From aa7ce449101ab8c629ad52fd7d52e22a70d88034 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 May 2011 00:16:12 +0000 Subject: [PATCH] Qual: Clean LDAP code --- htdocs/admin/ldap.php | 4 +- htdocs/admin/ldap_contacts.php | 35 ++++++++------- htdocs/admin/ldap_groups.php | 22 +++++----- htdocs/admin/ldap_members.php | 24 +++++------ htdocs/admin/ldap_users.php | 35 ++++++++------- htdocs/conf/conf.php.example | 3 +- htdocs/includes/login/functions_ldap.php | 55 +++++++++++++----------- htdocs/lib/ldap.class.php | 24 +++++------ htdocs/user/class/user.class.php | 30 +++++++++---- htdocs/user/fiche.php | 11 ++--- 10 files changed, 134 insertions(+), 109 deletions(-) diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php index 3c1d89584be..7eef08c1d4e 100644 --- a/htdocs/admin/ldap.php +++ b/htdocs/admin/ldap.php @@ -3,7 +3,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005 Regis Houssin - * Copyright (C) 2006-2010 Laurent Destailleur + * Copyright (C) 2006-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -231,7 +231,7 @@ else { print ''; } -print ' '; +print 'secret'; print ''; diff --git a/htdocs/admin/ldap_contacts.php b/htdocs/admin/ldap_contacts.php index 7ce3ef1a6c2..15ac4598669 100644 --- a/htdocs/admin/ldap_contacts.php +++ b/htdocs/admin/ldap_contacts.php @@ -3,7 +3,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005 Regis Houssin - * Copyright (C) 2006-2008 Laurent Destailleur + * Copyright (C) 2006-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -47,7 +47,6 @@ if (!$user->admin) if ($_GET["action"] == 'setvalue' && $user->admin) { $error=0; - if (! dolibarr_set_const($db, 'LDAP_KEY_CONTACTS',$_POST["key"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_CONTACT_DN',$_POST["contactdn"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_CONTACT_OBJECT_CLASS',$_POST["objectclass"],'chaine',0,'',$conf->entity)) $error++; @@ -66,6 +65,12 @@ if ($_GET["action"] == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_CONTACT_FIELD_TOWN',$_POST["fieldtown"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_CONTACT_FIELD_COUNTRY',$_POST["fieldcountry"],'chaine',0,'',$conf->entity)) $error++; + // This one must be after the others + $valkey=''; + $key=$_POST["key"]; + if ($key) $valkey=$conf->global->$key; + if (! dolibarr_set_const($db, 'LDAP_KEY_CONTACTS',$valkey,'chaine',0,'',$conf->entity)) $error++; + if ($error) { dol_print_error($db->error()); @@ -144,7 +149,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldFullname").''; print ''; print ''.$langs->trans("LDAPFieldFullnameExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_FULLNAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_FULLNAME?' checked="true"':'').">"; print ''; // Name @@ -152,7 +157,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldName").''; print ''; print ''.$langs->trans("LDAPFieldNameExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_NAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_NAME?' checked="true"':'').">"; print ''; // Firstname @@ -160,7 +165,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldFirstName").''; print ''; print ''.$langs->trans("LDAPFieldFirstNameExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_FIRSTNAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_FIRSTNAME?' checked="true"':'').">"; print ''; // Company @@ -168,7 +173,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldCompany").''; print ''; print ''.$langs->trans("LDAPFieldCompanyExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_COMPANY?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_COMPANY?' checked="true"':'').">"; print ''; // Mail @@ -176,7 +181,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldMail").''; print ''; print ''.$langs->trans("LDAPFieldMailExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_MAIL?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_MAIL?' checked="true"':'').">"; print ''; // Phone pro @@ -184,7 +189,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldPhone").''; print ''; print ''.$langs->trans("LDAPFieldPhoneExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_PHONE?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_PHONE?' checked="true"':'').">"; print ''; // Phone home @@ -192,7 +197,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldHomePhone").''; print ''; print ''.$langs->trans("LDAPFieldHomePhoneExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_HOMEPHONE?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_HOMEPHONE?' checked="true"':'').">"; print ''; // Mobile @@ -200,7 +205,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldMobile").''; print ''; print ''.$langs->trans("LDAPFieldMobileExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_MOBILE?