True, 'check_acl' => True, 'read_acl' => True, 'exist_account_lid' => True, 'exist_email' => True, 'array_invert' => True ); var $nextmatchs; var $sectors_list = array(); var $current_config; function functions() { $this->db_functions = new db_functions; $GLOBALS['phpgw']->db = $this->db_functions->db; //$c = CreateObject('phpgwapi.config','expressoAdmin1_2'); $c = new config; $c->read_repository(); $this->current_config = $c->config_data; } // Account and type of access. Return: Have access ? (true/false) function check_acl($account_lid, $access) { $acl = $this->read_acl($account_lid); $array_acl = $this->make_array_acl($acl['acl']); switch($access) { case list_users: if ($array_acl[acl_add_users] || $array_acl[acl_edit_users] || $array_acl[acl_delete_users] || $array_acl[acl_change_users_password] || $array_acl[acl_change_users_quote] || $array_acl[acl_edit_sambausers_attributes] || $array_acl[acl_view_users] || $array_acl[acl_manipulate_corporative_information] || $array_acl[acl_edit_users_phonenumber] ) return true; break; case list_groups: if ($array_acl[acl_add_groups] || $array_acl[acl_edit_groups] || $array_acl[acl_delete_groups]) return true; break; case list_maillists: if ($array_acl[acl_add_maillists] || $array_acl[acl_edit_maillists] || $array_acl[acl_delete_maillists]) return true; break; case list_sectors: if ($array_acl[acl_create_sectors] || $array_acl[acl_edit_sectors] || $array_acl[acl_delete_sectors]) return true; break; case list_computers: if ($array_acl[acl_create_computers] || $array_acl[acl_edit_computers] || $array_acl[acl_delete_computers]) return true; break; case display_groups: if ( $array_acl[acl_edit_users] || $array_acl[acl_view_users] || ($array_acl[acl_edit_sambausers_attributes] && ($this->current_config['expressoAdmin_samba_support'] == 'true')) ) return true; break; case display_emailconfig: if ($array_acl[acl_edit_users] || $array_acl[acl_view_users]) return true; break; case display_applications: if ($array_acl[acl_edit_users] || $array_acl[acl_view_users]) return true; break; case display_emaillists: if ($array_acl[acl_edit_users] || $array_acl[acl_view_users]) return true; break; case list_institutional_accounts: if ($array_acl[acl_add_institutional_accounts] || $array_acl[acl_edit_institutional_accounts] || $array_acl[acl_delete_institutional_accounts]) return true; break; default: return $array_acl["acl_$access"]; } return false; } /* OLD FUNCTION function check_acl($account_lid, $access) { $acl = $this->read_acl($account_lid); $array_acl = $this->make_array_acl($acl['acl']); //What access ?? In the IF, verify if have access. switch($access) { case list_users: if ($array_acl[acl_add_users] || $array_acl[acl_edit_users] || $array_acl[acl_delete_users] || $array_acl[acl_change_users_password] || $array_acl[acl_change_users_quote] || $array_acl[acl_edit_sambausers_attributes] || $array_acl[acl_view_users] || $array_acl[acl_manipulate_corporative_information]) return true; break; case add_users: if ($array_acl[acl_add_users]) return true; break; case edit_users: if ($array_acl[acl_edit_users]) return true; break; case delete_users: if ($array_acl[acl_delete_users]) return true; break; case rename_users: if ($array_acl[acl_rename_users]) return true; break; case view_users: if ($array_acl[acl_view_users]) return true; break; case edit_users_picture: if ($array_acl[acl_edit_users_picture]) return true; break; case manipulate_corporative_information: if ($array_acl[acl_manipulate_corporative_information]) return true; break; case change_users_password: if ($array_acl[acl_change_users_password]) return true; break; case change_users_quote: if ($array_acl[acl_change_users_quote]) return true; break; case