
- 'gidnumber', // ennek kellene lennie - mitől lesz?
-/* 'memberuid' */
- );
-
- global $accountAttrToLDAP; // Kis és nagybetű számít!!!
- $accountAttrToLDAP = array(
- 'userAccount' => 'sAMAccountName',
- 'userCn' => 'displayName',
- 'mail' => 'mail',
- 'studyId' => 'serialNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns
- 'shadowLastChange' => 'shadowLastChange',
- 'shadowWarning' => 'shadowWarning',
- 'shadowMin' => 'shadowMin',
- 'shadowMax' => 'shadowMax',
- 'shadowExpire' => 'shadowExpire',
- 'shadowInactive' => 'shadowInactive',
- );
-
- global $groupAttrToLDAP;
- $groupAttrToLDAP = array(
- 'groupCn' => 'cn',
- 'groupDesc' => 'description',
- 'member' => 'member',
- );
-
- global $ldapAccountAttrDef;
- $ldapAccountAttrDef = array(
- 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'),
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'),
- 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'),
- 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
- 'serialnumber' => array('desc' => _LDAPSERIALNUMBER, 'type' => 'int', 'rights' => 'wrr'),
- 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'),
- 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'),
- 'padpwdcount' => array('desc' => _LDAPBADPWDCOUNT, 'type' => 'int', 'rights' => 'wrr'),
- 'badpasswordtime' => array('desc' => _LDAPBADPASSWORDTIME, 'type' => 'int', 'rights' => 'r--'),
- 'lastlogon' => array('desc' => _LDAPLASTLOGON, 'type' => 'int', 'rights' => 'r--'),
- 'pwdlastset' => array('desc' => _LDAPPWDLASTSET, 'type' => 'int', 'rights' => 'r--'),
- 'accountexpires' => array('desc' => _LDAPACCOUNTEXPIRES, 'type' => 'int', 'rights' => 'wrr'),
- 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text', 'rights' => 'wrr'),
- 'useraccountcontrol' => array('desc' => _USERACCOUNTCONTROL, 'type' => 'text', 'rights' => 'wrr'),
- 'userprincipalname' => array('desc' => _LDAPUSERPRINCIPALNAME, 'type' => 'text', 'rights' => 'wrr'),
- 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text', 'rights' => 'r--'),
- 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'),
- 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'),
- 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'),
- 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
-/*
- 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'),
- 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'),
- 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
- 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'),
- 'l' => array('desc' => _LDAPL, 'type' => 'text'),
- 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
- 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
- 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
-*/
- );
-
- global $ldapGroupAttrDef;
- $ldapGroupAttrDef = array(
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'),
- 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'),
- 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'),
- 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
- 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'),
-
- 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
- );
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php b/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php
deleted file mode 100644
index aa4cd91d..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php
+++ /dev/null
@@ -1,161 +0,0 @@
-<?php
-/*
-
- Module: base/password
-
- function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
- A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
- Ennek eldöntése a függvényt hívó program feladata
-*/
-
-############################################################################
-# Jelszó kódolása (az Active Directory ezt használja....)
-############################################################################
-
-function LDAPEncodePassword($password) {
-
- return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8");
-
-}
-
-############################################################################
-# Saját jelszó megváltoztatása
-############################################################################
-
-/* *************************************************************************
- A leírások szerint a felhasználó maga is megváltoztathatja jelszavát.
- Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint),
- és felvétele új értékkel - mindenz elvileg egy lépésben.
-
- A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem
- támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból
- sem működik...
-************************************************************************* */
-
-function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!)
- $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- // nem sikerült csatlakozni
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-
- // Az eredeti jelszó ellenőrzése - csatlakozással
- $b_ok = ldap_bind($ds,$userDn,$userPassword);
- if (!$b_ok) {
- // Talán a régi jelszót elgépelte, vagy le van tiltva...
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?';
- ldap_close($ds);
- return false;
- }
-
- // A régi és új jelszavak átkódolása
- $newUnicodePwd = base64_encode(LDAPEncodePassword($newPassword));
- $oldUnicodePwd = base64_encode(LDAPEncodePassword($userPassword));
- // A php ldap_mod* függvényei nem tudnak egy lépésben többféle módosítást elküldeni
- // ezért a parancssoros ldapmodify-t kell meghívnunk...
- $ldif=<<<EOT
-dn: $userDn
-changetype: modify
-delete: unicodePwd
-unicodePwd:: $oldUnicodePwd
--
-add: unicodePwd
-unicodePwd:: $newUnicodePwd
--
-EOT;
- $cmd = sprintf("/usr/bin/ldapmodify -H %s -D '%s' -x -w %s", $AUTH[$toPolicy]['ldapHostname'], $userDn, $userPassword);
-
- if (($fh = popen($cmd, 'w')) === false ) {
- // Nem sikerült megnyitni a csatornát - mikor is lehet ilyen? Ha nincs ldapmodify?
- $_SESSION['alert'][] = 'message:popen_failure';
- return false;
- }
- fwrite($fh, "$ldif\n");
- pclose($fh);
-
- // Sikeres volt-e a jelszóváltoztatás? Próbáljunk újra csatlakozni az új jelszóval!
- if (!@ldap_bind($ds, $userDn, $newPassword)) {
- $_SESSION['alert'][] = 'message:bad_pw';
- return false;
- }
-
- // Shadow attribútumok beállítása
- // Ezekre nincs jogosultsága a felhasználónak, így csak AccountOperator-ként módosítható
- // Ráadásul Windoes alatt változtatva a jelszót ezek nem változnak, így nem lehet számítani rájuk...
- if (isset($AUTH[$toPolicy]['ldapAccountOperatorUser'])) {
- $shadowLastChange = floor(time()/(60*60*24));
- $info['shadowLastChange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
-
- $b_ok = ldap_bind($ds,$AUTH[$toPolicy]['ldapAccountOperatorUser'],$AUTH[$toPolicy]['ldapAccountOperatorPw']);
- if (!$b_ok) { $_SESSION['alert'][] = 'message:ldap_bind_failure'; return false; }
- $r = @ldap_mod_replace($ds, $userDn, $info);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:changeMyPassword';
- return false;
- }
- }
- ldap_close($ds);
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
-
-}
-
-############################################################################
-# Adminisztrátori jelszó változtatás
-############################################################################
-
-function changePassword($userAccount, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = _POLICY;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- $shadowLastChange = floor(time()/(60*60*24));
-
- $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if ($ds) {
- $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
- if ($b_ok) {
- $info['unicodePwd'][0] = LDAPEncodePassword($newPassword);
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowLastChange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $r = @ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword';
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword';
- ldap_close($ds);
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-}
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php b/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php
deleted file mode 100644
index d3733ba2..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php
+++ /dev/null
@@ -1,401 +0,0 @@
-<?php
-/*
- Module: base/auth-ldap-ng
- Backend: ldap-ng
-
- function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
- function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
- function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
- function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
- function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
-
-*/
-
-######################################################
-# getLDAPInfo - általános LDAP lekérdezés
-######################################################
-
-
- function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = '(objectclass=*)';
- $sr = @ldap_search($ds, $Dn, $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-###########################################################
-# ldapGetAccountInfo - felhasználói információk (backend)
-###########################################################
-
- function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $backendAttrs, $backendAttrDef;
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- }
- return $return[0];
-
- }
-
- }
-
-#############################################################
-# ldapGetUserInfo - felhasználói információk (keretrendszer)
-#############################################################
-
- function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) {
-
- global $accountAttrToLDAP, $ldapAttrDef;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema
- foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
- $ldapAttr = kisbetus($ldapAttr);
- if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
- else $return[$attr] = array('count' => 0);
- }
- return $return;
-
- }
-
- }
-
-###############################################################
-# ldapChangeAccountInfo - felhasználói információk módosítása
-###############################################################
-
- function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
- $_alert = array();
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
- }
-
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$userDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$userDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
-###########################################################
-# ldapGetGroupInfo - csoport információk (backend)
-###########################################################
-
- function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) {
-
- global $backendAttrs, $backendAttrDef;
-
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // Accountok lekérdezése
- $info = getLDAPaccounts($toPolicy);
- for ($i = 0; $i < $info['count']; $i++) {
- $accountUid[] = array(
- 'value' => $info[$i]['uid'][0],
- 'txt' => $info[$i]['displayname'][0]
- );
- $accountDn[] = array(
- 'value' => $info[$i]['dn'],
- 'txt' => $info[$i]['displayname'][0]
- );
- }
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- $return[$i]['member']['new'] = $accountDn;
- $return[$i]['memberuid']['new'] = $accountUid;
- }
-
- return $return[0];
-
- }
-
- }
-
-###############################################################
-# ldapChangeGroupInfo - csoport információk módosítása
-###############################################################
-
- function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
-
-// !!!! A memberuid / member szinkronjára nem figyel!!
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
-
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
- $_alert = array();
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '')
- if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
- else $values[0] = '';
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
-
- }
-
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
- function getLDAPaccounts($toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $attrList = array('cn','uid','displayName','samaccountname');
- $filter = '(&(objectclass=person)(!(objectclass=computer)))';
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- }
-
- ldap_sort($ds, $sr, 'displayname');
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/base.php b/mayor-orig/www/include/backend/ldap-ng/session/base.php
deleted file mode 100644
index 196e431c..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/session/base.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ldap-ng
-
- function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
- function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
-
-*/
-
- require('include/backend/ldap-ng/base/attrs.php');
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
-
- if ($AUTH[_POLICY]['backend'] == 'ldap-ng') {
- /* why not put into session cache */
- if ($AUTH[_POLICY]['cacheable']=='yes') {
- $userDn = _queryCache('RDN',_POLICY,'value');
- }
- if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
- define('_USERDN', $userDn);
- if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
- unset($userDn);
- }
-
-######################################################
-# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
-######################################################
-
- function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
- $justthese=array($AUTH[$toPolicy]['ldapCnAttr']);
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid:$userAccount";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
- return $info[0]['dn'];
- }
-
- }
-
-
-######################################################
-# A groupCn(cn)-hez tartozó dn lekérdezése
-######################################################
-
- function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e ilyen csoport?
- $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))";
- $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']);
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
- if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen cn is van
- $_SESSION['alert'][] = "message:multi_gid:$groupCn";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen csoport
- return $info[0]['dn'];
- }
-
- }
-
-######################################################
-# memberOf - csoport tag-e
-######################################################
-
- function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */
- if (in_array($group, $AUTH[$toPolicy]['categories'])) {
- if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
- }
-
- if (substr($group,0,3) != 'cn=') {
- $groupDn = LDAPgroupCnToDn(ekezettelen($group));
- if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
- } else {
- $groupDn = $group;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $justthese = array('cn'); // valamit le kell kérdezni...
- $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(member=$userDn))";
- $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = ldap_get_entries($ds, $sr);
- ldap_close($ds);
-
- if ($info['count'] > 0) {
- return true;
- } else {
- return false;
- }
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php
deleted file mode 100644
index db62a348..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php
+++ /dev/null
@@ -1,157 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
- require_once('include/backend/ldap-ng/password/changePassword.php');
-
- /*
- $SET = array(
- container => a konténer elem - ha nincs, akkor CN=Users alá rakja
- category => tanár, diák... egy kiemelt fontosságú csoport tagság
- groups => egyéb csoportok
- policyAttrs => policy függő attribútumok
- )
- */
- function ldapCreateAccount(
- $userCn, $userAccount, $userPassword, $toPolicy, $SET
- ) {
-
- global $AUTH;
-
- $shadowLastChange = floor(time() / (60*60*24));
-
- // $toPolicy --> ldap backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $ginfo = Array();
-
- // uid ütközés ellenőrzése
- $filter = "(sAMAccountName=$userAccount)";
- $justthese = array('sAMAccountName');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- $uinfo = ldap_get_entries($ds, $sr);
- $uidCount = $uinfo['count'];
- ldap_free_result($sr);
- if ($uidCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
- return false;
- }
-
- // Az következő uidNumber megállapítása
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))";
- $justthese = array('uidNumber', 'msSFU30UidNumber');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- ldap_sort($ds, $sr, 'uidNumber');
- $uinfo = ldap_get_entries($ds, $sr);
- ldap_free_result($sr);
- if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
- else $info['uidNumber'] = array(1001);
-
- // shadow attributumok...
- // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
- $info['shadowLastChange'] = array($shadowLastChange);
- if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
- if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
- if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
- if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
- if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
-
- // A szokásos attribútumok
- $Name = explode(' ',$userCn);
- $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']);
- $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
- $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
- $info['displayName'] = array($userCn);
- $info['sn'] = array($Name[0]);
- $info['givenName'] = array($Name[ count($Name)-1 ]);
- $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
- $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
- $info['loginShell'] = array('/bin/bash');
- $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user');
-
- $policyAccountAttrs = $SET['policyAttrs'];
- if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
- foreach ($policyAccountAttrs as $attr => $value)
- if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr]))
- $info[ $accountAttrToLDAP[$attr] ] = array($value);
-
- if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
- else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn'];
-
- // user felvétel
- $_r1 = @ldap_add($ds,$dn,$info);
- if (!$_r1) {
- $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
- //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // Jelszó beállítás
- if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
-
- // Engedélyezés
- $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
- $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
- if (!$_r1) {
- $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
- //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // Kategória csoportba és egyéb csoportokba rakás
- if (isset($SET['category'])) {
- if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
- else $SET['groups'] = array($SET['category']);
-
- $ginfo['member'] = $dn;
-
- for ($i = 0; $i < count($SET['groups']); $i++) {
- $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy);
- if ($groupDn !== false) {
- $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
- if (!$_r3) {
- $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
- //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
- }
- }
- }
- }
-
- ldap_close($ds);
-
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['createAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
- fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
- fclose($sfp);
- }
- }
- $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php b/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php
deleted file mode 100644
index 59c77c92..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
-
- function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
-
- global $AUTH;
- $category = ekezettelen($SET['category']);
-
- // $toPolicy --> ldap backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $ginfo = Array();
-
- // cn ütközés ellenőrzése
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))";
- $justthese = array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- $ginfo = ldap_get_entries($ds, $sr);
- $gCount = $ginfo['count'];
- ldap_free_result($sr);
- if ($gCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
- return false;
- }
-
- // Az következő gidNumber megállapítása
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))";
- $justthese = array('gidNumber', 'msSFU30GidNumber');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- ldap_sort($ds, $sr, 'gidNumber');
- $ginfo = ldap_get_entries($ds, $sr);
- ldap_free_result($sr);
- if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
- else $info['gidNumber'] = array(1001);
-
- // A szokásos attribútumok
- $info['sAMAccountName'] = $info['cn'] = array($groupCn);
- $info['description'] = array($groupDesc);
-
- // A kategória függő attribútumok
- if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
- else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn'];
-
- // objectum osztályok
- $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']);
-
- // csoport felvétel
- $_r1 = ldap_add($ds,$dn,$info);
- if (!$_r1) {
- printf("LDAP-Error: %s<br>\n", ldap_error($ds));
- var_dump($info);
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php
deleted file mode 100644
index 70be6ed5..00000000
--- a/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php
+++ /dev/null
@@ -1,271 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ldap-ng
-
- ! -- Csak publikus mezőkre lehet keresni! -- !