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_MOBILE?' checked="true"':'').">"; print ''; // Fax @@ -208,7 +213,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldFax").''; print ''; print ''.$langs->trans("LDAPFieldFaxExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_FAX?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_FAX?' checked="true"':'').">"; print ''; // Address @@ -216,7 +221,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldAddress").''; print ''; print ''.$langs->trans("LDAPFieldAddressExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_ADDRESS?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_ADDRESS?' checked="true"':'').">"; print ''; // CP @@ -224,7 +229,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldZip").''; print ''; print ''.$langs->trans("LDAPFieldZipExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_ZIP?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_ZIP?' checked="true"':'').">"; print ''; // Ville @@ -232,7 +237,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldTown").''; print ''; print ''.$langs->trans("LDAPFieldTownExample").''; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_TOWN?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_TOWN?' checked="true"':'').">"; print ''; // Pays @@ -240,7 +245,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldCountry").''; print ''; print ' '; -print 'global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_COUNTRY?' checked="true"':'').">"; +print 'global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_COUNTRY?' checked="true"':'').">"; print ''; diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php index a716ba37a1f..45d5d58c8c1 100644 --- a/htdocs/admin/ldap_groups.php +++ b/htdocs/admin/ldap_groups.php @@ -3,7 +3,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005 Regis Houssin - * Copyright (C) 2006-2007 Laurent Destailleur + * Copyright (C) 2006-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -48,7 +48,6 @@ if (!$user->admin) if ($_GET["action"] == 'setvalue' && $user->admin) { $error=0; - if (! dolibarr_set_const($db, 'LDAP_KEY_GROUPS',$_POST["key"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_GROUP_DN',$_POST["group"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS',$_POST["objectclass"],'chaine',0,'',$conf->entity)) $error++; @@ -58,6 +57,12 @@ if ($_GET["action"] == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_GROUP_FIELD_DESCRIPTION',$_POST["fielddescription"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_GROUP_FIELD_GROUPMEMBERS',$_POST["fieldgroupmembers"],'chaine',0,'',$conf->entity)) $error++; + // This one must be after the others + $valkey=''; + $key=$_POST["key"]; + if ($key) $valkey=$conf->global->$key; + if (! dolibarr_set_const($db, 'LDAP_KEY_GROUPS',$valkey,'chaine',0,'',$conf->entity)) $error++; + if ($error) { dol_print_error($db->error()); @@ -132,20 +137,13 @@ print ''.$langs->trans("LDAPNamingAttribute").''; print "\n"; // Filtre -/* -$var=!$var; -print ''.$langs->trans("LDAPFilterConnection").''; -print ''; -print ''.$langs->trans("LDAPFilterConnectionExample").''; -print ''; -*/ // Common name $var=!$var; print ''.$langs->trans("LDAPFieldName").''; print ''; print ''.$langs->trans("LDAPFieldCommonNameExample").''; -print 'global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_FULLNAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_GROUPS && $conf->global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_FULLNAME)?' checked="true"':'').">"; print ''; // Name @@ -162,7 +160,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldDescription").''; print ''; print ''.$langs->trans("LDAPFieldDescriptionExample").''; -print 'global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_DESCRIPTION?' checked="true"':'').">"; +print 'global->LDAP_KEY_GROUPS && $conf->global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_DESCRIPTION)?' checked="true"':'').">"; print ''; // User group @@ -170,7 +168,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldGroupMembers").''; print ''; print ''.$langs->trans("LDAPFieldGroupMembersExample").''; -print 'global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS?' checked="true"':'').">"; +print 'global->LDAP_KEY_GROUPS && $conf->global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS)?' checked="true"':'').">"; print ''; diff --git a/htdocs/admin/ldap_members.php b/htdocs/admin/ldap_members.php index 6c3b3350422..6f643354083 100644 --- a/htdocs/admin/ldap_members.php +++ b/htdocs/admin/ldap_members.php @@ -48,7 +48,6 @@ if (!