set_user_default_password: if ($array_acl[acl_set_user_default_password]) return true; break; case empty_user_inbox: if (($array_acl[acl_empty_user_inbox]) && ($array_acl[acl_edit_users])) return true; break; case edit_sambausers_attributes: case list_maillists: if ($array_acl[acl_add_maillists] || $array_acl[acl_edit_maillists] || $array_acl[acl_delete_maillists]) return true; break; if ($array_acl[acl_edit_sambausers_attributes]) return true; break; case edit_sambadomains: if ($array_acl[acl_edit_sambadomains]) return true; break; case list_groups: if ($array_acl[acl_add_groups] || $array_acl[acl_edit_groups] || $array_acl[acl_delete_groups]) return true; break; case add_groups: if ($array_acl[acl_add_groups]) return true; break; case edit_groups: if ($array_acl[acl_edit_groups]) return true; break; case delete_groups: if ($array_acl[acl_delete_groups]) return true; break; case edit_email_groups: if ($array_acl[acl_edit_email_groups]) return true; break; case list_maillists: if ($array_acl[acl_add_maillists] || $array_acl[acl_edit_maillists] || $array_acl[acl_delete_maillists]) return true; break; case add_maillists: if ($array_acl[acl_add_maillists]) return true; break; case edit_maillists: if ($array_acl[acl_edit_maillists]) return true; break; case delete_maillists: if ($array_acl[acl_delete_maillists]) return true; break; case list_sectors: if ($array_acl[acl_create_sectors] || $array_acl[acl_edit_sectors] || $array_acl[acl_delete_sectors]) return true; break; case create_sectors: if ($array_acl[acl_create_sectors]) return true; break; case edit_sectors: if ($array_acl[acl_edit_sectors]) return true; break; case delete_sectors: if ($array_acl[acl_delete_sectors]) return true; break; case view_global_sessions: if ($array_acl[acl_view_global_sessions]) return true; break; case list_computers: if ($array_acl[acl_create_computers] || $array_acl[acl_edit_computers] || $array_acl[acl_delete_computers]) return true; break; case create_computers: if ($array_acl[acl_create_computers]) return true; break; case edit_computers: if ($array_acl[acl_edit_computers]) return true; break; case delete_computers: if ($array_acl[acl_delete_computers]) return true; break; case view_logs: if ($array_acl[acl_view_logs]) return true; break; case display_groups: if ( $array_acl[acl_edit_users] || $array_acl[acl_view_users] || ($array_acl[acl_edit_sambausers_attributes] && ($this->current_config['expressoAdmin_samba_support'] == 'true')) ) return true; break; case display_emailconfig: if ($array_acl[acl_edit_users] || $array_acl[acl_view_users]) return true; break; case display_applications: if ($array_acl[acl_edit_users] || $array_acl[acl_view_users]) return true; break; case display_emaillists: if ($array_acl[acl_edit_users] || $array_acl[acl_view_users]) return true; break; default: return $array_acl["acl_$access"]; } return false; } */ // Read acl from db function read_acl($account_lid) { $acl = $this->db_functions->read_acl($account_lid); $result['acl'] = $acl[0]['acl']; $result['manager_lid'] = $acl[0]['manager_lid']; $result['raw_context'] = $acl[0]['context']; $all_contexts = split("%", $acl[0]['context']); foreach ($all_contexts as $index=>$context) { $result['contexts'][] = $context; $result['contexts_display'][] = str_replace(", ", ".", ldap_dn2ufn( $context )); } return $result; } // Make a array read humam // Last acl: 2.147.483.648 -> edit users phonephone // Last acl: 4.294.967.296 -> add institutional accounts // Last acl: 8.589.934.592 -> edit institutional accounts // Last acl: 17.179.869.184 -> remove institutional accounts function make_array_acl($acl) { $array_acl_tmp = array(); $tmp = array( "acl_add_users", "acl_edit_users", "acl_delete_users", "acl_EMPTY1", "acl_add_groups", "acl_edit_groups", "acl_delete_groups", "acl_change_users_password", "acl_add_maillists", "acl_edit_maillists", "acl_delete_maillists", "acl_EMPTY2", "acl_create_sectors", "acl_edit_sectors", "acl_delete_sectors", "acl_edit_sambausers_attributes", "acl_view_global_sessions", "acl_view_logs", "acl_change_users_quote", "acl_set_user_default_password", "acl_create_computers", "acl_edit_computers", "acl_delete_computers", "acl_rename_users", "acl_edit_sambadomains", "acl_view_users", "acl_edit_email_groups", "acl_empty_user_inbox", "acl_manipulate_corporative_information", "acl_edit_users_picture", "acl_edit_scl_email_lists", "acl_edit_users_phonenumber", "acl_add_institutional_accounts", "acl_edit_institutional_accounts", "acl_remove_institutional_accounts" ); foreach ($tmp as $index => $right) { $bin = ''; for ($i=0; $i<$index; $i++) { $bin .= '0'; } $bin = '1' . $bin; $array_acl[$right] = $this->safeBitCheck(bindec($bin), $acl); } return $array_acl; } function get_inactive_users($contexts) { $retorno = array(); $tempUsers = array(); //Pego no LDAP todos os usuários dos contextos em questão. $usuariosLdap = $this->get_list('accounts','',$contexts); foreach($usuariosLdap as $usuarioLdap) { $tempUsers[$usuarioLdap["account_id"]] = $usuarioLdap["account_lid"]; } $ids = implode(",",array_keys($tempUsers)); //Consigo a lista de uids daquele contexto para mandar na query para o banco. //Pego nas configurações do expresso o número de dias necessários para inatividade. $timeToExpire = $GLOBALS['phpgw_info']['server']['time_to_account_expires']; $ultimoTsValido = time() - ($timeToExpire * 86400); //O último timestamp válido é dado pelo de agora menos o número de dias para expirar vezes a quantidade de segundos existente em 1 dia. $query = "select account_id,max(li) as last_login from phpgw_access_log where account_id in (".$ids.") group by account_id having max(li) < ".$ultimoTsValido." order by max(li)"; $GLOBALS['phpgw']->db->query($query); while($GLOBALS['phpgw']->db->next_record()) { $result = $GLOBALS['phpgw']->db->row(); array_push($retorno,array("uidNumber"=>$result["account_id"],"login"=> $tempUsers[$result["account_id"]],"li"=>$result["last_login"])); } return $retorno; } function safeBitCheck($number,$comparison) { $binNumber = base_convert($number,10,2); $binComparison = strrev(base_convert($comparison,10,2)); $str = strlen($binNumber); if ( ($str <= strlen($binComparison)) && ($binComparison{$str-1}==="1") ) return '1'; else return '0'; } function get_list($type, $query, $contexts) { $dn = $GLOBALS['phpgw_info']['server']['ldap_root_dn']; $passwd = $GLOBALS['phpgw_info']['server']['ldap_root_pw']; $ldap_conn = ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']); ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); ldap_bind($ldap_conn,$dn,$passwd); if ($type == 'accounts') { $justthese = array("uidnumber", "uid", "cn", "mail"); $filter="(&(phpgwAccountType=u)(|(uid=*".$query."*)(sn=*".$query."*)(cn=*".$query."*)(givenName=*".$query."*)(mail=$query*)(mailAlternateAddress=$query*)))"; $tmp = array(); foreach ($contexts as $index=>$context) { $search=ldap_search($ldap_conn, $context, $filter, $justthese); $info = ldap_get_entries($ldap_conn, $search); for ($i=0; $i < $info['count']; $i++) { $tmp[$info[$i]['uid'][0]]['account_id'] = $info[$i]['uidnumber'][0]; $tmp[$info[$i]['uid'][0]]['account_lid'] = $info[$i]['uid'][0]; $tmp[$info[$i]['uid'][0]]['account_cn'] = $info[$i]['cn'][0]; $tmp[$info[$i]['uid'][0]]['account_mail']= $info[$i]['mail'][0]; $sort[] = $info[$i]['uid'][0]; } } ldap_close($ldap_conn); if (count($sort)) { natcasesort($sort); foreach ($sort as $user_uid) $return[$user_uid] = $tmp[$user_uid]; } return $return; } elseif($type == 'groups') { $filter="(&(phpgwAccountType=g)(cn=*$query*))"; $justthese = array("gidnumber", "cn", "description"); $tmp = array(); foreach ($contexts as $index=>$context) { $search=ldap_search($ldap_conn, $context, $filter, $justthese); $info = ldap_get_entries($ldap_conn, $search); for ($i=0; $i < $info['count']; $i++) { $tmp[$info[$i]['cn'][0]]['cn']= $info[$i]['cn'][0]; $tmp[$info[$i]['cn'][0]]['description']= $info[$i]['description'][0]; $tmp[$info[$i]['cn'][0]]['gidnumber']= $info[$i]['gidnumber'][0]; $sort[] = $info[$i]['cn'][0]; } } ldap_close($ldap_conn); natcasesort($sort); foreach ($sort as $group_cn) $return[$group_cn] = $tmp[$group_cn]; return $return; } elseif($type == 'maillists') { $filter="(&(phpgwAccountType=l)(|(cn=*".$query."*)(uid=*".$query."*)(mail=*".$query."*)))"; $justthese = array("uidnumber", "cn", "uid", "mail"); $tmp = array(); foreach ($contexts as $index=>$context) { $search=ldap_search($ldap_conn, $context, $filter, $justthese); $info = ldap_get_entries($ldap_conn, $search); for ($i=0; $i < $info['count']; $i++) { $tmp[$info[$i]['uid'][0]]['uid'] = $info[$i]['uid'][0]; $tmp[$info[$i]['uid'][0]]['name'] = $info[$i]['cn'][0]; $tmp[$info[$i]['uid'][0]]['uidnumber'] = $info[$i]['uidnumber'][0]; $tmp[$info[$i]['uid'][0]]['email'] = $info[$i]['mail'][0]; $sort[] = $info[$i]['uid'][0]; } } ldap_close($ldap_conn); natcasesort($sort); foreach ($sort as $maillist_uid) $return[$maillist_uid] = $tmp[$maillist_uid]; return $return; } elseif($type == 'computers') { $filter="(&(objectClass=sambaSAMAccount)(|(sambaAcctFlags=[W ])(sambaAcctFlags=[DW ])(sambaAcctFlags=[I ])(sambaAcctFlags=[S ]))(cn=*".$query."*))"; $justthese = array("cn","uidNumber","description"); $tmp = array(); foreach ($contexts as $index=>$context) { $search=ldap_search($ldap_conn, $context, $filter, $justthese); $info = ldap_get_entries($ldap_conn, $search); for ($i=0; $i < $info['count']; $i++) { $tmp[$info[$i]['cn'][0]]['cn'] = $info[$i]['cn'][0]; $tmp[$info[$i]['cn'][0]]['uidNumber'] = $info[$i]['uidnumber'][0]; $tmp[$info[$i]['cn'][0]]['description'] = utf8_decode($info[$i]['description'][0]); $sort[] = $info[$i]['cn'][0]; } } ldap_close($ldap_conn); if (!empty($sort)) { natcasesort($sort); foreach ($sort as $computer_cn) $return[$computer_cn] = $tmp[$computer_cn]; } return $return; } } function get_organizations($context, $selected='', $referral=false, $show_invisible_ou=true, $master=false) { $s = CreateObject('phpgwapi.sector_search_ldap'); $sectors_info = $s->get_organizations($context, $selected, $referral, $show_invisible_ou, $master); return $sectors_info; } function get_sectors($selected='', $referral=false, $show_invisible_ou=true) { $s = CreateObject('phpgwapi.sector_search_ldap'); $sectors_info = $s->get_sectors($selected, $referral, $show_invisible_ou); return $sectors_info; } // Get list of all levels, this function is used for sectors module. function get_sectors_list($contexts) { $a_sectors = array(); $dn = $GLOBALS['phpgw_info']['server']['ldap_root_dn']; $passwd = $GLOBALS['phpgw_info']['server']['ldap_root_pw']; $ldap_conn = ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']); ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); ldap_bind($ldap_conn,$dn,$passwd); $justthese = array("dn"); $filter = "(ou=*)"; $systemName = strtolower($GLOBALS['phpgw_info']['server']['system_name']); if ($systemName != '') $filter = "(&$filter(phpgwSystem=$systemName))"; foreach ($contexts as $context) { $search=ldap_search($ldap_conn, $context, $filter, $justthese); $info = ldap_get_entries($ldap_conn, $search); for ($i=0; $i<$info["count"]; $i++) { $a_sectors[] = $info[$i]['dn']; } } ldap_close($ldap_conn); // Retiro