- function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
- function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
- function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
-
-*/
-
-######################################################
-# Általános LDAP kereső függvény
-######################################################
-
- function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
-
- global $AUTH;
-
- if ($pattern == '') {
- $_SESSION['alert'][] = 'message:empty_field';
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
-
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = "(&$filter($attr=*$pattern*))";
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-######################################################
-# ldapSearchAccount - felhasználó kereső függvény
-######################################################
-
- function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
-
- global $accountAttrToLDAP;
-
- // A keresendő attribútum konvertálása LDAP attribútummá
- if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
- else $attrLDAP = $attr;
- if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
-
- // A lekérendő attribútumok konvertálása LDAP attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
- else $searchAttrsLDAP[$i] = $searchAttrs[$i];
- }
- $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) {
- if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ];
- else $return[$i][$a] = $result[$i][$a];
- } else {
- $return[$i][$a] = array('count' => 0) ;
- }
- }
- $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
- $return[$i]['category']['count'] = count($return[$i]['category']);
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# ldapSearchGroup - csoport kereső függvény
-######################################################
-
- function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
-
- global $groupAttrToLDAP;
-
- // A keresendő attribútum konvertálása LDAP attribútummá
- if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
- else $attrLDAP = $attr;
- if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
-
- // A lekérendő adtibútumok konvertálása LDAP attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
- else $searchAttrsLDAP[$i] = $searchAttrs[$i];
- }
-
- $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=group)', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
- if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
- else $return[$i][$a] = '';
- } else {
- $return[$i][$a] = $result[$i][$a];
- }
- }
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# ldapDeleteAccount - account törlése
-######################################################
-
- function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> ldap-ng backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
- $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- if ($userDn === false) return false;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Az uidNumber, a unixHomeDirectory lekerdezése
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))";
- $justthese = array('uidNumber','unixHomedirectory');
- $sr = @ldap_search($ds,$userDn,$filter,$justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- } ;
-
- $info = @ldap_get_entries($ds,$sr);
- $uidNumber = $info[0]['uidnumber'][0];
- $homeDirectory = $info[0]['unixhomedirectory'][0];
- $uid=$userAccount;
-
- // user törlése
- if (!@ldap_delete($ds,$userDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
- }
-
- ldap_close($ds);
-
- /*
- Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
- A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
- lista: userAccount, uidNumber, homeDirectory
- */
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['deleteAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
- fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
- fclose($sfp);
- }
- }
-
- $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
- return true;
-
- }
-
-######################################################
-# ldapDeleteGroup - account törlése
-######################################################
-
- function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> ldap-ng backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
- $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
- if ($groupDn === false) return false;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- if (!@ldap_delete($ds, $groupDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
- return true;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/auth/login.php b/mayor-orig/www/include/backend/ldap/auth/login.php
deleted file mode 100644
index 2165371d..00000000
--- a/mayor-orig/www/include/backend/ldap/auth/login.php
+++ /dev/null
@@ -1,144 +0,0 @@
-<?php
-/*
- Auth-LDAP
-
- A név-jelszó pár ellenőrzése LDAP adatbázis alapján
-*/
-
-/* --------------------------------------------------------------
-
- Felhasználók azonosítása LDAP-ban tárolt posixAccount
- osztályok alapján történik.
-
- A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
- konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
-
- Sikeres hitelesítés esetén
- az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név'
- attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
-
- Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
- elutasítás okát.
-
--------------------------------------------------------------- */
-
-######################################################################
-# Az LDAP protocol version szerinti csatlakozás
-######################################################################
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
-
- function ldapUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
-
- global $AUTH;
-
- if ($toPolicy == '') {
- if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
-// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
- else $toPolicy = _POLICY;
- }
-
- // Kapcsolódás a szerverhez
- $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return _AUTH_FAILURE;
- }
-
- // Csatlakozás a szerverhez
- $r = ldap_bind($ds);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return _AUTH_FAILURE;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(uid=$userAccount)(objectClass=posixAccount))";
- $justthese = array("sn","cn","studyId","shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax");
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return _AUTH_FAILURE;
- }
- $info=ldap_get_entries($ds,$sr);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- ldap_close($ds);
- return _AUTH_FAILURE_1;
- }
-
- if ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid";
- ldap_close($ds);
- return _AUTH_FAILURE_2;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
-
- $accountInformation['cn'] = $info[0]['cn'][0];
- $accountInformation['studyId'] = $info[0]['studyid'][0];
- $accountInformation['dn'] = $info[0]['dn'];
- $accountInformation['account'] = $userAccount;
- // Lejárt-e
- // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
- if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0];
- if (
- $info[0]['shadowmax'][0] != '' &&
- (
- !isset($expireTimestamp) ||
- $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]
- )
- ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0];
- // lejárt, ha lejárat ideje már elmúlt
- $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
-
- // Le van-e tiltva
- // Ha több mint shadowInactive napja lejárt
- if ( // onDisabled: none | refuse
- $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
- isset($expireTimestamp) &&
- $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24))
- ) {
- // Le van tiltva
- $_SESSION['alert'][] = 'message:account_disabled';
- ldap_close($ds);
- return _AUTH_FAILURE_4;
- } // onDisabled
-
- // Jelszó ellenőrzés - lehet-e csatlakozni
- if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
- $_SESSION['alert'][] = 'message:bad_pw';
- return _AUTH_FAILURE_3;
- }
-
- ldap_close($ds);
- // Lejárt-e az azonosító
- if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
- // Lejárt-e
- $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
- if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- return _AUTH_SUCCESS;
- } elseif ($pwLejar <= 0) {
- $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
- if ($AUTH[$toPolicy]['onDisabled'] == 'refuse')
- $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- }
- }
- } // onExpired
-
- // Ha idáig eljut, akkor minden rendben.
- return _AUTH_SUCCESS;
-
- } // count == 1
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php b/mayor-orig/www/include/backend/ldap/base/attrs.php
deleted file mode 100644
index bf86d0d2..00000000
--- a/mayor-orig/www/include/backend/ldap/base/attrs.php
+++ /dev/null
@@ -1,120 +0,0 @@
-<?php
-/*
- Module: useradmin
-*/
-
- if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) {
- require('lang/'._LANG.'/backend/ldap/attrs.php');
- } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) {
- require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php');
- }
-
-######################################################
-# Alapértelmezett jogosultságok
-#
-# w - Írható/olvasható
-# r - olvasható
-# - - egyik sem
-#
-# Három karakter: admin, self, other jogai
-######################################################
-
- define('_DEFAULT_LDAP_RIGHTS','wr-');
-
-######################################################
-# Az LDAP account attribútumok
-######################################################
-
- global $ldapAccountAttrs;
- $ldapAccountAttrs = array(
- 'uid',
- 'uidnumber',
- 'gidnumber',
- 'gecos',
- 'cn',
- 'studyid',
- 'sn',
- 'givenname',
- 'mail',
- 'telephonenumber',
- 'mobile',
- 'l',
- 'street',
- 'postaladdress',
- 'postalcode',
- 'homedirectory',
- 'shadowlastchange',
- 'shadowexpire',
- 'shadowwarning',
- 'shadowmin',
- 'shadowmax',
- 'shadowinactive',
- );
-
- global $ldapGroupAttrs;
- $ldapGroupAttrs = array(
- 'gidnumber',
- 'cn',
- 'description',
- 'member',
- 'memberuid'
- );
-
- global $accountAttrToLDAP;
- $accountAttrToLDAP = array(
- 'userAccount' => 'uid',
- 'userCn' => 'cn',
- 'mail' => 'mail',
- 'studyId' => 'studyId',
- 'shadowLastChange' => 'shadowLastChange',
- 'shadowWarning' => 'shadowWarning',
- 'shadowMin' => 'shadowMin',
- 'shadowMax' => 'shadowMax',
- 'shadowExpire' => 'shadowExpire',
- 'shadowInactive' => 'shadowInactive',
- );
-
- global $groupAttrToLDAP;
- $groupAttrToLDAP = array(
- 'groupCn' => 'cn',
- 'groupDesc' => 'description',
- 'member' => 'member'
- );
-
- global $ldapAccountAttrDef;
- $ldapAccountAttrDef = array(
- 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'),
- 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'),
- 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'),
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'),
- 'studyid' => array('desc' => _LDAPSTUDYID, 'type' => 'int', 'rights' => 'wrr'),
- 'sn' => array('desc' => _LDAPSN, 'type' => 'text'),
- 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
- 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'),
- 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
- 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'),
- 'l' => array('desc' => _LDAPL, 'type' => 'text'),
- 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
- 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
- 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
- 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'),
- 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'),
- 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'),
- 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'),
- 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'),
- 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'),
- 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'),
- );
-
- global $ldapGroupAttrDef;
- $ldapGroupAttrDef = array(
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'),
- 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
- 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
- );
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php.orig b/mayor-orig/www/include/backend/ldap/base/attrs.php.orig
deleted file mode 100644
index 658dfa1c..00000000
--- a/mayor-orig/www/include/backend/ldap/base/attrs.php.orig
+++ /dev/null
@@ -1,175 +0,0 @@
-<?php
-/*
- Module: useradmin
-*/
-
- if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) {
- require('lang/'._LANG.'/backend/ldap/attrs.php');
- } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) {
- require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php');
- }
-
-######################################################
-# Alapértelmezett jogosultságok
-#
-# w - Írható/olvasható
-# r - olvasható
-# - - egyik sem
-#
-# Három karakter: admin, self, other jogai
-######################################################
-
- define('_DEFAULT_LDAP_RIGHTS','wr-');
-
-######################################################
-# Az LDAP account attribútumok
-######################################################
-
- global $ldapAccountAttrs;
- $ldapAccountAttrs = array(
- 'uid',
- 'uidnumber',
- 'gidnumber',
- 'gecos',
- 'cn',
- 'sn',
- 'givenname',
- 'mail',
- 'homepage',
- 'url',
- 'telephonenumber',
- 'mobile',
- 'year',
- 'class',
- 'l',
- 'street',
- 'postaladdress',
- 'postalcode',
- 'homedirectory',
- 'owner',
- 'leader',
- 'description',
- 'roomnumber',
- 'registertimestamp',
- 'primaryschoolomcode',
- 'classtimestamp',
- 'studentcardnumber',
- 'studentcardtimestamp',
- 'taxid',
- 'birthtimestamp',
- 'birthlocality',
- 'registernumber',
- 'diarynumber',
- 'sex',
- 'guardiancn',
- 'mothercn',
- 'localitytimestamp',
- 'tajnumber',
- 'member',
- 'studentmember',
- 'exemptmember',
- 'examermember',
- 'memberuid',
- 'shadowlastchange',
- 'shadowexpire',
- 'shadowwarning',
- 'shadowmin',
- 'shadowmax',
- 'shadowinactive',
- 'parentpassword'
- );
-
- global $ldapGroupAttrs;
- $ldapGroupAttrs = array(
- 'gidnumber',
- 'cn',
- 'description',
- 'owner',
- 'member',
- 'memberuid'
- );
-
- global $accountAttrToLDAP;
- $accountAttrToLDAP = array(
- 'userAccount' => 'uid',
- 'userCn' => 'cn',
- 'mail' => 'mail',
- 'studyId' => 'studyId',
- 'shadowLastChange' => 'shadowLastChange',
- 'shadowWarning' => 'shadowWarning',
- 'shadowMin' => 'shadowMin',
- 'shadowMax' => 'shadowMax',
- 'shadowExpire' => 'shadowExpire',
- 'shadowInactive' => 'shadowInactive',
- );
-
- global $groupAttrToLDAP;
- $groupAttrToLDAP = array(
- 'groupId' => 'cn',
- 'groupName' => 'description',
-// 'leader' => 'leader',
- 'owner' => 'owner',
- 'member' => 'member'
- );
-
- global $ldapAccountAttrDef;
- $ldapAccountAttrDef = array(
- 'dn' => array('desc' => _LDAPDN, 'type' => 'text','rights' => 'rrr'),
- 'uid' => array('desc' => _LDAPUID, 'type' => 'text','rights' => 'rrr'),
- 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text','rights' => 'w--'),
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'),
- 'sn' => array('desc' => _LDAPSN, 'type' => 'text'),
- 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
- 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text','rights' => 'wwr'),
- 'homepage' => array('desc' => _LDAPHOMEPAGE, 'type' => 'text','rights' => 'wwr'),
- 'url' => array('desc' => _LDAPURL, 'type' => 'text'),
- 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text','rights' => 'ww-'),
- 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text','rights' => 'ww-'),
- 'year' => array('desc' => _LDAPYEAR, 'type' => 'int'),
- 'class' => array('desc' => _LDAPCLASS, 'type' => 'text'),
- 'l' => array('desc' => _LDAPL, 'type' => 'text'),
- 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
- 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
- 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
- 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'),
- 'roomnumber' => array('desc' => _LDAPROOMNUMBER, 'type' => 'int'),
- 'registertimestamp' => array('desc' => _LDAPREGISTERTIMESTAMP, 'type' => 'timestamp'),
- 'primaryschoolomcode' => array('desc' => _LDAPPRIMARYSCHOOLOMCODE, 'type' => 'text'),
- 'classtimestamp' => array('desc' => _LDAPCLASSTIMESTAMP, 'type' => 'timestamp'),
- 'studentcardnumber' => array('desc' => _LDAPSTUDENTCARDNUMBER, 'type' => 'text'),
- 'studentcardtimestamp' => array('desc' => _LDAPSTUDENTCARDTIMESTAMP, 'type' => 'timestamp'),
- 'taxid' => array('desc' => _LDAPTAXID, 'type' => 'text'),
- 'birthtimestamp' => array('desc' => _LDAPBIRTHTIMESTAMP, 'type' => 'timestamp'),
- 'birthlocality' => array('desc' => _LDAPBIRTHLOCALITY, 'type' => 'text'),
- 'registernumber' => array('desc' => _LDAPREGISTERNUMBER, 'type' => 'text'),
- 'diarynumber' => array('desc' => _LDAPDIARYNUMBER, 'type' => 'text'),
- 'sex' => array('desc' => _LDAPSEX, 'type' => 'radio', 'options' => array(_FIU, _LANY)),
- 'guardiancn' => array('desc' => _LDAPGUARDIANCN, 'type' => 'text'),
- 'mothercn' => array('desc' => _LDAPMOTHERCN, 'type' => 'text'),
- 'localitytimestamp' => array('desc' => _LDAPLOCALITYTIMESTAMP, 'type' => 'timestamp'),
- 'tajnumber' => array('desc' => _LDAPTAJNUMBER, 'type' => 'text'),
- 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'),
- 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'),
- 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'),
- 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'),
- 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'),
- 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'),
- );
-
- global $ldapGroupAttrDef;
- $ldapGroupAttrDef = array(
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'),
- 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
- 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
- 'owner' => array('desc' => _LDAPOWNER, 'type' => 'select'),
-// 'studentmember' => array('desc' => _LDAPSTUDENTMEMBER, 'type' => 'text'),
-// 'exemptmember' => array('desc' => _LDAPEXEMPTMEMBER, 'type' => 'text'),
-// 'examermember' => array('desc' => _LDAPEXAMERMEMBER, 'type' => 'text'),
-// 'leader' => array('desc' => _LDAPLEADER, 'type' => 'text'),
- );
-
-?> \ No newline at end of file
diff --git a/mayor-orig/www/include/backend/ldap/base/str.php b/mayor-orig/www/include/backend/ldap/base/str.php
deleted file mode 100644
index 2ef3ad1c..00000000
--- a/mayor-orig/www/include/backend/ldap/base/str.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php
-/*
- Module: useradmin
-
- function date2timestamp($date)
- function timestamp2date($stamp)
- !! -- function ldap_cn_cmp($a,$b) -- !! Kell ez?
