martin: server/kolab/kolab/admin/user create_user.php,1.9.2.3,1.9.2.4
cvs at intevation.de
cvs at intevation.de
Mon Aug 4 18:41:46 CEST 2003
Author: martin
Update of /kolabrepository/server/kolab/kolab/admin/user
In directory doto:/tmp/cvs-serv27017/kolab/admin/user
Modified Files:
Tag: KOLAB_1_0
create_user.php
Log Message:
Martin: Limit alias editing to maintainers and admins. (www gui + ldap acls)
Index: create_user.php
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/admin/user/create_user.php,v
retrieving revision 1.9.2.3
retrieving revision 1.9.2.4
diff -u -d -r1.9.2.3 -r1.9.2.4
--- create_user.php 31 Jul 2003 22:46:15 -0000 1.9.2.3
+++ create_user.php 4 Aug 2003 16:41:44 -0000 1.9.2.4
@@ -106,7 +106,7 @@
{
global $attributes;
foreach ($attributes as $attr) {
- if ($attr == 'uid' || $attr == 'mail') continue;
+ if ($attr == 'uid' || $attr == 'mail' || $attr == 'alias') continue;
if (empty($a[$attr])) $a[$attr] = array(0 => "", 'count' => 1);
}
return $a;
@@ -149,7 +149,9 @@
return '';
}
-$blacklist = array('cn', 'sn', 'uid', 'mail', 'userPassword');
+$blacklist = array('cn', 'sn', 'uid', 'mail', 'userPassword', 'alias' );
+
+$not_user_edit = array('mail', 'alias' );
function black ($a)
{
@@ -157,7 +159,7 @@
return in_array($a,$blacklist);
}
-$noshow = array('objectClass','cn','sn', 'mail', 'userPassword', 'uid');
+$noshow = array('objectClass','cn','sn', 'mail', 'userPassword', 'uid', 'alias');
function noshow ($a)
@@ -199,6 +201,16 @@
return FALSE;
}
+function valid_alias ($a, $b)
+// $a=alias $b=uid
+{
+ global $link;
+ if (($result = ldap_search(
+ $link,$_SESSION['base_dn'],"(|(mail=".$a.")(&(alias=".$a.")(!(mail=".$b."))))")) &&
+ (ldap_count_entries($link,$result) <= 0))
+ return TRUE;
+ return FALSE;
+}
$ldap_object = array('objectClass' => "inetOrgPerson");
@@ -207,20 +219,15 @@
array_push($errors, "Communication Error: could bind to ldap://$ldap_server:$ldap_port ".ldap_error($link));
if (!$errors) {
// ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3);
- if (($result = ldap_read($link, $_SESSION['base_dn'], "(objectclass=*)")) &&
- ($entry = ldap_first_entry($link,$result)) &&
- ($dattrs = ldap_get_attributes($link,$entry))) {
-
- $domain = $dattrs['postfix-mydomain'][0];
- $dcs = array_reverse(explode('.', $domain));
- $domain_dn = $_SESSION['base_dn'];
- foreach ($dcs as $dc) $domain_dn = "dc=$dc,".$domain_dn;
-
- } else array_push($errors, "LDAP Error: could not determin domain");
- $domain_dn = $_SESSION['base_dn'];
-
- if ($action == "kill") {
+ if (($group == "maintainer" || $group == "admin") &&
+ ($result = ldap_search($link, $_SESSION['base_dn'], "(k=kolab)")) &&
+ ($entry = ldap_first_entry($link,$result)) &&
+ ($dattrs = ldap_get_attributes($link,$entry))) {
+ $domain = $dattrs['postfix-mydomain'][0];
+ }
+ $domain_dn = $_SESSION['base_dn'];
+ if ($action == "kill") {
if (!$dn) array_push($errors, "Error: need dn for delete operation");
elseif ($group != "maintainer" && $group != "admin")
array_push($errors, "Error: you need administrative permissions to delete users");
@@ -231,7 +238,6 @@
if (!(ldap_modify($link,$dn,$delete_template))) {
array_push($errors, "LDAP Error: could not mark ".utf8_decode($dn)." for deletion ".ldap_error($link));
} else {
-// system("sudo -u kolab /kolab/etc/kolab/kolab_buildconfig &");
print("<tr><td><center> The object ".utf8_decode($dn)." has been deleted </td></tr>\n");
}
}
@@ -241,15 +247,6 @@
switch ($action) {
case "firstsave":
- #if (!empty($HTTP_GET_VARS['uid_0']) &&
- # uid_ok($HTTP_GET_VARS['uid_0'])) {
- # $ldap_object['uid'] = trim(strtolower(urldecode($HTTP_GET_VARS['uid_0'])));
- # // $ldap_object['mail'] = $ldap_object['uid']."@".$domain;
- #} else {
- # $comment['uid_0'] = "<span style=\"color:#FF0000\"> Fill in valid uid (lowercase <br>
- # letters and digits only, e. g. jblack)</span>";
- # missing_input();
- #}
if (empty($HTTP_GET_VARS['mail_0'])) {
$comment['mail_0'] = "<span style=\"color:#FF0000\"> Fill in valid email address</span>";
missing_input();
@@ -290,14 +287,24 @@
missing_input();
}
}
-
- if (!empty($HTTP_GET_VARS['mail_0']) && is_unique('mail',$HTTP_GET_VARS['mail_0'])) {
- $ldap_object['mail'] = trim(strtolower(urldecode($HTTP_GET_VARS['mail_0'])));
- if ($action == "firstsave") $ldap_object['uid'] = $ldap_object['mail'];
- } else {
- $comment['mail_0'] = "<span style=\"color:#FF0000\">email address is already taken by another user</span>";