o count do array info e inverto o array para ordenação. foreach ($a_sectors as $context) { $array_dn = ldap_explode_dn ( $context, 1 ); $array_dn_reverse = array_reverse ( $array_dn, true ); // Retirar o indice count do array. array_pop ( $array_dn_reverse ); $inverted_dn[$context] = implode ( "#", $array_dn_reverse ); } // Ordenação natcasesort($inverted_dn); // Construção do select $level = 0; $options = array(); foreach ($inverted_dn as $dn=>$invert_ufn) { $display = ''; $array_dn_reverse = explode ( "#", $invert_ufn ); $array_dn = array_reverse ( $array_dn_reverse, true ); $level = count( $array_dn ) - (int)(count(explode(",", $GLOBALS['phpgw_info']['server']['ldap_context'])) + 1); if ($level == 0) $display .= '+'; else { for ($i=0; $i<$level; $i++) $display .= '---'; } reset ( $array_dn ); $display .= ' ' . (current ( $array_dn ) ); $dn = trim(strtolower($dn)); $options[$dn] = $display; } return $options; } function exist_account_lid($account_lid) { $conection = $GLOBALS['phpgw']->common->ldapConnect(); $sri = ldap_search($conection, $GLOBALS['phpgw_info']['server']['ldap_context'], "uid=" . $account_lid); $result = ldap_get_entries($conection, $sri); return $result['count']; } function exist_email($mail) { $conection = $GLOBALS['phpgw']->common->ldapConnect(); $sri = ldap_search($conection, $GLOBALS['phpgw_info']['server']['ldap_context'], "mail=" . $mail); $result = ldap_get_entries($conection, $sri); ldap_close($conection); if ($result['count'] == 0) return false; else return true; } function array_invert($array) { $result[] = end($array); while ($item = prev($array)) $result[] = $item; return $result; } function get_next_id() { // Busco o ID dos accounts $query_accounts = "SELECT id FROM phpgw_nextid WHERE appname = 'accounts'"; $GLOBALS['phpgw']->db->query($query_accounts); while($GLOBALS['phpgw']->db->next_record()) { $result_accounts[] = $GLOBALS['phpgw']->db->row(); } $accounts_id = $result_accounts[0]['id']; // Busco o ID dos groups $query_groups = "SELECT id FROM phpgw_nextid WHERE appname = 'groups'"; $GLOBALS['phpgw']->db->query($query_groups); while($GLOBALS['phpgw']->db->next_record()) { $result_groups[] = $GLOBALS['phpgw']->db->row(); } $groups_id = $result_groups[0]['id']; //Retorna o maior dos ID's if ($accounts_id >= $groups_id) return $accounts_id; else return $groups_id; } function make_list_app($account_lid, $user_applications='', $disabled='') { // create list of ALL available apps $availableAppsGLOBALS = $GLOBALS['phpgw_info']['apps']; // create list of available apps for the user $query = "SELECT * FROM phpgw_expressoadmin_apps WHERE manager_lid = '".$account_lid."'"; $GLOBALS['phpgw']->db->query($query); while($GLOBALS['phpgw']->db->next_record()) { $availableApps[] = $GLOBALS['phpgw']->db->row(); } // Retira alguns modulos if (count($availableApps)) { foreach ($availableApps as $key => $value) { if ($value['app'] != 'phpgwapi') $tmp[] = $availableApps[$key]; } } $availableApps = $tmp; // Cria um array com as aplicacoes disponiveis para o manager, com as atributos das aplicacoes. $availableAppsUser = array(); if (count($availableApps)) { foreach($availableApps as $app => $title) { if ($availableAppsGLOBALS[$title['app']]) $availableAppsUser[$title['app']] = $availableAppsGLOBALS[$title['app']]; } } // Loop para criar dinamicamente uma tabela com 3 colunas, cada coluna com um aplicativo e um check box. $applications_list = ''; $app_col1 = ''; $app_col2 = ''; $app_col3 = ''; $total_apps = count($availableAppsUser); $i = 0; foreach($availableAppsUser as $app => $data) { // 1 coluna if (($i +1) % 3 == 1) { $checked = $user_applications[$app] ? 'CHECKED' : ''; $app_col1 = sprintf("