- !! -- function tanar_cn_cmp($a,$b) -- !! Használjuk ezt?
-
- // - fuggoseg - // require_once('include/share/ldap/attrs.php');
-
-*/
-
-// -------------------------------------
-// Date2Timestamp
-// -------------------------------------
-
- function date2timestamp($date) {
- $date = str_replace('-','',$date);
- $date = str_replace('.','',$date).'010101Z';
- if (strlen($date) == 15) return $date;
- else return '';
- }
-
-// -------------------------------------
-// Timestamp2Date
-// -------------------------------------
-
- function timestamp2date($stamp) {
- $date = substr($stamp,0,4).'-'.substr($stamp,4,2).'-'.substr($stamp,6,2);
- if (strlen($date) == 10) return $date;
- else return '';
- }
-
-/*
-// ---------------------------------------------------------------------------
-// LDAP eredmény elemeinek összehasonlítása cn-alapján (Már latin2-es kódolású!!!)
-// ---------------------------------------------------------------------------
-
- function ldap_cn_cmp($a,$b) {
- return str_cmp($a['cn'][0],$b['cn'][0]);
- }
-
-// ---------------------------------------------------------------------------
-// $TANAROK tömb rendezéséhez (include/naplo/helyettesít.php) (Már latin2-es kódolású!!!)
-// ---------------------------------------------------------------------------
-
- function tanar_cn_cmp($a,$b) {
- return str_cmp($a['cn'],$b['cn']);
- }
-*/
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/password/changePassword.php b/mayor-orig/www/include/backend/ldap/password/changePassword.php
deleted file mode 100644
index 22ace5ca..00000000
--- a/mayor-orig/www/include/backend/ldap/password/changePassword.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-/*
- Module: base/password
-
- function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
- A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
- Ennek eldöntése a függvényt hívó program feladata
- */
-
-############################################################################
-# Saját jelszó megváltoztatása
-############################################################################
-
-function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- $shadowLastChange = floor(time()/(60*60*24));
-
- $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if ($ds) {
- $b_ok = ldap_bind($ds,$userDn,$userPassword);
- if ($b_ok) {
- $info['userPassword'][0] = '{crypt}' . crypt($newPassword);
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowlastchange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $r = ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure';
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn;
- ldap_close($ds);
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-
-}
-
-############################################################################
-# Adminisztrátori jelszó változtatás
-############################################################################
-
-function changePassword($userAccount, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = _POLICY;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- $shadowLastChange = floor(time()/(60*60*24));
-
- $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if ($ds) {
- $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
- if ($b_ok) {
- $info['userPassword'][0] = '{crypt}' . crypt($newPassword);
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowlastchange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $r = @ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure';
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN;
- ldap_close($ds);
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-
-}
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/session/accountInfo.php b/mayor-orig/www/include/backend/ldap/session/accountInfo.php
deleted file mode 100644
index 24f5234b..00000000
--- a/mayor-orig/www/include/backend/ldap/session/accountInfo.php
+++ /dev/null
@@ -1,401 +0,0 @@
-<?php
-/*
- Module: base/auth-ldap
- Backend: ldap
-
- function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
- function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
- function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
- function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
- function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
-
-*/
-
-######################################################
-# getLDAPInfo - általános LDAP lekérdezés
-######################################################
-
- function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = '(objectclass=*)';
- $sr = @ldap_search($ds, $userDn, $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-###########################################################
-# ldapGetAccountInfo - felhasználói információk (backend)
-###########################################################
-
- function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- }
-
- return $return[0];
-
- }
-
- }
-
-#############################################################
-# ldapGetUserInfo - felhasználói információk (keretrendszer)
-#############################################################
-
- function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $accountAttrToLDAP, $ldapAttrDef;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
- if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
- else $return[$attr] = array('count' => 0);
- }
-
- return $return;
-
- }
-
- }
-
-###############################################################
-# ldapChangeAccountInfo - felhasználói információk módosítása
-###############################################################
-
- function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
- }
-
- $_alert = array();
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$userDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@ldap_mod_replace($ds,$userDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$userDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
-###########################################################
-# ldapGetGroupInfo - csoport információk (backend)
-###########################################################
-
- function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // Accountok lekérdezése
- $info = getLDAPaccounts($toPolicy);
- for ($i = 0; $i < $info['count']; $i++) {
- $accountUid[] = array(
- 'value' => $info[$i]['uid'][0],
- 'txt' => $info[$i]['cn'][0]
- );
- $accountDn[] = array(
- 'value' => $info[$i]['dn'],
- 'txt' => $info[$i]['cn'][0]
- );
- }
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- $return[$i]['member']['new'] = $accountDn;
- $return[$i]['memberuid']['new'] = $accountUid;
- }
-
- return $return[0];
-
- }
-
- }
-
-###############################################################
-# ldapChangeGroupInfo - csoport információk módosítása
-###############################################################
-
- function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
-
-// !!!! A memberuid / member szinkronjára nem figyel!!
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '')
- if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
- else $values[0] = '';
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
- }
-
- $_alert = array();
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
- function getLDAPaccounts($toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $attrList = array('cn','uid');
-// $filter = '(objectclass=mayorPerson)';
- $filter = '(objectclass=posixAccount)';
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- }
-
- ldap_sort($ds, $sr, 'cn');
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/session/base.php b/mayor-orig/www/include/backend/ldap/session/base.php
deleted file mode 100644
index b8529cc2..00000000
--- a/mayor-orig/www/include/backend/ldap/session/base.php
+++ /dev/null
@@ -1,255 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ldap
-
- function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
- function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
-
-*/
-
- require('include/backend/ldap/base/attrs.php');
- require('include/backend/ldap/base/str.php');
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
-
- if ($AUTH[_POLICY]['backend'] == 'ldap') {
- /* why not put into session cache */
- if ($AUTH[_POLICY]['cacheable']=='yes') {
- $userDn = _queryCache('RDN',_POLICY,'value');
- }
- if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
- define('_USERDN', $userDn);
- if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
- unset($userDn);
- }
-
-######################################################
-# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
-######################################################
-
- function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(uid=$userAccount)(objectClass=posixAccount))";
- $justthese=array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid:$userAccount";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
- return $info[0]['dn'];
- }
-
- }
-
-
-######################################################
-# A groupCn(cn)-hez tartozó dn lekérdezése
-######################################################
-
- function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(cn=$groupCn)(objectClass=posixGroup))";
- $justthese=array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
- if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen cn is van
- $_SESSION['alert'][] = "message:multi_gid:$groupCn";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen csoport
- return $info[0]['dn'];
- }
-
- }
-
-
-
-######################################################
-# memberOf - csoport tag-e
-######################################################
-
- function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) {
-
- global $AUTH, $LDAP2Mayor;
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- if (in_array($group, $AUTH[$toPolicy]['categories'])) {
- if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
-# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába...
-# else return false;
- }
-
- if (substr($group,0,3) != 'cn=') {
- $groupDn = LDAPgroupCnToDn(ekezettelen($group));
- if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
- } else {
- $groupDn = $group;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $justthese = array('cn'); // valamit le kell kérdezni...
-/* $filter = "(& (objectClass=mayorGroup)
- (member=$userDn)
- )";
-*/
- $filter = "(& (objectClass=posixGroup)
- (memberUid=$userAccount)
- )";
- $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = ldap_get_entries($ds, $sr);
- ldap_close($ds);
-
- if ($info['count'] > 0) {
- return true;
- } else {
- return false;
- }
-
- }
-
-######################################################
-# LDAPcreateContainer - tároló létrehozása
-######################################################
-
- function LDAPcreateContainer($containerDn, $toPolicy) {
-
- global $AUTH;
-
- $pos = strpos($containerDn, ',ou=');
- $container = substr($containerDn, 3, $pos-3);
- $rdn = substr($containerDn, $pos+1);
- $cat = substr($containerDn, 3, strlen($containerDn)-4-strlen($AUTH[$toPolicy]['ldap base dn']));
-
- error_reporting(1);
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // OU létrehozása
- $info['ou'][0] = $container;
- $info['objectclass'][0] = 'organizationalUnit';
- $info['description'][0] = $container;
-
- $_r1 = ldap_add($ds, $containerDn, $info);
- if (!$_r1) {
-// $_SESSION['alert'][] = 'message:ldap_add_failure:'.$containerDn;
- return false;
-// printf("LDAP-Error: %s<br>\n", ldap_error($ds));
-// echo '<pre>'; var_dump($info); echo '</pre>';
- }
-
- // az OU-hoz tartozó csoportok OU-ja
- $info['ou'][0] = 'Groups';
- $info['objectclass'][0] = 'organizationalUnit';
- $info['description'][0] = "$container csoportjai";
-
- $containerDn = "ou=Groups,$containerDn";
- $_r1 = ldap_add($ds, $containerDn, $info);
- if (!$_r1) {
- printf("LDAP-Error: %s<br>\n", ldap_error($ds));
- echo '<pre>'; var_dump($info); echo '</pre>';
- }
-
- // Az osztály csoport létrehozása
- require_once('include/modules/session/createGroup.php');
- createGroup($container, "$container csoport", "$cat", $toPolicy);
-
- ldap_close($ds);
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/session/createAccount.php b/mayor-orig/www/include/backend/ldap/session/createAccount.php
deleted file mode 100644
index 79f40530..00000000
--- a/mayor-orig/www/include/backend/ldap/session/createAccount.php
+++ /dev/null
@@ -1,204 +0,0 @@
-<?php
-/*
- Modules: base/session
-
- UNTESTED!!!!
-*/
-
- function ldapCreateAccount(
- $userCn, $userAccount, $userPassword, $toPolicy, $SET
- ) {
-
- global $AUTH;
-
- $category = ekezettelen($SET['category']);
- $shadowLastChange = floor(time() / (60*60*24));
-
- // $toPolicy --> ldap backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ldap') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $groupinfo = $oinfo = Array();
-
- // uid ütközés ellenőrzése
- $filter = "(uid=$userAccount)";
- $justthese = array('uid');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- $uinfo = ldap_get_entries($ds, $sr);
- $uidCount = $uinfo['count'];
- ldap_free_result($sr);
- if ($uidCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
- return false;
- }
-
- // Az következő uidNumber megállapítása
- $filter = '(objectClass=mayorOrganization)';
- $justthese = array('nextuid', 'freeuid');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- $uidinfo = ldap_get_entries($ds,$sr);
- ldap_free_result($sr);
- if (isset($uidinfo[0]['freeuid']['count'])) $freeUidCount = $uidinfo[0]['freeuid']['count'];
- else $freeUidCount = 0;
- if ($freeUidCount == 0) {
- $info['uidnumber'] = array($uidinfo[0]['nextuid'][0]);
- $info['gidnumber'] = $info['uidnumber'];
- $oinfo['nextuid'] = $info['uidnumber'][0]+1;
- } else {
- $info['uidnumber'] = array($uidinfo[0]['freeuid'][$freeUidCount-1]);
- $info['gidnumber'] = $info['uidnumber'];
- $oinfo['freeuid'] = $uidinfo[0]['freeuid'][$freeUidCount-1];
- }
-
- // shadow attributumok...
- // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
- $info['shadowlastchange'] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowmin']) && $AUTH[$toPolicy]['shadowmin'] != '') $info['shadowmin'] = $AUTH[$toPolicy]['shadowmin'];
- if (isset($AUTH[$toPolicy]['shadowmax']) && $AUTH[$toPolicy]['shadowmax'] != '') $info['shadowmax'] = $AUTH[$toPolicy]['shadowmax'];
- if (isset($AUTH[$toPolicy]['shadowwarning']) && $AUTH[$toPolicy]['shadowwarning'] != '') $info['shadowwarning'] = $AUTH[$toPolicy]['shadowwarning'];
- if (isset($AUTH[$toPolicy]['shadowinactive']) && $AUTH[$toPolicy]['shadowinactive'] != '') $info['shadowinactive'] = $AUTH[$toPolicy]['shadowinactive'];
- if (isset($AUTH[$toPolicy]['shadowexpire']) && $AUTH[$toPolicy]['shadowexpire'] != '') $info['shadowexpire'] = $AUTH[$toPolicy]['shadowexpire'];
-
- // A szokásos attribútumok
- $info['uid'] = array($userAccount);
- $info['cn'] = array($userCn);
- $info['sn'] = array('-');
- $info['userpassword'] = array('{crypt}' . crypt($userPassword));
- if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value;
- if (($pos = strpos($category,',')) !== false)
- $info['homedirectory'] = "/home/diak/".substr($category,0,$pos)."/$userAccount";
- else
- $info['homedirectory'] = "/home/$category/$userAccount";
-
- // A kategória függő attribútumok
- if (isset($SET['container']) && $SET['container'] != '') {
- $dn = "uid=$userAccount,".$SET['container'];
- $group = "cn=$userAccount,ou=Groups,".$SET['container'];
- $ouDn = $SET['container'];
- } else {
- $dn = "uid=$userAccount,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn'];
- $group = "cn=$userAccount,ou=Groups,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn'];
- $ouDn = "ou=".$category.",".$AUTH[$toPolicy]['ldap base dn'];
- }
-
- if ($SET['createContainer']) { // Létrehozza a tároló elemet, benne az OU=Groups tárolót, benne a megfelelő csoportot
- LDAPcreateContainer($ouDn, $toPolicy);
- }
- // objectum osztályok
- // a mayorPerson a posixAccount és shadowAccount leszármazottja,
- // de kell egy structural object is - ez a person - aminek kötelező paramétere az sn!
- $info['objectclass'] = array('person', 'mayorPerson');
-
- // user felvétel
- $info['homedirectory'] = ekezettelen($info['homedirectory']); // Nem lehet ékezetes :o(
-
- $_r1 = ldap_add($ds,$dn,$info);
- if (!$_r1) {
- printf("LDAP-Error: %s<br>\n", ldap_error($ds));
- echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // user csoportja
- $groupinfo['cn'] = $userAccount;
- $groupinfo['gidnumber'] = $info['uidnumber'];
- $groupinfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o(
- $groupinfo['description'] = 'A felhasználó saját csoportja';
- $groupinfo['objectclass'] = 'posixGroup';
- $_r2 = ldap_add($ds, $group, $groupinfo);
- if (!$_r2) {
- printf("LDAP-Error (userGroup): %s<br>\n", ldap_error($ds));
- echo $group.'<pre>'; var_dump($groupinfo); echo '</pre>';
- return false;
- }
-
- // Kategória csoportba rakás vagy tanár csoportba rakás ugye...
- // És nincs diák csoport!
- $ginfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o(
- $ginfo['member'] = $dn;
-
- // Kategória csoportba és egyéb csoportokba rakás
- if (isset($SET['category'])) {
- if (is_array($SET['groups'])) array_unshift($SET['groups'], $category);
- else $SET['groups'] = array($category);
-
- for ($i = 0; $i < count($SET['groups']); $i++) {
-
- $filter = "(&(objectClass=mayorGroup)(cn=".$SET['groups'][$i]."))";
- $justthese = array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- if (ldap_count_entries($ds, $sr)) {
- $grpInfo = ldap_get_entries($ds, $sr);
- $groupDn = $grpInfo[0]['dn'];
- $_r3 = ldap_mod_add($ds, $groupDn, $ginfo);
- if (!$_r3) {
- printf("LDAP-Error (category): %s<br>\n", ldap_error($ds));
- echo $groupDn.'<pre>'; var_dump($ginfo); echo '</pre>';
- }
- }
-
- }
-
- }
-
-
- // nextuid növelés
- if ($freeUidCount == 0) {
- $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
- } else {
- $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
- }
- if (!$_r4) {
- printf("LDAP-Error (freeUid): %s<br>\n", ldap_error($ds));
- return false;
- }
-
- ldap_close($ds);
-
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['createAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount l.trehoz.sa\n");
- fwrite($sfp,'/bin/mkdir -p '.$info['homedirectory']."\n");
- fwrite($sfp,'/bin/chmod 2755 '.$info['homedirectory']."\n");
- fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."\n");
-
- fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/private\n");
- fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/private\n");
- fwrite($sfp,'/bin/chmod 0770 '.$info['homedirectory']."/private\n");
-
- fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/public_html\n");
- fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/public_html\n");
- fwrite($sfp,'/bin/chmod 0755 '.$info['homedirectory']."/public_html\n");
-
- fwrite($sfp,'/bin/ln -s '.$info['homedirectory']." /home\n");
-// chmod($scriptFile,0770);
- fclose($sfp);
- }
- }
- $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/session/createGroup.php b/mayor-orig/www/include/backend/ldap/session/createGroup.php
deleted file mode 100644
index df2de812..00000000
--- a/mayor-orig/www/include/backend/ldap/session/createGroup.php
+++ /dev/null
@@ -1,103 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
- function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET) {
-
- global $AUTH;
- $category = ekezettelen($SET['category']);
-
- // $toPolicy --> ldap backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ldap') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $groupinfo = $oinfo = Array();
-
- // cn ütközés ellenőrzése
- $filter = "(&(objectclass=posixgroup)(cn=$groupCn))";
- $justthese = array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- $ginfo = ldap_get_entries($ds, $sr);
- $gCount = $ginfo['count'];
- ldap_free_result($sr);
- if ($gCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
- return false;
- }
-
- // Az következő gidNumber megállapítása
- $filter = '(objectClass=mayorOrganization)';
- $justthese = array('nextgid', 'freegid');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese);
- $ginfo = ldap_get_entries($ds,$sr);
- ldap_free_result($sr);
- if (isset($ginfo[0]['freegid']['count'])) $freeGidCount = $ginfo[0]['freegid']['count'];
- else $freeGidCount = 0;
- if ($freeGidCount == 0) {
- $info['gidnumber'] = array($ginfo[0]['nextgid'][0]);
- $oinfo['nextgid'] = $info['gidnumber'][0]+1;
- } else {
- $info['gidnumber'] = array($ginfo[0]['freegid'][$freeGidCount-1]);
- $oinfo['freegid'] = $ginfo[0]['freegid'][$freeGidCount-1];
- }
-
- // A szokásos attribútumok
- $info['cn'] = array($groupCn);
- $info['description'] = array($groupDesc);
-
- // A kategória függő attribútumok
- if (isset($SET['container'])) $dn = "cn=$groupCn,".$SET['container'];
- else $dn = "cn=$groupCn,ou=Groups,ou=$category,".$AUTH[$toPolicy]['ldap base dn'];
-
- // objectum osztályok
- $info['objectclass'] = array('posixGroup', 'mayorGroup');
-
- // Policy függő attribútumok - LDAP esetén pl a member kötelező
- if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value;
-
- // csoport felvétel
- $_r1 = ldap_add($ds,$dn,$info);
- if (!$_r1) {
- printf("LDAP-Error: %s<br>\n", ldap_error($ds));
- echo $dn.'<hr>';
- var_dump($info);
- echo '<hr>';
- var_dump($SET);
- }
-
- // nextuid növelés
- if ($freeGidCount == 0) {
- $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
- } else {
- $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo);
- }
-// if (!$_r4) {
-// printf("LDAP-Error: %s<br>\n", ldap_error($_r4));
-// }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php
deleted file mode 100644
index 62e19c5f..00000000
--- a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php
+++ /dev/null
@@ -1,311 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ldap
-
- ! -- Csak publikus mezőkre lehet keresni! -- !
- function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
- function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
- function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
-
-*/
-
-######################################################
-# Általános LDAP kereső függvény
-######################################################
-
- function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
-
- global $AUTH;
-
- if ($pattern == '') {
- $_SESSION['alert'][] = 'message:empty_field';
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = "(&$filter($attr=*$pattern*))";
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $searchAttrs);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-######################################################
-# ldapSearchAccount - felhasználó kereső függvény
-######################################################
-
- function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
-
- global $accountAttrToLDAP;
-
- // A keresendő attribútum konvertálása LDAP attribútummá
- if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
- else $attrLDAP = $attr;
- if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
-
- // A lekérendő attribútumok konvertálása LDAP attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
- else $searchAttrsLDAP[$i] = $searchAttrs[$i];
- }
-
- $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixaccount)', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (isset($result[$i][ $accountAttrToLDAP[$a] ])) {
- if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ $accountAttrToLDAP[$a] ];
- else $return[$i][$a] = $result[$i][$a];
- } else {
- $return[$i][$a] = array('count' => 0) ;
- }
- }
- $return[$i]['category'] = getAccountCategories($result[$i]['uid'][0], $toPolicy);
- $return[$i]['category']['count'] = count($return[$i]['category']);
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# ldapSearchGroup - csoport kereső függvény
-######################################################
-
- function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
-
- global $groupAttrToLDAP;
-
- // A keresendő attribútum konvertálása LDAP attribútummá
- if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
- else $attrLDAP = $attr;
- if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
-
- // A lekérendő adtibútumok konvertálása LDAP attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
- else $searchAttrsLDAP[$i] = $searchAttrs[$i];
- }
-
- $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixgroup)', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
- if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
- else $return[$i][$a] = '';
- } else {
- $return[$i][$a] = $result[$i][$a];
- }
- }
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# ldapDeleteAccount - account törlése
-######################################################
-
- function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- // $toPolicy --> ldap backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ldap') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Az uidNumber, a homeDirectory lekerdezése
- $filter = "(objectclass=posixAccount)";
- $justthese = array('uidNumber','homedirectory');
- $sr = @ldap_search($ds,$userDn,$filter,$justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- } ;
-
- $uidinfo = @ldap_get_entries($ds,$sr);
- $uidNumber = $uidinfo[0]['uidnumber'][0];
- if (isset($uidinfo[0]['homedirectory'][0])) $homeDirectory = $uidinfo[0]['homedirectory'][0];
- else $homeDirectory = '';
- $uid=$userAccount;
-
- // GroupDn, freeuid
- $groupDn = "cn=$uid,ou=Groups".strstr($userDn,',');
- $oinfo['freeuid'] = $uidNumber;
-
- // user törlése
- if (!@ldap_delete($ds,$userDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
- }
-
- // freeuid felvétele
- if (!@ldap_mod_add($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo)) {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:freeuid:'.$oinfo['freeuid'];
- }
-
- // csoport törlése
- if (!@ldap_delete($ds,$groupDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupDn;
- }
-
- // törlés a csoportból
- $filter = "(memberuid=$uid)";
- $justthese = array('cn','objectclass','member');
- $sr = @ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'],$filter,$justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:groups:".$userAccount;
- ldap_close($ds);
- return false;
- } ;
-
- $groupinfo = ldap_get_entries($ds,$sr);
-
- for ($i = 0; $i < $groupinfo['count']; $i++) {
- $grpinfo = array('memberuid' => $uid);
- if (@in_array($userDn,$groupinfo[$i]['member'])) {
- $grpinfo['member']=$userDn;
- }
- if (!@ldap_mod_del($ds,$groupinfo[$i]['dn'],$grpinfo)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:member:'.$groupinfo[$i]['dn'];
- }
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
- return true;
-
- }
-
-######################################################
-# ldapDeleteGroup - account törlése
-######################################################
-
- function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- // $toPolicy --> ldap backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ldap') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Az uidNumber, a homeDirectory lekerdezése
- $filter = '(objectclass=posixGroup)';
- $justthese = array('gidNumber');
- $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = 'message:ldap_search_failure:'.$userDn;
- ldap_close($ds);
- return false;
- } ;
-
- $gidinfo = ldap_get_entries($ds, $sr);
- $gidNumber = $gidinfo[0]['gidnumber'][0];
-
- // freeGid
- $oinfo['freegid'] = $gidNumber;
-
- if (!@ldap_delete($ds, $groupDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
- }
-
- // freeuid felvétele
- if (!@ldap_mod_add($ds, $AUTH[$toPolicy]['ldap base dn'], $oinfo)) {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:freeGid:'.$oinfo['freegid'];
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
- return true;
-
- }
-
-
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/auth/login.php b/mayor-orig/www/include/backend/ldapng/auth/login.php
deleted file mode 100644
index b24b4b96..00000000
--- a/mayor-orig/www/include/backend/ldapng/auth/login.php
+++ /dev/null
@@ -1,163 +0,0 @@
-<?php
-/*
- Auth-ldapng
-
- A név-jelszó pár ellenőrzése LDAP adatbázis alapján
-*/
-
-/* --------------------------------------------------------------
-
- Felhasználók azonosítása az LDAP-ban tárolt konfigurálható
- osztályok alapján történik.
-
- A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
- konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php)
-
- Sikeres hitelesítés esetén
- az egyéb account információkat (minimálisan a 'cn', azaz 'common name'
- attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
-
- Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
- elutasítás okát (ldap_connect_failure, ldap_bind_failure, ldap_search_failure, no_account, multi_uid,
- account_disabled, bad_pw, account_warning, account_expired, warn_account_disable.
-
--------------------------------------------------------------- */
-
-######################################################################
-# Az LDAP protocol version 3 kötelező,
-# referals=0 nélkül használhatatlanul lassú
-######################################################################
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
-
-
- function ldapngUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
-
- global $AUTH;
-
- if ($toPolicy == '') {
- if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy'];
-// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy'];
- else $toPolicy = _POLICY;
- }
-
- // Kapcsolódás a szerverhez
- $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return _AUTH_FAILURE;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:userAuthentication:'.$AUTH[$toPolicy]['ldapUser'];
- return _AUTH_FAILURE;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
- $justthese = array("sn",$AUTH[$toPolicy]['ldapCnAttr'],$AUTH[$toPolicy]['ldapStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax");
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return _AUTH_FAILURE;
- }
- $info = ldap_get_entries($ds,$sr);
-
- if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10)
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- ldap_close($ds);
- return _AUTH_FAILURE_1;
- }
-
- if ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid";
- ldap_close($ds);
- return _AUTH_FAILURE_2;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
-
-
- $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0];
- $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0];
-
- $accountInformation['dn'] = $info[0]['dn'];
- $accountInformation['account'] = $userAccount;
- // Lejárt-e
- // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
- if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk
-// if ($info[0]['shadowlastchange'][0] != '')
-// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]);
-// else
- $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]);
- }
- if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk
-// if ($info[0]['shadowexpire'][0] != '')
-// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]);
-// else
- $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]);
- }
- if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0];
- if (
- $info[0]['shadowmax'][0] != '' &&
- (
- !isset($expireTimestamp) ||
- $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]
- )
- ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0];
- // lejárt, ha lejárat ideje már elmúlt
- $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
-
- // Le van-e tiltva
- // Ha több mint shadowInactive napja lejárt
- if ( // onDisabled: none | refuse
- $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
- isset($expireTimestamp) &&
- $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24))
- ) {
- // Le van tiltva
- $_SESSION['alert'][] = 'message:account_disabled';
- ldap_close($ds);
- return _AUTH_FAILURE_4;
- } // onDisabled
-
- // Jelszó ellenőrzés - lehet-e csatlakozni
- if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) {
- $_SESSION['alert'][] = 'message:bad_pw';
- return _AUTH_FAILURE_3;
- }
-
- ldap_close($ds);
- // Lejárt-e az azonosító
- if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
- // Lejárt-e
- $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
- if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) {
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- return _AUTH_SUCCESS;
- } elseif ($pwLejar <= 0) {
- $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
- if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar);
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- } else {
- return _AUTH_FAILURE;
- }
- }
- } // onExpired
- // Ha idáig eljut, akkor minden rendben.