$user->admin) if ($_GET["action"] == 'setvalue' && $user->admin) { $error=0; - if (! dolibarr_set_const($db, 'LDAP_KEY_MEMBERS',$_POST["key"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_DN',$_POST["user"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_MEMBER_OBJECT_CLASS',$_POST["objectclass"],'chaine',0,'',$conf->entity)) $error++; @@ -80,6 +79,12 @@ if ($_GET["action"] == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE', $_POST["fieldlastsubscriptiondate"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT', $_POST["fieldlastsubscriptionamount"],'chaine',0,'',$conf->entity)) $error++; + // This one must be after the others + $valkey=''; + $key=$_POST["key"]; + if ($key) $valkey=$conf->global->$key; + if (! dolibarr_set_const($db, 'LDAP_KEY_MEMBERS',$valkey,'chaine',0,'',$conf->entity)) $error++; + if ($error) { dol_print_error($db->error()); @@ -155,20 +160,13 @@ print ''.$langs->trans("LDAPNamingAttribute").''; print "\n"; // Filtre -/* -$var=!$var; -print ''.$langs->trans("LDAPFilterConnection").''; -print ''; -print ''.$langs->trans("LDAPFilterConnectionExample").''; -print ''; -*/ // Common name $var=!$var; print ''.$langs->trans("LDAPFieldFullname").''; print ''; print ''.$langs->trans("LDAPFieldFullnameExample").''; -print 'global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_FULLNAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_MEMBERS && $conf->global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_FULLNAME)?' checked="true"':'').">"; print ''; // Name @@ -176,7 +174,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldName").''; print ''; print ''.$langs->trans("LDAPFieldNameExample").''; -print 'global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_NAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_MEMBERS && $conf->global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_NAME)?' checked="true"':'').">"; print ''; // Firstname @@ -192,7 +190,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldLoginUnix").''; print ''; print ''.$langs->trans("LDAPFieldLoginExample").''; -print 'global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_LOGIN?' checked="true"':'').">"; +print 'global->LDAP_KEY_MEMBERS && $conf->global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_LOGIN)?' checked="true"':'').">"; print ''; // Login samba @@ -200,7 +198,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldLoginSamba").''; print ''; print ''.$langs->trans("LDAPFieldLoginSambaExample").''; -print 'global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_LOGIN_SAMBA?' checked="true"':'').">"; +print 'global->LDAP_KEY_MEMBERS && $conf->global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_LOGIN_SAMBA)?' checked="true"':'').">"; print ''; // Password not crypted @@ -224,7 +222,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldMail").''; print ''; print ''.$langs->trans("LDAPFieldMailExample").''; -print 'global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_MAIL?' checked="true"':'').">"; +print 'global->LDAP_KEY_MEMBERS && $conf->global->LDAP_KEY_MEMBERS==$conf->global->LDAP_MEMBER_FIELD_MAIL)?' checked="true"':'').">"; print ''; // Phone pro diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index 424d7525202..391d5087901 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -3,7 +3,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005 Regis Houssin - * Copyright (C) 2006-2007 Laurent Destailleur + * Copyright (C) 2006-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -48,7 +48,6 @@ if (!$user->admin) if ($_GET["action"] == 'setvalue' && $user->admin) { $error=0; - if (! dolibarr_set_const($db, 'LDAP_KEY_USERS',$_POST["key"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_USER_DN',$_POST["user"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_USER_OBJECT_CLASS',$_POST["objectclass"],'chaine',0,'',$conf->entity)) $error++; @@ -68,6 +67,12 @@ if ($_GET["action"] == 'setvalue' && $user->admin) if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',$_POST["fielddescription"],'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',$_POST["fieldsid"],'chaine',0,'',$conf->entity)) $error++; + // This one must be after the others + $valkey=''; + $key=$_POST["key"]; + if ($key) $valkey=$conf->global->$key; + if (! dolibarr_set_const($db, 'LDAP_KEY_USERS',$valkey,'chaine',0,'',$conf->entity)) $error++; + if ($error) { dol_print_error($db->error()); @@ -156,7 +161,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldFullname").''; print ''; print ''.$langs->trans("LDAPFieldFullnameExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FULLNAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FULLNAME)?' checked="true"':'').">"; print ''; // Name @@ -164,7 +169,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldName").''; print ''; print ''.$langs->trans("LDAPFieldNameExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_NAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_NAME)?' checked="true"':'').">"; print ''; // Firstname @@ -172,7 +177,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldFirstName").''; print ''; print ''.$langs->trans("LDAPFieldFirstNameExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FIRSTNAME?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FIRSTNAME)?' checked="true"':'').">"; print ''; // Login unix @@ -180,7 +185,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldLoginUnix").''; print ''; print ''.$langs->trans("LDAPFieldLoginExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_LOGIN?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_LOGIN)?' checked="true"':'').">"; print ''; // Login samba @@ -188,7 +193,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldLoginSamba").''; print ''; print ''.$langs->trans("LDAPFieldLoginSambaExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_LOGIN_SAMBA?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_LOGIN_SAMBA)?' checked="true"':'').">"; print ''; // Password not crypted @@ -196,7 +201,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldPasswordNotCrypted").''; print ''; print ''.$langs->trans("LDAPFieldPasswordExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD)?' checked="true"':'').">"; print ''; // Password crypted @@ -204,7 +209,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldPasswordCrypted").''; print ''; print ''.$langs->trans("LDAPFieldPasswordExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED)?' checked="true"':'').">"; print ''; // Mail @@ -212,7 +217,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldMail").''; print ''; print ''.$langs->trans("LDAPFieldMailExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MAIL?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MAIL)?' checked="true"':'').">"; print ''; // Phone @@ -220,7 +225,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldPhone").''; print ''; print ''.$langs->trans("LDAPFieldPhoneExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PHONE?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PHONE)?' checked="true"':'').">"; print ''; // Mobile @@ -228,7 +233,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldMobile").''; print ''; print ''.$langs->trans("LDAPFieldMobileExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MOBILE?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MOBILE)?' checked="true"':'').">"; print ''; // Fax @@ -236,7 +241,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldFax").''; print ''; print ''.$langs->trans("LDAPFieldFaxExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked="true"':'').">"; print ''; // Description @@ -244,7 +249,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldDescription").''; print ''; print ''.$langs->trans("LDAPFieldDescriptionExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION)?' checked="true"':'').">"; print ''; // Sid @@ -252,7 +257,7 @@ $var=!$var; print ''.$langs->trans("LDAPFieldSid").''; print ''; print ''.$langs->trans("LDAPFieldSidExample").''; -print 'global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_SID?' checked="true"':'').">"; +print 'global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_SID)?' checked="true"':'').">"; print ''; $var=!$var; diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 6f2c05014c0..b8e77d86036 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -179,9 +179,10 @@ $dolibarr_main_authentication='dolibarr'; # $dolibarr_main_auth_ldap_servertype='openldap'; # openldap, activedirectory or egroupware # $dolibarr_main_auth_ldap_login_attribute='loginfield'; # uid or samaccountname for active directory # $dolibarr_main_auth_ldap_dn=''; # Ex: ou=users,dc=my-domain,dc=com +# $dolibarr_main_auth_ldap_filter = '' # Ex: &(uid=%1%)(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com) # $dolibarr_main_auth_ldap_admin_login=''; # Required only if anonymous bind disabled # $dolibarr_main_auth_ldap_admin_pass=''; # Required only if anonymous bind disabled -# + # $dolibarr_main_auth_ldap_debug='false'; diff --git a/htdocs/includes/login/functions_ldap.php b/htdocs/includes/login/functions_ldap.php index f5fd68e1d80..7deb2211617 100644 --- a/htdocs/includes/login/functions_ldap.php +++ b/htdocs/includes/login/functions_ldap.