From b11441555c90d2143288508abb424cc1bd66e7d0 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Fri, 25 Jan 2013 15:39:26 +0100 Subject: [PATCH 1/5] LDAP : Add SID sync in user creation --- scripts/user/sync_users_ldap2dolibarr.php | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/user/sync_users_ldap2dolibarr.php b/scripts/user/sync_users_ldap2dolibarr.php index 758440e201e..036d45f79a6 100755 --- a/scripts/user/sync_users_ldap2dolibarr.php +++ b/scripts/user/sync_users_ldap2dolibarr.php @@ -200,6 +200,7 @@ if ($result >= 0) $fuser->user_mobile=$ldapuser[$conf->global->LDAP_FIELD_MOBILE]; $fuser->office_fax=$ldapuser[$conf->global->LDAP_FIELD_FAX]; $fuser->email=$ldapuser[$conf->global->LDAP_FIELD_MAIL]; + $fuser->ldap_sid=$ldapuser[$conf->global->LDAP_FIELD_SID]; $fuser->job=$ldapuser[$conf->global->LDAP_FIELD_TITLE]; $fuser->note=$ldapuser[$conf->global->LDAP_FIELD_DESCRIPTION]; From faccc978b4c395bd1f75b8f50dc43f6661ec207a Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Wed, 30 Jan 2013 16:50:28 +0100 Subject: [PATCH 2/5] LDAP : start implementing user update function after LDAP connexion --- htdocs/core/login/functions_ldap.php | 6 +++++- htdocs/user/class/user.class.php | 30 +++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php index 37e55e62e71..b0239a80d96 100644 --- a/htdocs/core/login/functions_ldap.php +++ b/htdocs/core/login/functions_ldap.php @@ -148,6 +148,8 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) // ldap2dolibarr synchronisation if ($login && ! empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { + dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr"); + // On charge les attributs du user ldap if ($ldapdebug) print "DEBUG: login ldap = ".$login."
\n"; $resultFetchLdapUser = $ldap->fetch($login,$userSearchFilter); @@ -164,6 +166,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) $resultFetchUser=$user->fetch('',$login,$sid); if ($resultFetchUser > 0) { + dol_syslog("functions_ldap::check_user_password_ldap Sync user found id=".$user->id); // On verifie si le login a change et on met a jour les attributs dolibarr if ($user->login != $ldap->login && $ldap->login) { @@ -171,7 +174,8 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) $user->update($user); // TODO Que faire si update echoue car on update avec un login deja existant. } - //$resultUpdate = $user->update_ldap2dolibarr(); + + $resultUpdate = $user->update_ldap2dolibarr($ldap); } } } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index daf7b7ade4c..52472297eb2 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1153,7 +1153,7 @@ class User extends CommonObject { // Si mot de passe saisi et different de celui en base $result=$this->setPassword($user,$this->pass,0,$notrigger,$nosyncmemberpass); - if (! $nbrowsaffected) $nbrowsaffected++; + if (! $nbrowsaffected) $nbrowsaffected++; } } @@ -2072,6 +2072,34 @@ class User extends CommonObject } } + /** + * Update user using data from the LDAP + * // TODO: Voir pourquoi le update met à jour avec toutes les valeurs vide (global $user écrase ?) + */ + function update_ldap2dolibarr(&$ldapuser) { + global $user, $conf; + + $this->firstname=$ldapuser->{$conf->global->LDAP_FIELD_FIRSTNAME}; + $this->lastname=$ldapuser->{$conf->global->LDAP_FIELD_NAME}; + $this->login=$ldapuser->{$conf->global->LDAP_FIELD_LOGIN}; + $this->pass=$ldapuser->{$conf->global->LDAP_FIELD_PASSWORD}; + $this->pass_indatabase_crypted=$ldapuser->{$conf->global->LDAP_FIELD_PASSWORD_CRYPTED}; + + $this->office_phone=$ldapuser->{$conf->global->LDAP_FIELD_PHONE}; + $this->user_mobile=$ldapuser->{$conf->global->LDAP_FIELD_MOBILE}; + $this->office_fax=$ldapuser->{$conf->global->LDAP_FIELD_FAX}; + $this->email=$ldapuser->{$conf->global->LDAP_FIELD_MAIL}; + $this->ldap_sid=$ldapuser->{$conf->global->LDAP_FIELD_SID}; + + $this->job=$ldapuser->{$conf->global->LDAP_FIELD_TITLE}; + $this->note=$ldapuser->{$conf->global->LDAP_FIELD_DESCRIPTION}; + + $result = $this->update($user); + + dol_syslog(get_class($this)."::update_ldap2dolibarr result=".$result, LOG_DEBUG); + + return $result; + } } ?> From 51800a0dd58181c3362e56b7e99c231ad7691ade Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Wed, 30 Jan 2013 16:52:33 +0100 Subject: [PATCH 3/5] Security : add phtml extension to be dealed as php extension --- htdocs/core/lib/files.lib.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index b480184808f..290ce015543 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -264,6 +264,7 @@ function dol_mimetype($file,$default='application/octet-stream',$mode=0) if (preg_match('/\.(h)$/i',$tmpfile)) { $mime='text/plain'; $imgmime='text.png'; $srclang='h'; } if (preg_match('/\.(java|jsp)$/i',$tmpfile)) { $mime='text/plain'; $imgmime='text.png'; $srclang='java'; } if (preg_match('/\.php([0-9]{1})?$/i',$tmpfile)) { $mime='text/plain'; $imgmime='php.png'; $srclang='php'; } + if (preg_match('/\.phtml$/i',$tmpfile)) { $mime='text/plain'; $imgmime='php.png'; $srclang='php'; } if (preg_match('/\.(pl|pm)$/i',$tmpfile)) { $mime='text/plain'; $imgmime='pl.png'; $srclang='perl'; } if (preg_match('/\.sql$/i',$tmpfile)) { $mime='text/plain'; $imgmime='text.png'; $srclang='sql'; } if (preg_match('/\.js$/i',$tmpfile)) { $mime='text/x-javascript'; $imgmime='jscript.png'; $srclang='js'; } From da066badc8c7700a8bec6f3f08df09a61e9710c0 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Wed, 30 Jan 2013 16:53:59 +0100 Subject: [PATCH 4/5] LDAP : no user update for the moment, dev for updating user from ldap is not working yet --- htdocs/core/login/functions_ldap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php index b0239a80d96..b9c5d89a72e 100644 --- a/htdocs/core/login/functions_ldap.php +++ b/htdocs/core/login/functions_ldap.php @@ -175,7 +175,7 @@ function check_user_password_ldap($usertotest,$passwordtotest,$entitytotest) // TODO Que faire si update echoue car on update avec un login deja existant. } - $resultUpdate = $user->update_ldap2dolibarr($ldap); + //$resultUpdate = $user->update_ldap2dolibarr($ldap); } } } From 66376f1c83351eab88218397c315df3988308042 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Thu, 31 Jan 2013 09:56:52 +0100 Subject: [PATCH 5/5] Bug # 701 : A user can only be set admin by an admin --- htdocs/user/fiche.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index e274c9bf1a0..92ebb740523 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -324,7 +324,9 @@ if ($action == 'update' && ! $_POST["cancel"]) $object->firstname = GETPOST("prenom"); $object->login = GETPOST("login"); $object->pass = GETPOST("password"); - $object->admin = GETPOST("admin"); + if($user->admin == 1) { // A user can only be set admin by an admin + $object->admin = GETPOST("admin"); + } $object->office_phone=GETPOST("office_phone"); $object->office_fax = GETPOST("office_fax"); $object->user_mobile= GETPOST("user_mobile");