- return _AUTH_SUCCESS;
-
- } // count == 1
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/base/attrs.php b/mayor-orig/www/include/backend/ldapng/base/attrs.php
deleted file mode 100644
index 2ea07778..00000000
--- a/mayor-orig/www/include/backend/ldapng/base/attrs.php
+++ /dev/null
@@ -1,137 +0,0 @@
-<?php
-/*
- Module: useradmin
-*/
-
- if (file_exists('lang/'._LANG.'/backend/ldapng/attrs.php')) {
- require('lang/'._LANG.'/backend/ldapng/attrs.php');
- } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldapng/attrs.php')) {
- require('lang/'._DEFAULT_LANG.'/backend/ldapng/attrs.php');
- }
-
-######################################################
-# Alapértelmezett jogosultságok
-#
-# w - Írható/olvasható
-# r - olvasható
-# - - egyik sem
-#
-# Három karakter: admin, self, other jogai
-######################################################
-
- define('_DEFAULT_LDAP_RIGHTS','wr-');
-
-######################################################
-# Az LDAP account attribútumok
-######################################################
-
- global $ldapngAccountAttrs;
- $ldapngAccountAttrs = array(
- 'cn',
- 'serialnumber',
- 'uid',
- 'uidnumber',
- 'gidnumber',
- 'unixhomedirectory',
- 'loginshell',
-
- 'shadowlastchange',
- 'shadowexpire',
- 'shadowwarning',
- 'shadowmin',
- 'shadowmax',
- 'shadowinactive',
-
-/*
- 'gecos',
- 'mail',
- 'telephonenumber',
- 'mobile',
- 'l',
- 'street',
- 'postaladdress',
- 'postalcode',
- 'homedirectory',
-*/
- );
-
- global $ldapngGroupAttrs;
- $ldapngGroupAttrs = array(
- 'cn',
- 'description',
- 'member',
- 'name',
- 'samaccountname',
- 'objectcategory',
- 'gidnumber', // ennek kellene lennie - mitől lesz?
-/* 'memberuid' */
- );
-
- global $accountAttrToLDAP; // Kis és nagybetű számít!!!
- $accountAttrToLDAP = array(
- 'userAccount' => 'uid',
- 'userCn' => 'displayName',
- 'mail' => 'mail',
- 'studyId' => 'employeeNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns
- 'shadowLastChange' => 'shadowLastChange',
- 'shadowWarning' => 'shadowWarning',
- 'shadowMin' => 'shadowMin',
- 'shadowMax' => 'shadowMax',
- 'shadowExpire' => 'shadowExpire',
- 'shadowInactive' => 'shadowInactive',
- );
-
- global $groupAttrToLDAP;
- $groupAttrToLDAP = array(
- 'groupCn' => 'cn',
- 'groupDesc' => 'description',
- 'member' => 'member',
- );
-
- global $ldapngAccountAttrDef;
- $ldapngAccountAttrDef = array(
- 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'),
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'),
- 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'),
- 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'),
- 'employeenumber' => array('desc' => _LDAPEMPLOYEENUMBER, 'type' => 'int', 'rights' => 'wrr'),
- 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'),
- 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'),
- 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'),
- 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'),
- 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'),
- 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'),
- 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
-/*
- 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'),
- 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'),
- 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
- 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'),
- 'l' => array('desc' => _LDAPL, 'type' => 'text'),
- 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'),
- 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'),
- 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'),
-*/
- );
-
- global $ldapngGroupAttrDef;
- $ldapngGroupAttrDef = array(
- 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'),
- 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'),
- 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'),
- 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'),
- 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'),
- 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'),
- 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'),
-
- 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'),
- );
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/password/changePassword.php b/mayor-orig/www/include/backend/ldapng/password/changePassword.php
deleted file mode 100644
index 039dda5d..00000000
--- a/mayor-orig/www/include/backend/ldapng/password/changePassword.php
+++ /dev/null
@@ -1,160 +0,0 @@
-<?php
-/*
-
- Module: base/password
-
- function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
- A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
- Ennek eldöntése a függvényt hívó program feladata
-*/
-
-############################################################################
-# Jelszó kódolása (az Active Directory ezt használja....)
-############################################################################
-
-function LDAPEncodePassword($password) {
-
- return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8");
-
-}
-
-############################################################################
-# Saját jelszó megváltoztatása
-############################################################################
-
-/* *************************************************************************
- A leírások szerint a felhasználó maga is megváltoztathatja jelszavát.
- Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint),
- és felvétele új értékkel - mindenz elvileg egy lépésben.
-
- A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem
- támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból
- sem működik...
-************************************************************************* */
-
-function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- $shadowLastChange = floor(time()/(60*60*24));
-
- // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!)
- $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- // nem sikerült csatlakozni
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-
- // Az eredeti jelszó ellenőrzése - csatlakozással
- $b_ok = ldap_bind($ds,$userDn,$userPassword);
- if (!$b_ok) {
- // Talán a régi jelszót elgépelte, vagy le van tiltva...
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?';
- ldap_close($ds);
- return false;
- }
- $salt = generateSalt(8);
- $info['userPassword'][0] = "{smd5}".base64_encode(md5($newPassword.$salt, true).$salt); // Az LDAP ezt majd még egyszer base64 encod-olja...
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowlastchange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
-
- $r = ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure';
- return false;
- }
-}
-
-############################################################################
-# Adminisztrátori jelszó változtatás
-############################################################################
-
-function generateSalt($len=8) {
-// https://github.com/splitbrain/dokuwiki/blob/master/inc/PassHash.class.php
-// Ez adja vissza a salt-ot (ha nincs benne sortörés...):
-// echo e3NtZDV9U3lNbnNGQ05OUHV6L2J4dHovekpzVVpFUVZGQw== | base64 -d | sed s/{smd5}// | base64 -d | cut -f 15-
- $salt = '';
- //$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
- //for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,61)];
- $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
- for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,25)];
- return $salt;
-}
-
-function changePassword($userAccount, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = _POLICY;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- $shadowLastChange = floor(time()/(60*60*24));
-
- $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if ($ds) {
- $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
- if ($b_ok) {
- $salt = generateSalt(8);
- $info['userPassword'][0] = "{smd5}".base64_encode(md5($newPassword.$salt, true).$salt); // Az LDAP ezt majd még egyszer base64 encod-olja...
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowlastchange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $r = @ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure';
- return false;
- }
-
- /* *************** */
-/* $info['unicodePwd'][0] = LDAPEncodePassword($newPassword);
- // Ezekre nincs jogosultsága a felhasználónak, nem változnak:
- // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
- $info['shadowLastChange'][0] = $shadowLastChange;
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $r = @ldap_mod_replace($ds,$userDn,$info);
- ldap_close($ds);
- if ($r) {
- $_SESSION['alert'][] = 'info:pw_change_success';
- return true;
- } else {
- $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword';
- return false;
- }
-*/
- } else {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword';
- ldap_close($ds);
- return false;
- }
- } else {
- $_SESSION['alert'][] = 'message:ldap_failure';
- return false;
- }
-}
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php b/mayor-orig/www/include/backend/ldapng/session/accountInfo.php
deleted file mode 100644
index 03761dca..00000000
--- a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php
+++ /dev/null
@@ -1,399 +0,0 @@
-<?php
-/*
- Module: base/auth-ldapng
- Backend: ldapng
-
- function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
- function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
- function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
- function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
- function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
-
-*/
-
-######################################################
-# getLDAPInfo - általános LDAP lekérdezés
-######################################################
-
-
- function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = '(objectclass=*)';
- $sr = @ldap_search($ds, $Dn, $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-###########################################################
-# ldapGetAccountInfo - felhasználói információk (backend)
-###########################################################
-
- function ldapngGetAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $backendAttrs, $backendAttrDef;
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- }
- return $return[0];
-
- }
-
- }
-
-#############################################################
-# ldapGetUserInfo - felhasználói információk (keretrendszer)
-#############################################################
-
- function ldapngGetUserInfo($userAccount, $toPolicy = _POLICY) {
-
- global $accountAttrToLDAP, $ldapAttrDef;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema
- foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
- $ldapAttr = kisbetus($ldapAttr);
- if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
- else $return[$attr] = array('count' => 0);
- }
- return $return;
-
- }
-
- }
-
-###############################################################
-# ldapChangeAccountInfo - felhasználói információk módosítása
-###############################################################
-
- function ldapngChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
- $_alert = array();
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
- }
-
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$userDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$userDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
-###########################################################
-# ldapGetGroupInfo - csoport információk (backend)
-###########################################################
-
- function ldapngGetGroupInfo($groupCn, $toPolicy = _POLICY) {
-
- global $backendAttrs, $backendAttrDef;
-
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // Accountok lekérdezése
- $info = getLDAPaccounts($toPolicy);
- for ($i = 0; $i < $info['count']; $i++) {
- $accountUid[] = array(
- 'value' => $info[$i]['uid'][0],
- 'txt' => $info[$i]['displayname'][0]
- );
- $accountDn[] = array(
- 'value' => $info[$i]['dn'],
- 'txt' => $info[$i]['displayname'][0]
- );
- }
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- foreach ($backendAttrDef as $attr => $def) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
- elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
- else $return[$i][$attr] = array('count' => 0);
- }
- $return[$i]['member']['new'] = $accountDn;
- $return[$i]['memberuid']['new'] = $accountUid;
- }
-
- return $return[0];
-
- }
-
- }
-
-###############################################################
-# ldapChangeGroupInfo - csoport információk módosítása
-###############################################################
-
- function ldapngChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
-
-// !!!! A memberuid / member szinkronjára nem figyel!!
-
- global $AUTH, $backendAttrs, $backendAttrDef;
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
-
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
- $_alert = array();
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $mod_info = $add_info = $del_info = Array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] == 'image') {
- $file = $_FILES[$attr]['tmp_name'];
- if (file_exists($file)) {
- $fd = fopen($file,'r');
- $values[0]=fread($fd,filesize($file));
- fclose($fd);
- } else {
- // Sose töröljük!
- $emptyAttrs[] = $attr;
- }
- } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
- if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
- $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
- }
- } else {
- if ($backendAttrDef[$attr]['type'] != '')
- if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
- else $values[0] = '';
- }
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
- if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
- } elseif (in_array($attr,$emptyAttrs)) {
- if ($values[0] != '') $add_info[$attr] = $values;
- } else {
- if ($values[0] != '') {
- $mod_info[$attr] = $values;
- } else {
- $del_info[$attr] = Array();
- }
-
- }
-
- if (count($add_info)!=0) {
- if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
- $_alert[] = 'message:insufficient_access:add:'.$attr;
- }
- }
- if (count($mod_info)!=0) {
- if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
- $_alert[] = 'message:insufficient_access:mod:'.$attr;
- }
- }
- if (count($del_info)!=0) {
- if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
- $_alert[] = 'message:insufficient_access:del:'.$attr;
- }
- }
-
- } else {
-// $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- ldap_close($ds);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
- function getLDAPaccounts($toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $attrList = array('cn','uid','displayName','samaccountname');
- $filter = '(&(objectclass=person)(!(objectclass=computer)))';
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- }
-
- ldap_sort($ds, $sr, 'displayname');
- $info = @ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- return $info;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/base.php b/mayor-orig/www/include/backend/ldapng/session/base.php
deleted file mode 100644
index a4eff43d..00000000
--- a/mayor-orig/www/include/backend/ldapng/session/base.php
+++ /dev/null
@@ -1,190 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ldapng
-
- function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
- function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
-
-*/
-
- require('include/backend/ldapng/base/attrs.php');
-
- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
-
- if ($AUTH[_POLICY]['backend'] == 'ldapng') {
- /* why not put into session cache */
- if ($AUTH[_POLICY]['cacheable']=='yes') {
- $userDn = _queryCache('RDN',_POLICY,'value');
- }
- if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
- define('_USERDN', $userDn);
- if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
- unset($userDn);
- }
-
-######################################################
-# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
-######################################################
-
- function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e adott azonosítójú felhasználó?
- $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
- $justthese=array($AUTH[$toPolicy]['ldapCnAttr']);
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen userAccount (uid)
- $_SESSION['alert'][] = "message:no_account:$userAccount";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen uid is van
- $_SESSION['alert'][] = "message:multi_uid:$userAccount";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen felhasználó
- return $info[0]['dn'];
- }
-
- }
-
-
-######################################################
-# A groupCn(cn)-hez tartozó dn lekérdezése
-######################################################
-
- function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // Nézzük, hogy van-e át"map"-elt csoport!
- if (isset($AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)])) {
- return $AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)];
- }
-
- // Kapcsolódás a szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- return false;
- }
-
- // Van-e ilyen csoport?
- $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))";
- $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']);
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure";
- ldap_close($ds);
- return false;
- }
- $info=ldap_get_entries($ds,$sr);
- ldap_close($ds);
-
- if ( $info['count'] === 0 ) {
- // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
- if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
- return false;
- } elseif ( $info['count'] > 1 ) {
- // Több ilyen cn is van
- $_SESSION['alert'][] = "message:multi_gid:$groupCn";
- return false;
- }
-
- if ($info['count']==1) { // Van - egy - ilyen csoport
- return $info[0]['dn'];
- }
-
- }
-
-######################################################
-# memberOf - csoport tag-e
-######################################################
-
- function ldapngMemberOf($userAccount, $group, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */
- if (in_array($group, $AUTH[$toPolicy]['categories'])) {
- if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
- }
-
- if (substr($group,0,3) != 'cn=') {
- $groupDn = LDAPgroupCnToDn(ekezettelen($group));
- if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
- } else {
- $groupDn = $group;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $justthese = array('cn'); // valamit le kell kérdezni...