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2007-2011 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,19 +19,19 @@ */ /** - \file htdocs/includes/login/functions_ldap.php - \ingroup core - \brief Authentication functions for LDAP -*/ + * \file htdocs/includes/login/functions_ldap.php + * \ingroup core + * \brief Authentication functions for LDAP + */ /** - \brief Check user and password - \param usertotest Login - \param passwordtotest Password - \return string Login if ok, '' if ko. - \remarks If test is ko, reason must be filled into $_SESSION["dol_loginmesg"] -*/ + * @brief Check user and password + * @param usertotest Login + * @param passwordtotest Password + * @return string Login if ok, '' if ko. + * @remarks If test is ko, reason must be filled into $_SESSION["dol_loginmesg"] + */ function check_user_password_ldap($usertotest,$passwordtotest) { global $_POST,$db,$conf,$langs; @@ -90,38 +90,45 @@ function check_user_password_ldap($usertotest,$passwordtotest) $resultCheckUserDN=false; + // Define $userSearchFilter + $userSearchFilter = ""; + if (empty($dolibarr_main_auth_ldap_filter)) { + $userSearchFilter = "(" . $ldapuserattr . "=" . $usertotest . ")"; + } else { + $userSearchFilter = str_replace('%1%', $usertotest, $dolibarr_main_auth_ldap_filter); + } + // If admin login provided - // Code to get user in LDAP from an admin connection (may differ from Dolibarr user) + // Code to get user in LDAP from an admin connection (may differ from user connection, done later) if ($ldapadminlogin) { $result=$ldap->connect_bind(); if ($result) { - $resultFetchLdapUser = $ldap->fetch($_POST["username"]); + $resultFetchLdapUser = $ldap->fetch($usertotest,$userSearchFilter); // On stop si le mot de passe ldap doit etre modifie sur le domaine if ($resultFetchLdapUser == 1 && $ldap->pwdlastset == 0) { - dol_syslog('functions_ldap::check_user_password_ldap '.$_POST["username"].' must change password next logon'); - if ($ldapdebug) print "DEBUG: User ".$_POST["username"]." must change password
\n"; + dol_syslog('functions_ldap::check_user_password_ldap '.$usertotest.' must change password next logon'); + if ($ldapdebug) print "DEBUG: User ".$usertotest." must change password
\n"; $ldap->close(); sleep(1); $langs->load('ldap'); - $_SESSION["dol_loginmesg"]=$langs->trans("YouMustChangePassNextLogon",$_POST["username"],$ldap->domainFQDN); + $_SESSION["dol_loginmesg"]=$langs->trans("YouMustChangePassNextLogon",$usertotest,$ldap->domainFQDN); return ''; } else { - $resultCheckUserDN = $ldap->checkPass($usertotest,$passwordtotest); + $resultCheckUserDN = $ldap->checkPass($usertotest,$passwordtotest); // $ldap->ldapUserDN is defined if ok } } $ldap->close(); } - // Forge LDAP user and password to test from config setup + // Forge LDAP user and password to test with them $ldap->searchUser=$ldapuserattr."=".$usertotest.",".$ldapdn; - $ldap->searchPassword=$passwordtotest; - if ($resultCheckUserDN) $ldap->searchUser = $ldap->ldapUserDN; + $ldap->searchPassword=$passwordtotest; // Test with this->seachUser and this->searchPassword $result=$ldap->connect_bind(); @@ -130,14 +137,14 @@ function check_user_password_ldap($usertotest,$passwordtotest) if ($result == 2) { dol_syslog("functions_ldap::check_user_password_ldap Authentification ok"); - $login=$_POST["username"]; + $login=$usertotest; // ldap2dolibarr synchronisation if ($login && $conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { // On charge les attributs du user ldap if ($ldapdebug) print "DEBUG: login ldap = ".$login."
\n"; - $ldap->fetch($login); + $ldap->fetch($login,$userSearchFilter); if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."
\n"; if ($ldapdebug) print "DEBUG: pwdLastSet = ".dol_print_date($ldap->pwdlastset,'day')."
\n"; @@ -164,7 +171,7 @@ function check_user_password_ldap($usertotest,$passwordtotest) } if ($result == 1) { - dol_syslog("functions_ldap::check_user_password_ldap Authentification ko bad user/password for '".$_POST["username"]."'"); + dol_syslog("functions_ldap::check_user_password_ldap Authentification ko bad user/password for '".$usertotest."'"); sleep(1); $langs->load('main'); $langs->load('other'); @@ -173,7 +180,7 @@ function check_user_password_ldap($usertotest,$passwordtotest) } else { - dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP for '".$_POST["username"]."'"); + dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP for '".$usertotest."'"); sleep(1); $langs->load('main'); $langs->load('other'); diff --git a/htdocs/lib/ldap.class.php b/htdocs/lib/ldap.class.php index 2d354fb369f..056a969443f 100644 --- a/htdocs/lib/ldap.class.php +++ b/htdocs/lib/ldap.class.php @@ -1151,11 +1151,13 @@ class Ldap /** - * \brief Recupere les attributs de l'utilisateur - * \param $user Utilisateur ldap a lire - * \return int >0 if ok, <0 if ko + * Load all attribute of a LDAP user + * @param $user User to search for. Not used if a filter is provided. + * @param filter Filter for search. Must start with &. + * Examples: &(objectClass=inetOrgPerson) &(objectClass=user)(objectCategory=person) &(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com) + * @return int >0 if ok, <0 if ko */ - function fetch($user) + function fetch($user,$filter) { // Perform the search and get the entry handles @@ -1163,19 +1165,14 @@ class Ldap if ($this->serverType == "activedirectory") { $this->bindauth($this->searchUser, $this->searchPassword); } - $userIdentifier = $this->getUserIdentifier(); - $filter = '('.