- // OpenLDAP a tagok azonosítóját tárolja el (memberUid), más rendszerek a dn-t (member)
- $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(|(member=$userDn)(memberUid=$userAccount)))";
- $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:group=$group; filter=".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = ldap_get_entries($ds, $sr);
- ldap_close($ds);
-
- if ($info['count'] > 0) {
- return true;
- } else {
- return false;
- }
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/createAccount.php b/mayor-orig/www/include/backend/ldapng/session/createAccount.php
deleted file mode 100644
index 96a5b557..00000000
--- a/mayor-orig/www/include/backend/ldapng/session/createAccount.php
+++ /dev/null
@@ -1,157 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
- require_once('include/backend/ldapng/password/changePassword.php');
-
- /*
- $SET = array(
- container => a konténer elem - ha nincs, akkor CN=Users alá rakja
- category => tanár, diák... egy kiemelt fontosságú csoport tagság
- groups => egyéb csoportok
- policyAttrs => policy függő attribútumok
- )
- */
- function ldapngCreateAccount(
- $userCn, $userAccount, $userPassword, $toPolicy, $SET
- ) {
-
- global $AUTH;
-
- $shadowLastChange = floor(time() / (60*60*24));
-
- // $toPolicy --> ldap backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $ginfo = Array();
-
- // uid ütközés ellenőrzése
- $filter = "(sAMAccountName=$userAccount)";
- $justthese = array('sAMAccountName');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- $uinfo = ldap_get_entries($ds, $sr);
- $uidCount = $uinfo['count'];
- ldap_free_result($sr);
- if ($uidCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
- return false;
- }
-
- // Az következő uidNumber megállapítása
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))";
- $justthese = array('uidNumber', 'msSFU30UidNumber');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- ldap_sort($ds, $sr, 'uidNumber');
- $uinfo = ldap_get_entries($ds, $sr);
- ldap_free_result($sr);
- if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
- else $info['uidNumber'] = array(1001);
-
- // shadow attributumok...
- // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
- $info['shadowLastChange'] = array($shadowLastChange);
- if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
- if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
- if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
- if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
- if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
-
- // A szokásos attribútumok
- $Name = explode(' ',$userCn);
- $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']);
- $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
- $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
- $info['displayName'] = array($userCn);
- $info['sn'] = array($Name[0]);
- $info['givenName'] = array($Name[ count($Name)-1 ]);
- $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
- $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
- $info['loginShell'] = array('/bin/bash');
- $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user');
-
- $policyAccountAttrs = $SET['policyAttrs'];
- if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
- foreach ($policyAccountAttrs as $attr => $value)
- if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr]))
- $info[ $accountAttrToLDAP[$attr] ] = array($value);
-
- if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
- else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn'];
-
- // user felvétel
- $_r1 = @ldap_add($ds,$dn,$info);
- if (!$_r1) {
- $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
- //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // Jelszó beállítás
- if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
-
- // Engedélyezés
- $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
- $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
- if (!$_r1) {
- $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
- //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
- return false;
- }
-
- // Kategória csoportba és egyéb csoportokba rakás
- if (isset($SET['category'])) {
- if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
- else $SET['groups'] = array($SET['category']);
-
- $ginfo['member'] = $dn;
-
- for ($i = 0; $i < count($SET['groups']); $i++) {
- $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy);
- if ($groupDn !== false) {
- $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
- if (!$_r3) {
- $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
- //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
- }
- }
- }
- }
-
- ldap_close($ds);
-
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['createAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
- fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
- fclose($sfp);
- }
- }
- $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/createGroup.php b/mayor-orig/www/include/backend/ldapng/session/createGroup.php
deleted file mode 100644
index 78def54d..00000000
--- a/mayor-orig/www/include/backend/ldapng/session/createGroup.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-/*
- Modules: base/session
-*/
-
-
- function ldapngCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
-
- global $AUTH;
- $category = ekezettelen($SET['category']);
-
- // $toPolicy --> ldap backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- $info = $ginfo = Array();
-
- // cn ütközés ellenőrzése
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))";
- $justthese = array('cn');
- $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- $ginfo = ldap_get_entries($ds, $sr);
- $gCount = $ginfo['count'];
- ldap_free_result($sr);
- if ($gCount > 0) {
- $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
- return false;
- }
-
- // Az következő gidNumber megállapítása
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))";
- $justthese = array('gidNumber', 'msSFU30GidNumber');
- $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
- ldap_sort($ds, $sr, 'gidNumber');
- $ginfo = ldap_get_entries($ds, $sr);
- ldap_free_result($sr);
- if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
- else $info['gidNumber'] = array(1001);
-
- // A szokásos attribútumok
- $info['sAMAccountName'] = $info['cn'] = array($groupCn);
- $info['description'] = array($groupDesc);
-
- // A kategória függő attribútumok
- if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
- else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn'];
-
- // objectum osztályok
- $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']);
-
- // csoport felvétel
- $_r1 = ldap_add($ds,$dn,$info);
- if (!$_r1) {
- printf("LDAP-Error: %s<br>\n", ldap_error($ds));
- var_dump($info);
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php
deleted file mode 100644
index 74d285e6..00000000
--- a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php
+++ /dev/null
@@ -1,271 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: ldapng
-
- ! -- Csak publikus mezőkre lehet keresni! -- !
- function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
- function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
- function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
-
-*/
-
-######################################################
-# Általános LDAP kereső függvény
-######################################################
-
- function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
-
- global $AUTH;
-
- if ($pattern == '') {
- $_SESSION['alert'][] = 'message:empty_field';
- return false;
- }
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure:LDAPSearch';
- ldap_close($ds);
- return false;
- }
-
- // Keresés
- $filter = "(&$filter($attr=*$pattern*))";
- $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
- ldap_close($ds);
- return false;
- }
-
- $info = @ldap_get_entries($ds,$sr);
-
- ldap_close($ds);
-
- return $info;
-
- }
-
-######################################################
-# ldapSearchAccount - felhasználó kereső függvény
-######################################################
-
- function ldapngSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
-
- global $accountAttrToLDAP, $AUTH;
-
- // A keresendő attribútum konvertálása LDAP attribútummá
- if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
- else $attrLDAP = $attr;
- if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
-
- // A lekérendő attribútumok konvertálása LDAP attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
- else $searchAttrsLDAP[$i] = $searchAttrs[$i];
- }
- $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapUserObjectClass'].')', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) {
- if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ];
- else $return[$i][$a] = $result[$i][$a];
- } else {
- $return[$i][$a] = array('count' => 0) ;
- }
- }
- $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
- $return[$i]['category']['count'] = count($return[$i]['category']);
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# ldapSearchGroup - csoport kereső függvény
-######################################################
-
- function ldapngSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
-
- global $groupAttrToLDAP, $AUTH;
-
- // A keresendő attribútum konvertálása LDAP attribútummá
- if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
- else $attrLDAP = $attr;
- if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
-
- // A lekérendő adtibútumok konvertálása LDAP attribútummá
- for ($i = 0; $i < count($searchAttrs); $i++) {
- if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
- else $searchAttrsLDAP[$i] = $searchAttrs[$i];
- }
-
- $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapGroupObjectClass'].')', $toPolicy);
- if ($result === false) {
- return false;
- } else {
-
- // LDAP schema --> mayor schema konverzió
- for ($i = 0; $i < $result['count']; $i++) {
- // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
- $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
- for ($j = 0; $j < count($searchAttrs); $j++) {
- $a = $searchAttrs[$j];
- if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
- if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
- else $return[$i][$a] = '';
- } else {
- $return[$i][$a] = $result[$i][$a];
- }
- }
- }
- $return['count'] = $result['count'];
-
- return $return;
-
- }
-
- }
-
-######################################################
-# ldapDeleteAccount - account törlése
-######################################################
-
- function ldapngDeleteAccount($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> ldapng backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
- $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
- if ($userDn === false) return false;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- // Az uidNumber, a unixHomeDirectory lekerdezése
- $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))";
- $justthese = array('uidNumber','unixHomedirectory');
- $sr = @ldap_search($ds,$userDn,$filter,$justthese);
- if (!$sr) {
- $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
- ldap_close($ds);
- return false;
- } ;
-
- $info = @ldap_get_entries($ds,$sr);
- $uidNumber = $info[0]['uidnumber'][0];
- $homeDirectory = $info[0]['unixhomedirectory'][0];
- $uid=$userAccount;
-
- // user törlése
- if (!@ldap_delete($ds,$userDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
- }
-
- ldap_close($ds);
-
- /*
- Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
- A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
- lista: userAccount, uidNumber, homeDirectory
- */
- if (defined('_DATADIR')
- && isset($AUTH[$toPolicy]['deleteAccountScript'])
- && file_exists(_DATADIR)
- ) {
- $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
- if ($sfp) {
- fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
- fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
- fclose($sfp);
- }
- }
-
- $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
- return true;
-
- }
-
-######################################################
-# ldapDeleteGroup - account törlése
-######################################################
-
- function ldapngDeleteGroup($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> ldapng backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'ldapng') {
- $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
- if ($groupDn === false) return false;
-
- // Kapcsolódás az LDAP szerverhez
- $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
- if (!$ds) {
- $_SESSION['alert'][] = 'alert:ldap_connect_failure';
- return false;
- }
-
- // Csatlakozás a szerverhez
- $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
- if (!$r) {
- $_SESSION['alert'][] = 'message:ldap_bind_failure';
- ldap_close($ds);
- return false;
- }
-
- if (!@ldap_delete($ds, $groupDn)) {
- $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
- }
-
- ldap_close($ds);
-
- $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
- return true;
-
- }
-
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/auth/login.php b/mayor-orig/www/include/backend/mysql/auth/login.php
deleted file mode 100644
index caa7929d..00000000
--- a/mayor-orig/www/include/backend/mysql/auth/login.php
+++ /dev/null
@@ -1,144 +0,0 @@
-<?php
-/*
- Auth-MySQL
-
- A név-jelszó pár ellenőrzése MySQL adattábla alapján
- */
-
-/* --------------------------------------------------------------
-
-Az adattábla szerkezete:
-
-create table userAccounts (
-userId int unsigned primary key auto_increment not null,
-userAccount varchar(32),
-policy varchar(10),
-userPassword varchar(32),
-userCn varchar(64)
-);
-
-A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE
-konstansok valamelyikével tér vissza.
-
-Sikeres hitelesítés esetén
-az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név
-attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el.
-
-Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az
-elutasítás okát.
-
-Shadow attribútumok:
-
-Login name
-Encrypted password
-shadowLastChanged
-1970. január 1-étől az utolsó jelszó módosításig eltelt napok száma
-Days since Jan 1, 1970 that password was last changed
-shadowMin
-Jelszóváltoztatás után ennyi napig nem lehet ismét jelszót változtatni
-Days before password may be changed
-shadowMax
-Jelszóváltoztatás után ennyi nappal már kötelező a jelszóváltoztatás
-Days after which password must be changed
-shadowWarning
-A jelszó érvényességének lejártát ennyi nappal előbb jelezi a rendsze
-Days before password is to expire that user is warned
-shadowInactive
-A jelszó érvényességének lejárta után ennyi nappal az felhasználói fiók letiltásra kerül
-Days after password expires that account is disabled
-shadowExpire
-Az előzőektől függetlenül a felhasználói fiók letiltásra kerül 1970. január 1-étől számított ennyiedik napo
-Days since Jan 1, 1970 that account is disabled
-
--------------------------------------------------------------- */
-
-function mysqlUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'userAuthentication/sql'));
- if (!$lr) return _AUTH_FAILURE;
-
- // Van-e ilyen azonosító
- $q = "SELECT COUNT(*) FROM accounts WHERE userAccount='%s' AND policy='%s'";
- $num = db_query($q, array('fv' => 'userAuthentication', 'modul' => $modul, 'result' => 'value', 'values' => array($userAccount, $toPolicy)), $lr);
- if ($num == 0) {
- // Nincs ilyen azonosító
- $_SESSION['alert'][] = 'message:no_account:'."$userAccount:$toPolicy";
- db_close($lr);
- return _AUTH_FAILURE_1;
- } elseif ($num > 1) {
- // Több ilyen azonosító is va
- $_SESSION['alert'][] = 'message:multy_uid';
- db_close($lr);
- return _AUTH_FAILURE_2;
- }
-
- // Ha csak egy van, akkor jó-e a jelszava
- $q = "SELECT userCn, studyId, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire
- FROM accounts WHERE userAccount='%s' AND userPassword=sha('%s') AND policy='%s'";
- $ret = db_query($q, array('fv' => 'userAuthentication', 'modul' => 'login', 'result' => 'record', 'values' => array($userAccount, $userPassword, $toPolicy)), $lr);
- db_close($lr);
- if (!is_array($ret) || count($ret) == 0) {
- // Nincs ilyen rekord => rossz a jelszó
- $_SESSION['alert'][] = 'message:bad_pw';
- return _AUTH_FAILURE_3;
- } else {
- // Ha van, akkor csak egy ilyen sor lehet
- $accountInformation['cn'] = $ret['userCn'];
- $accountInformation['studyId'] = $ret['studyId'];
- $shadowLastChange = $ret['shadowLastChange'];
- $shadowMin = $ret['shadowMin'];
- $shadowMax = $ret['shadowMax'];
- $shadowWarning = $ret['shadowWarning'];
- $shadowInactive = $ret['shadowInactive'];
- $shadowExpire = $ret['shadowExpire'];
-
- // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik
- if (intval($shadowExpire) != 0) $expireTimestamp = $shadowExpire;
- if (
- intval($shadowMax) != 0 &&
- (
- !isset($expireTimestamp) ||
- $expireTimestamp > $shadowLastChange + $shadowMax
- )
- ) $expireTimestamp = $shadowLastChange + $shadowMax;
- // lejárt, ha lejárat ideje már elmúlt
- $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24))));
-
- // Le van-e tiltva
- if ( // onDisabled: none | refuse
- $AUTH[$toPolicy]['onDisabled'] == 'refuse' &&
- isset($expireTimestamp) &&
- $expireTimestamp + $shadowInactive <= floor(time()/(60*60*24))
- ) {
- // Le van tiltva
- $_SESSION['alert'][] = 'message:account_disabled:'.strval(floor(time()/(60*60*24)));
- return _AUTH_FAILURE_4;
- } // onDisabled
-
- // Lejárt-e az azonosító
- if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update
- // Lejárt-e
- $pwLejar = $expireTimestamp - floor(time()/(60*60*24));
- if (0 < $pwLejar && $pwLejar < $shadowWarning) {
- $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar;
- return _AUTH_SUCCESS;
- } elseif ($pwLejar <= 0) {
- $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar);
- if ($AUTH[$toPolicy]['onDisabled'] == 'refuse')
- $_SESSION['alert'][] = 'info:warn_account_disable:'.($shadowInactive+$pwLejar);
- if ($AUTH[$toPolicy]['onExpired'] == 'warning') {
- return _AUTH_SUCCESS;
- } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') {
- return _AUTH_EXPIRED;
- }
- }
- } // onExpired
- return _AUTH_SUCCESS;
-
- }
-}
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/base/attrs.php b/mayor-orig/www/include/backend/mysql/base/attrs.php
deleted file mode 100644
index b945d764..00000000
--- a/mayor-orig/www/include/backend/mysql/base/attrs.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
- if (file_exists('lang/'._LANG.'/backend/mysql/attrs.php')) {
- require('lang/'._LANG.'/backend/mysql/attrs.php');
- } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/mysql/attrs.php')) {
- require('lang/'._DEFAULT_LANG.'/backend/mysql/attrs.php');
- }
-
-######################################################
-# Alapértelmezett jogosultságok
-#
-# w - Írható/olvasható
-# r - olvasható
-# - - egyik sem
-#
-# Három karakter: admin, self, other jogai
-######################################################
-
- define('_DEFAULT_MYSQL_RIGHTS','wr-');
-
- global $mysqlAccountAttrDef;
- $mysqlAccountAttrDef = array(
- 'uid' => array('desc' => _MYSQLUID, 'type' => 'text', 'rights' => 'rrr'),
- 'policy' => array('desc' => _MYSQLPOLICY, 'type' => 'text', 'rights' => 'r--'),
- 'useraccount' => array('desc' => _MYSQLUIDNUMBER, 'type' => 'text','rights' => 'r--'),
- 'userCn' => array('desc' => _MYSQLCN, 'type' => 'text', 'rights' => 'wrr'),
- 'studyId' => array('desc' => _MYSQLSTUDYID, 'type' => 'int', 'rights' => 'wrr'),
- 'mail' => array('desc' => _MYSQLMAIL, 'type' => 'text', 'rights' => 'wwr'),
- 'telephoneNumber' => array('desc' => _MYSQLTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'),
-// 'userPassword' => array('desc' => _MYSQLUSERPASSWORD, 'type' => 'text', 'rights' => 'r--'),
- 'shadowLastChange' => array('desc' => _MYSQLSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowExpire' => array('desc' => _MYSQLSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowWarning' => array('desc' => _MYSQLSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowMin' => array('desc' => _MYSQLSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowMax' => array('desc' => _MYSQLSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'),
- 'shadowInactive' => array('desc' => _MYSQLSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'),
- );
-
- global $mysqlGroupAttrDef;
- $mysqlGroupAttrDef = array(
- 'gid' => array('desc' => _MYSQLGID, 'type' => 'text', 'rights' => 'rrr'),
- 'groupDesc' => array('desc' => _MYSQLGROUPDESC, 'type' => 'text', 'rights' => 'wrr'),
- 'policy' => array('desc' => _MYSQLPOLICY, 'type' => 'int', 'rights' => 'r--'),
- 'member' => array('desc' => _MYSQLMEMBER, 'type' => 'select', 'rights' => 'w--'),
- );
-
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/password/changePassword.php b/mayor-orig/www/include/backend/mysql/password/changePassword.php
deleted file mode 100644
index 2875bace..00000000
--- a/mayor-orig/www/include/backend/mysql/password/changePassword.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-/*
- Module: base/password
-
- function changeMyPassword($userAccount, $userPassword, $newPassword, $verification)
- A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására.
- Ennek eldöntése a függvényt hívó program feladata
- */
-
-############################################################################
-# Saját jelszó megváltoztatása
-############################################################################
-
-function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy'];
- $shadowLastChange = floor(time()/(60*60*24));
-
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'changeMyPassword'));
-
- if (!$lr) return false;
-
- // Stimmel-e az azonosító/jelszó/policy hármas
- $q = "SELECT COUNT(*) FROM accounts WHERE userAccount='%s' AND userPassword=sha('%s') AND policy='%s'";
- $num = db_query($q, array('fv' => 'changeMyPassword', 'modul' => $modul, 'result' => 'value', 'values' => array($userAccount, $userPassword, $toPolicy)), $lr);
- if ($num != 1) {
- $_SESSION['alert'][] = 'message:bad_pw:changeMyPassword';
- db_close($lr);
- return false;
- }
-
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $shadowExpire = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $shadowExpire = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $q = "UPDATE accounts SET userPassword=sha('%s'), shadowLastChange=%u, shadowExpire=%u
- WHERE userAccount='%s' and policy='%s'";
- $v = array($newPassword, $shadowLastChange, $shadowExpire, $userAccount, $toPolicy);
- $r = db_query($q, array('fv' => 'changeMyPassword', 'modul' => $modul, 'values' => $v), $lr);
- db_close($lr);
- if ($r) $_SESSION['alert'][] = 'info:pw_change_success';
- return $r;
-
-}
-
-############################################################################
-# Adminisztrátori jelszó változtatás
-############################################################################
-
-function changePassword($userAccount, $newPassword, $toPolicy = '') {
-
- global $AUTH;
-
- if ($toPolicy == '') $toPolicy = _POLICY;
- $shadowLastChange = floor(time()/(60*60*24));
- if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') {
- $shadowExpire = $AUTH[$toPolicy]['shadowExpire'];
- } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') {
- $shadowExpire = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']);
- }
- $shadowExpire = intval($shadowExpire);
- $q = "UPDATE accounts SET userPassword=sha('%s'), shadowLastChange=%u, shadowExpire=%u
- WHERE userAccount='%s' and policy='%s'";
- $v = array($newPassword, $shadowLastChange, $shadowExpire, $userAccount, $toPolicy);
- $r = db_query($q, array('fv' => 'changePassword', 'modul' => "$toPolicy auth", 'values' => $v));
- if ($r) $_SESSION['alert'][] = 'info:pw_change_success';
- return $r;
-
-}
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/session/accountInfo.php b/mayor-orig/www/include/backend/mysql/session/accountInfo.php
deleted file mode 100644
index 113e380b..00000000
--- a/mayor-orig/www/include/backend/mysql/session/accountInfo.php
+++ /dev/null
@@ -1,258 +0,0 @@
-<?php
-/*
- Module: base/auth-mysql
- Backend: mysql
-
- function mysqlGetAccountInfo($userAccount, $toPolicy = _POLICY)
- function mysqlGetUserInfo($userAccount, $toPolicy = _POLICY)
- function mysqlChangeAccountInfo($userAccount, $toPolicy = _POLICY)
- function mysqlGetGroupInfo($groupCn, $toPolicy = _POLICY)
-
-*/
-
-###########################################################
-# mysqlGetAccountInfo - felhasználói információk (backend)
-###########################################################
-
- function mysqlGetAccountInfo($userAccount, $toPolicy = _POLICY, $SET = array()) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- // Keresés
- if (is_array($SET['justThese']) && count($SET['justThese']) > 0) {
- $_THESE = '`'.implode('`,`', array_fill(0, count($SET['justThese']), '%s')).'`';
- $v = $SET['justThese'];
- } else {
- $_THESE = '*';
- $v = array();
- }
- $q = "SELECT $_THESE FROM accounts WHERE userAccount='%s' AND policy='%s'";
- array_push($v, $userAccount, $toPolicy);
- $A = db_query($q, array('fv' => 'mysqlGetAccountInfo', 'modul' => "$toPolicy auth", 'result' => 'record', 'values' => $v), $lr);
- if (!is_array($A) || count($A) == 0) return false;
-
- $data = array();
- foreach ($A as $attr => $value) $data[$attr][] = $value;
- foreach ($data as $attr => $array) $data[$attr]['count'] = count($array);
-
- return $data;
-
- }
-
-#############################################################
-# mysqlGetUserInfo - felhasználói információk (keretrendszer)
-#############################################################
-
- function mysqlGetUserInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
-
- // Keresés
- $q = "SELECT userAccount,userCn FROM accounts WHERE userAccount='%s' AND policy='%s'";
- $A = db_query($q, array('fv' => 'mysqlGetUserInfo', 'modul' => "$toPolicy auth", 'result' => 'record', 'values' => array($userAccount, $toPolicy)));
- if (!is_array($A) || count($A) == 0) return false;
- $ret = array();
- foreach ($A as $attr => $value) $ret[$attr][] = $value;
- return $ret;
-
- }
-
-###############################################################
-# mysqlChangeAccountInfo - felhasználói információk módosítása
-###############################################################
-
- function mysqlChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'mysqlChangeAccountInfo'));
- if (!$lr) return false;
-
- $emptyAttrs = explode(':',$_POST['emptyAttrs']);
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_MYSQL_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $value = '';
-
- if ($backendAttrDef[$attr]['type'] == 'int') {
- if ($backendAttrDef[$attr]['type'] != '' ) $value = readVariable($_POST[$attr], 'number');
- } else {
- if ($backendAttrDef[$attr]['type'] != '' ) $value = readVariable($_POST[$attr], 'string'); // html túl erős: pl email címben a @ fent akad...
- }
-
- if (in_array($attr,$emptyAttrs)) {
- if ($value != '') {
- $q = "UPDATE accounts SET `%s`='%s' WHERE userAccount='%s' AND policy='%s'";
- $v = array($attr, $value, $userAccount, $toPolicy);
- }
- } else {
- if ($value != '') {
- $q = "UPDATE accounts SET `%s`='%s' WHERE userAccount='%s' AND policy='%s'";
- $v = array($attr, $value, $userAccount, $toPolicy);
- } else {
- $q = "UPDATE accounts SET `%s`=NULL WHERE userAccount='%s' AND policy='%s'";
- $v = array($attr, $userAccount, $toPolicy);
- }
- }
- db_query($q, array('fv' => 'mysqlChangeAccountInfo', 'modul' => $modul, 'values' => $v), $lr);
-
- } else {
- // $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- db_close($lr);
- if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
- else for ($i = 0; $i < count($_alert); $i++) $_SESSION['alert'][] = $_alert[$i];
-
- }
-
-###########################################################
-# mysqlGetGroupInfo - csoport információk (backend)
-###########################################################
-
- function mysqlGetGroupInfo($groupCn, $toPolicy = _POLICY, $SET = array()) {
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'mysqlGetGroupInfo'));
- if (!$lr) return false;
-
- // Keresés
- if (is_array($SET['justThese']) && count($SET['justThese']) > 0) {
- $_THESE = '`'.implode('`,`', array_fill(0, count($SET['justThese']), '%s')).'`';
- $v = $SET['justThese'];
- } else {
- $_THESE = '*';
- $v = array();
- }
- $q = "SELECT $_THESE FROM groups WHERE groupCn='%s' AND policy='%s'";
-
- array_push($v, $groupCn, $toPolicy);
- $A = db_query($q, array('fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'record', 'values' => $v), $lr);
- if (!is_array($A) || count($A) == 0) { db_close($lr); return false; }
- // Megfelelő formátum kialakítása
- foreach ($A as $attr => $value) $data[$attr][] = $value;
- foreach ($data as $attr => $array) $data[$attr]['count'] = count($array);
-
- // tagok lekérdezése
- $q = "SELECT 'member' AS type, uid AS value, userCn AS txt FROM members LEFT JOIN accounts USING (uid) WHERE gid = '%s'";
- $v = array($A['gid']);
- $data2 = db_query($q, array('fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'multiassoc', 'keyfield' => 'type', 'values' => $v), $lr);
- if ($data2 === false) { db_close($lr); return false; }
- $data = array_merge($data, $data2);
-
- // Lehetséges tagok
- if ($SET['withNewAccounts']===true) {
- $q = "SELECT userCn AS txt, uid AS value FROM accounts WHERE policy='%s' ORDER BY userCn";
- $data['member']['new'] = db_query($q, array(
- 'fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'indexed', 'values' => array($toPolicy)
- ), $lr);
- }
-
- db_close($lr);
- return $data;
-
- }
-
-
-###############################################################
-# mysqlChangeGroupInfo - csoport információk módosítása
-###############################################################
-
- function mysqlChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
-
-// !!!! A memberuid / member szinkronjára nem figyel!!