$this->filter.'('.$userIdentifier.'='.$user.'))'; - - $i = 0; $searchDN = $this->people; $result = ''; - + $i=0; while ($i <= 2) { $this->result = @ldap_search($this->connection, $searchDN, $filter); - if ($this->result) { $result = @ldap_get_entries($this->connection, $this->result); @@ -1187,7 +1184,7 @@ class Ldap return -1; } - if (!$result) + if (! $result) { // Si pas de resultat on cherche dans le domaine $searchDN = $this->domain; @@ -1195,8 +1192,7 @@ class Ldap } else { - $i++; - $i++; + break; } } @@ -1209,7 +1205,7 @@ class Ldap { $this->name = $this->convToOutputCharset($result[0][$this->attr_name][0],$this->ldapcharset); $this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0],$this->ldapcharset); - $this->login = $this->convToOutputCharset($result[0][$userIdentifier][0],$this->ldapcharset); + $this->login = $this->convToOutputCharset($result[0][$this->attr_login][0],$this->ldapcharset); $this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0],$this->ldapcharset); $this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0],$this->ldapcharset); $this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0],$this->ldapcharset); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 109a08e10fa..fa7e33137ee 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -89,7 +89,7 @@ class User extends CommonObject //! Liste des entrepots auquel a acces l'utilisateur var $entrepots; - var $rights; + var $rights; // Array of permissions user->rights->permx var $all_permissions_are_loaded; /**< \private all_permissions_are_loaded */ var $tab_loaded=array(); // Tableau pour signaler les permissions deja chargees @@ -1157,7 +1157,7 @@ class User extends CommonObject */ function update_last_login_date() { - $now=gmmktime(); + $now=dol_now(); $sql = "UPDATE ".MAIN_DB_PREFIX."user SET"; $sql.= " datepreviouslogin = datelastlogin,"; @@ -1436,10 +1436,11 @@ class User extends CommonObject } /** - * \brief Mise e jour des infos de click to dial + * Update clicktodial info */ function update_clicktodial() { + $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_clicktodial"; $sql .= " WHERE fk_user = ".$this->id; @@ -1457,22 +1458,28 @@ class User extends CommonObject if ($result) { + $this->db->commit(); return 0; } else { - print $this->db->error(); + $this->db->rollback(); + $this->error=$this->db->error(); + return -1; } } /** * Add user into a group - * @param group id du groupe + * @param group id du groupe */ - function SetInGroup($group) + function SetInGroup($group, $notrigger=0) { global $conf; + $error=0; + + $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; $sql.= " WHERE fk_user = ".$this->id; @@ -1485,22 +1492,29 @@ class User extends CommonObject $sql.= " VALUES (".$conf->entity.",".$this->id.",".$group.")"; $result = $this->db->query($sql); + + $this->db->commit(); } /** * Remove a user from a group * @param group id du groupe */ - function RemoveFromGroup($group) + function RemoveFromGroup($group, $notrigger=0) { global $conf; + $error=0; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; + $this->db->begin(); + + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; $sql.= " WHERE fk_user = ".$this->id; $sql.= " AND fk_usergroup = ".$group; $sql.= " AND entity = ".$conf->entity; $result = $this->db->query($sql); + + $this->db->commit(); } /** diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index f6abde040e0..63827162a55 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -654,7 +654,7 @@ if (($action == 'create') || ($action == 'adduserldap')) print ''.$langs->trans("Administrator").''; print ''; print $form->selectyesno('admin',$_POST["admin"],1); - + if (! empty($conf->multicompany->enabled) && ! $user->entity) { if ($conf->use_javascript_ajax) @@ -675,7 +675,7 @@ if (($action == 'create') || ($action == 'adduserldap')) '; } $checked=($_POST["superadmin"]?' checked':''); - $disabled=($_POST["superadmin"]?'':'disabled'); + $disabled=($_POST["superadmin"]?'':' disabled'); print ' '.$langs->trans("SuperAdministrator"); } print "\n"; @@ -804,7 +804,8 @@ else $result=$ldap->connect_bind(); if ($result > 0) { - $entries = $ldap->fetch($fuser->login); + $userSearchFilter = '('.$conf->global->LDAP_FILTER_CONNECTION.'('.$this->getUserIdentifier().'='.$fuser->login.'))'; + $entries = $ldap->fetch($fuser->login,$userSearchFilter); if (! $entries) { $message .= $ldap->error; @@ -1426,7 +1427,7 @@ else if ($user->admin && ($fuser->entity > 0 || $nbSuperAdmin > 1) ) { print $form->selectyesno('admin',$fuser->admin,1); - + if (! empty($conf->multicompany->enabled) && ! $user->entity) { if ($conf->use_javascript_ajax) @@ -1452,7 +1453,7 @@ else }); '; } - + $checked=(($fuser->admin && ! $fuser->entity) ? ' checked' : ''); print ' '.$langs->trans("SuperAdministrator"); }