-
- global $AUTH, $backendAttrs, $backendAttrDef;
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'mysqlChangeGroupInfo'));
- if (!$lr) return false;
-
- $q = "SELECT gid FROM groups WHERE groupCn='%s' AND policy='%s'";
- $v = array($groupCn, $toPolicy);
- $gid = db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
- if ($gid === false) { db_close($lr); return false; }
-
- $emptyAttrs = explode(':', $_POST['emptyAttrs']);
-
- // Attribútumonként módosítunk
- foreach ($backendAttrs as $attr) {
-
- if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
- else $rights = $backendAttrDef[$attr]['rights'];
-
- if ($rights[_ACCESS_AS] == 'w') {
-
- $Mod = $Add = $Del = $V = $v = array();
- $values = array();
-
- if ($backendAttrDef[$attr]['type'] != '')
- if (isset($_POST[$attr])) $values[0] = readVariable($_POST[$attr],'html');
- else $values[0] = '';
-
- if ($backendAttrDef[$attr]['type'] == 'select') {
- if ($attr == 'member') {
- if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') {
- for ($i = 0; $i < count($_POST['new-'.$attr]); $i++) {
- $V[] = "(%u, %u)";
- array_push($v, $_POST['new-'.$attr][$i], $gid);
- }
- $q = "INSERT INTO members (uid, gid) VALUES ".implode(',', $V);
- db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr);
- }
- if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') {
- $q = "DELETE FROM members WHERE gid=%u
- AND uid IN (".implode(',', array_fill(0, count($_POST['del-'.$attr]), '%u')).")";
- $v = array_merge(array($gid), $_POST['del-'.$attr]);
- $r = db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr);
- }
- } else {
- $_SESSION['alert'][] = 'message:invalid_type:select:'.$attr;
- }
- } else {
- if (in_array($attr, $emptyAttrs)) {
- if ($values[0] != '') {
- $W = "`%s`='%s'";
- $v = array($attr, $values[0]);
- }
- } else {
- if ($values[0] != '') {
- $W = "`%s`='%s'";
- $v = array($attr, $values[0]);
- } else {
- $W = "`%s`=NULL";
- $v = array($attr);
- }
- }
- $q = "UPDATE groups SET $W WHERE groupCn='%s' AND policy='%s'";
- array_push($v, $groupCn, $toPolicy);
- db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr);
- }
- } else {
- $_alert[] = 'message:insufficient_access:'.$attr;
- }
- } // foreach
-
- db_close($lr);
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/session/base.php b/mayor-orig/www/include/backend/mysql/session/base.php
deleted file mode 100644
index 35272ff8..00000000
--- a/mayor-orig/www/include/backend/mysql/session/base.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: mysql
-
- function mysqlMemberOf($userAccount, $groupCn, $toPolicy = _POLICY)
-*/
-
- require_once('include/backend/mysql/base/attrs.php');
-
-
- function mysqlMemberOf($userAccount, $groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'mysqlMemberOf'));
- if (!$lr) return _AUTH_FAILURE;
-
- // Az uid lekérdezése
- if (!defined(('__'.$toPolicy.'_UID')) || _USERACCOUNT != $userAccount) { // egy policy-hez csak egy uid tartozik
- $q = "SELECT uid FROM accounts WHERE userAccount = '%s' AND policy = '%s'";
- $v = array($userAccount, $toPolicy);
- $uid = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
- if ($uid === false) {
- $_SESSION['alert'][] = 'message:no_account:'."$userAccount:$toPolicy";
- db_close($lr); return false;
- }
- if (!defined('__'.$toPolicy.'_UID')) define('__'.$toPolicy.'_UID',$uid);
- } else {
- $uid=constant('__'.$toPolicy.'_UID');
- }
-
- // Az gid lekérdezése
- $q = "SELECT gid FROM groups WHERE groupCn = '%s' AND policy = '%s'";
- $v = array($groupCn, $toPolicy);
- $gid = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
- if ($gid === false) {
- $_SESSION['alert'][] = 'message:no_group:'."$groupCn:$toPolicy";
- db_close($lr); return false;
- }
-
- // Benne van-e a csoportban
- $q = "SELECT COUNT(*) FROM members WHERE uid = %u AND gid = %u";
- $v = array($uid, $gid);
- $num = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
- db_close($lr);
- return ($num > 0);
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/session/createAccount.php b/mayor-orig/www/include/backend/mysql/session/createAccount.php
deleted file mode 100644
index 25ff9132..00000000
--- a/mayor-orig/www/include/backend/mysql/session/createAccount.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: mysql
-
- function mysqlCreateAccount($userCn, $userAccount, $studyId, $userPassword, $category, $toPolicy = _POLICY) {
-
-*/
-
- /*
- $SET = array(
- container => a konténer elem - MySQL backend esetén nincs értelme
- category => tanár, diák... egy kiemelt fontosságú csoport tagság
- groups => egyéb csoportok
- policyAttrs => policy függő attribútumok
- createGroup => létrehozza az adott nevű csoportokat, ha nincsenek
- )
-
- */
- function mysqlCreateAccount(
- $userCn, $userAccount, $userPassword, $toPolicy, $SET
- ) {
-
- global $AUTH;
-
- $shadowlastchange = floor(time() / (60*60*24));
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'mysqlCreateAccount'));
- if (!$lr) return _AUTH_FAILURE;
-
- // ütközés ellenőrzése
- $q = "SELECT COUNT(userCn) FROM accounts WHERE userAccount = '%s' AND policy = '%s'";
- $v = array($userAccount, $toPolicy);
- $num = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
- if ($num > 0) {
- db_close($lr);
- $_SESSION['alert'][] = 'message:multi_uid'.":$userAccount:$toPolicy";
- return false;
- }
-
- // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') $shadowlastchange = $AUTH[$toPolicy]['shadowlastchange'];
- $shadowmin = readVariable($AUTH[$toPolicy]['shadowmin'], 'numeric unsigned', 'null'); // null szöveg
- $shadowmax = readVariable($AUTH[$toPolicy]['shadowmax'], 'numeric unsigned', 'null'); // null szöveg
- $shadowwarning = readVariable($AUTH[$toPolicy]['shadowwarning'], 'numeric unsigned', 'null'); // null szöveg
- $shadowinactive = readVariable($AUTH[$toPolicy]['shadowinactive'], 'numeric unsigned', 'null'); // null szöveg
- $shadowexpire = readVariable($AUTH[$toPolicy]['shadowexpire'], 'numeric unsigned', 'null'); // null szöveg
-
- // A $SET['policyAttrs'] feldolgozása
- $attrList = array_keys($SET['policyAttrs']);
- $valueList = array_values($SET['policyAttrs']);
-
- // user felvétele
- if (count($attrList) > 0) {
- $q = "INSERT INTO accounts (
- policy, userAccount, userCn, userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,
- `".implode('`, `', array_fill(0, count($attrList), '%s'))."`
- ) VALUES (
- '%s', '%s', '%s', sha('%s'), %u, %u, %u, %u, %u, %u, '".implode("', '", array_fill(0, count($valueList), '%s'))."'
- )";
- } else{
- $q = "INSERT INTO accounts (
- policy, userAccount, userCn, userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire
- ) VALUES ('%s', '%s', '%s', sha('%s'), %u, %u, %u, %u, %u, %u)";
- }
- $v = array_merge(
- $attrList,
- array($toPolicy, $userAccount, $userCn, $userPassword, $shadowlastchange, $shadowmin, $shadowmax, $shadowwarning, $shadowinactive, $shadowexpire),
- $valueList
- );
- $uid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'insert', 'values' => $v), $lr);
- if ($uid === false) { db_close($lr); return false; }
- // user berakása a kategóriájának megfelelő csoportokba
-
- if (isset($SET['category'])) {
- if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
- else $SET['groups'] = array($SET['category']);
-
- for ($i = 0; $i < count($SET['groups']); $i++) {
- $category = $SET['groups'][$i];
- $groupCn = kisbetus(ekezettelen($category));
- if ($category == '') continue;
- $q = "SELECT gid FROM groups WHERE groupCn='%s'";
- $gid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => array($groupCn)), $lr);
- if ($gid === false || is_null($gid)) { // --FIXME -- ez jó így BENCE radyx
- if ($SET['createGroup']) {
- require_once('include/modules/session/createGroup.php');
- //createGroup($groupCn, "$category csoport", $category, $toPolicy = _POLICY);
- createGroup($groupCn, "$category csoport", $toPolicy = _POLICY, array('category'=>$category));
- $gid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => array($groupCn)), $lr);
- } else {
- $_SESSION['alert'][] = 'message:wrong_data:mysqlCreateAccount - nincsmegadva/hibás kategória:'.$category.':'.$groupCn;
- db_close($lr); return false;
- }
- }
- $q = "INSERT INTO members (uid,gid) VALUES (%u, %u)";
- $r = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'values' => array($uid, $gid)), $lr);
- if (!$r) { db_close($lr); return false; }
- }
- }
- $_SESSION['alert'][] = 'info:create_account_success:'.$userAccount;
- db_close($lr);
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/session/createGroup.php b/mayor-orig/www/include/backend/mysql/session/createGroup.php
deleted file mode 100644
index d1bc4f7b..00000000
--- a/mayor-orig/www/include/backend/mysql/session/createGroup.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
- function mysqlCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = null) {
-
- global $AUTH;
-
- // $toPolicy --> backend - ellenőrzés!
- if ($AUTH[$toPolicy]['backend'] != 'mysql') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = @db_connect($modul, array('fv' => 'mysqlCreateGroup'));
- if (!$lr) return false;
-
- // cn ütközés ellenőrzése
- $q = "SELECT COUNT(*) FROM groups WHERE policy='%s' AND groupCn='%s'";
- $v = array($toPolicy, $groupCn);
- $num = db_query($q, array('fv' => 'mysqlCreateGroup', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr);
- if ($num === false) { db_close($lr); return false; }
- if ($num > 0) { $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; db_close($lr); return false; }
-
- // csoport felvétel
- $q = "INSERT INTO groups (groupCn, groupDesc, policy) VALUES ('%s', '%s','%s')";
- $v = array($groupCn, $groupDesc, $toPolicy);
- $gid = db_query($q, array('fv' => 'mysqlCreateGroup', 'modul' => $modul, 'result' => 'insert', 'values' => $v), $lr);
- if ($gid === false) { db_close($lr); return false; }
-
- $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
- db_close($lr);
- return true;
-
- }
-
-?>
diff --git a/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php b/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php
deleted file mode 100644
index fa4584b0..00000000
--- a/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php
+++ /dev/null
@@ -1,169 +0,0 @@
-<?php
-/*
- Module: base/session
- Backend: mysql
-
-*/
-
-######################################################
-# MySQL account kereső függvény
-######################################################
-
- function mysqlSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
-
- global $AUTH;
-
- if ($pattern == '') {
- $_SESSION['alert'][] = 'message:empty_field:mysqlSerachAccount, pattern';
- return false;
- }
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = @db_connect($modul, array('fv' => 'mysqlSearchAccount'));
- if (!$lr) return false;
-
- // Keresés
- $q = "SELECT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM accounts WHERE `%s` LIKE '%%%s%%' AND policy='%s'";
- $v = array_merge($searchAttrs, array($attr, $pattern, $toPolicy));
- $r = db_query($q, array('fv' => 'mysqlSearchAccount', 'modul' => $modul, 'result' => 'indexed', 'values' => $v), $lr);
- db_close($lr);
- if ($r === false) return false;
- $ret = array('count' => count($r));
- foreach ($r as $key => $A) {
- $data = array();
- foreach ($A as $attr => $value) {
- $data[$attr] = array($value);
- $data[$attr]['count']++;
- }
- $data['category'] = getAccountCategories($data['userAccount'][0], $toPolicy);
- $data['category']['count'] = count($data['category']);
- $ret[] = $data;
- }
-
- return $ret;
-
- }
-
-######################################################
-# MySQL group kereső függvény
-######################################################
-
- function mysqlSearchGroup($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
-
- global $AUTH;
-
- if ($pattern == '') {
- $_SESSION['alert'][] = 'message:empty_field:mysqlSearchGroup, pattern';
- return false;
- }
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = db_connect($modul, array('fv' => 'mysqlSearchGroup'));
- if (!$lr) return false;
- // Keresés
- if ($attr == 'member') {
- $q = "SELECT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM groups LEFT JOIN members
- ON members.gid=groups.gid
- LEFT JOIN accounts USING (uid)
- WHERE gid IN
- (SELECT DISTINCT gid FROM accounts LEFT JOIN members USING(uid) WHERE userAccount LIKE '%%%s%%' AND policy='%s')
- AND groups.policy='%s'";
- $v = array_merge($searchAttrs, array($pattern, $toPolicy, $toPolicy));
- } else {
- $q = "SELECT DISTINCT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM groups LEFT JOIN members
- ON members.gid=groups.gid
- LEFT JOIN accounts USING (uid)
- WHERE `%s` LIKE '%%%s%%' AND groups.policy='%s'";
- $v = array_merge($searchAttrs, array($attr, $pattern, $toPolicy));
- }
- $r = db_query($q, array('fv' => 'mysqlSearchGroup', 'modul' => $modul, 'result' => 'indexed', 'values' => $v), $lr);
- db_close($lr);
- if ($r === false) return false;
- $ret = array('count' => count($r));
- foreach ($r as $key => $A) {
- $data = array();
- foreach ($A as $attr => $value) {
- $data[$attr] = array($value);
- }
- $ret[] = $data;
- }
-
- return $ret;
-
- }
-
-######################################################
-# mysqlDeleteAccount - account törlése
-######################################################
-
- function mysqlDeleteAccount($userAccount, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> mysql backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'mysql') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // Kapcsolódás az MySQL szerverhez
- $modul = "$toPolicy auth";
- $lr = @db_connect($modul, array('fv' => 'mysqlDeleteAccount'));
- if (!$lr) return false;
-
- // Az uidNumber, a homeDirectory lekerdezése - és mire használjuk, ha szabad kérdeznem???
- if ($AUTH[$toPolicy]['createHomeDir']) {
- $q = "SELECT homeDirectory, uid FROM accounts WHERE policy='%s' AND userAccount='%s'";
- $v = array($toPolicy, $userAccount);
- $ret = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'result' => 'record', 'values' => $v), $lr);
- if ($ret === false) { db_close($lr); return false; }
-
- $homeDirectory = $ret['homeDirectory']; // de nem használjuk semmire...
- // A user csoport törlése
- $q = "DELETE FROM groups WHERE gid=%u";
- $v = array($ret['uid']);
- $r = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'values' => $v), $lr);
- if (!$r) { db_close($lr); return false; }
- }
-
- // user törlése
- $q = "DELETE FROM accounts WHERE policy='%s' AND userAccount='%s'";
- $v = array($toPolicy, $userAccount);
- $r = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'values' => $v), $lr);
- db_close($lr);
- // törlés a csoportból - Ha innoDb - akkor nincs ezzel tennivaló!!
- if ($r) $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
-
- return $r;
-
- }
-
-######################################################
-# mysqlDeleteGroup - group törlése
-######################################################
-
- function mysqlDeleteGroup($groupCn, $toPolicy = _POLICY) {
-
- global $AUTH;
-
- // $toPolicy --> mysql backend - ellenőrzés
- if ($AUTH[$toPolicy]['backend'] != 'mysql') {
- $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
- return false;
- }
-
- // csoport törlése
- $q = "DELETE FROM groups WHERE policy='%s' AND groupCn='%s'";
- $v = array($toPolicy, $groupCn);
- $r = db_query($q, array('fv' => 'mysqlDeleteGroup', 'modul' => "$toPolicy auth", 'values' => $v));
-
- if ($r) $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
-
- // tagok törlése a csoportból - Ha innoDb - akkor nincs ezzel tennivaló!!
- return $r;
-
- }
-
-?>