- missing_input();
- }
+
+// mail_0
+ if ($action == "firstsave"){
+ if (!empty($HTTP_GET_VARS['mail_0'])){
+ if (is_unique('mail',$HTTP_GET_VARS['mail_0']) && is_unique('alias',$HTTP_GET_VARS['mail_0'])){
+ $ldap_object['mail'] = trim(strtolower(urldecode($HTTP_GET_VARS['mail_0'])));
+ $ldap_object['uid'] = $ldap_object['mail'];
+ }
+ else {
+ $comment['mail_0'] = "<span style=\"color:#FF0000\">email address is already taken by another user</span>";
+ missing_input();
+ }
+ }
+ else {
+ $comment['mail_0'] = "<span style=\"color:#FF0000\">Fill in email address</span>";
+ missing_input();
+ }
+ }
foreach ($attributes as $attr) {
if (black($attr)) continue;
@@ -313,23 +320,18 @@
elseif (!empty($HTTP_GET_VARS[$key])) $ldap_object[$attr] = $HTTP_GET_VARS[$key];
}
if ($group == "maintainer" || $group == "admin") {
+ if (valid_alias($HTTP_GET_VARS['alias_0'],$HTTP_GET_VARS['mail_0'])) {
+ $ldap_object['alias'] = trim(strtolower(urldecode($HTTP_GET_VARS['alias_0'])));
+ }
+ else {
+ $comment['alias_0'] = "<span style=\"color:#FF0000\">alias address entered not available</span>";
+ }
if (!empty($HTTP_GET_VARS['visible']) && $HTTP_GET_VARS['visible'] == "true")
$visible = true;
else $visible = false;
}
if (!$visible) $dn_add = ",cn=internal";
else $dn_add = "";
-//print("ldap_object: "); print_r($ldap_object); print("<br>");
-
- #if (!empty($ldap_object['uid']) && !is_unique('uid',$ldap_object['uid'])) {
- # $comment['uid_0'] = "<span style=\"color:#FF0000\"> Error: This uid is already taken by another user </span>";
- # missing_input();
- #}
- if (!empty($ldap_object['alias']) && !is_unique('alias',$ldap_object['alias'])) {
- $comment['alias_0'] = "<span style=\"color:#FF0000\"> Error: the alias you gave is <br>".
- "already taken by another user</span>";
- missing_input();
- }
$ldap_object = to_utf8($ldap_object);
if ($action == "save") {
if (!$errors) {
@@ -354,6 +356,7 @@
if ($group == "user") {
unset($ldap_object['sn']);
unset($ldap_object['cn']);
+ unset($ldap_object['alias']);
}
if (!ldap_modify($link, $dn, $ldap_object))
array_push($errors, "LDAP Error: could not modify object $dn ".ldap_error($link));
@@ -364,7 +367,6 @@
$dn = "cn=".$ldap_object['cn'].$dn_add.",".$domain_dn;
if ($dn && !ldap_add($link, $dn, $ldap_object))
array_push($errors, "LDAP Error: could not add object $dn ".ldap_error($link));
-// else system("sudo -u kolab /kolab/etc/kolab/kolab_buildconfig &");
}
if ($errors) {
print("<TR><TD><center><H1> Create New User </H1></center></TD></TR>\n");
@@ -407,8 +409,6 @@
$width = 50;
-//print "ldap_object gelesen: "; print_r($ldap_object); print "<br>";
-
if (in_array($action, $valid_actions) && $action != "kill") {
print "<TR><TD><CENTER><form action=\"$myself\" method=\"GET\">\n";
switch ($action) {
@@ -461,7 +461,7 @@
print "<tr><td> Password </td><td>\n";
print "<input type=\"password\" name=\"password_0\" size=$width maxlength=80 value=\"$password_0\">\n";
print "</td><td>".(comment('password_0'))."</td></tr>\n";
- print "<tr><td> Verfiy Password </td><td>\n";
+ print "<tr><td> Verify Password </td><td>\n";
print "<input type=\"password\" name=\"password_1\" size=$width maxlength=80 value=\"$password_1\">\n";
print "</td><td>".(comment('password_1'))."</td></tr>\n";
print "<tr><td> Primary Email Address</td><td>\n";
@@ -473,6 +473,22 @@
}
print "name=\"mail_0\" size=$width maxlength=80 value=\"$mail_0\">\n";
print "<td>".(comment('mail_0'))."</td></tr>\n";
+
+ print "<tr><td> E-Mail Alias </td><td>\n";
+ if (isset($ldap_object['alias']) && is_array($ldap_object['alias'])) $alias_0 = $ldap_object['alias'][0];
+ else {
+ if (isset($ldap_object['alias'])) $alias_0 = $ldap_object['alias'];
+ else {
+ $alias_0 = "";
+ }
+ }
+ print "<input type=\"text\" ";
+ if ( ($group != "admin") && ($group != "maintainer") ) {
+ print " readonly ";
+ }
+ print "name=\"alias_0\" size=$width maxlength=80 value=\"$alias_0\">\n";
+ print "<td>".(comment('alias_0'))."</td></tr>\n";
+
}
foreach ($attributes as $attr) {
@@ -486,7 +502,10 @@
print "<tr><td> $battr </td><td>\n";
if ($action != "delete") {
if (!black($attr)) {
- print "<input type=\"text\" name=\"".$attr."_".$count."\" size=$width maxlength=80 value=\"".$value[$count]."\">\n";
+ print "<input type=\"text\" ";
+ print "name=\"".$attr."_".$count."\" ".
+ "size=$width maxlength=80 value=\"".
+ $value[$count]."\">\n";
} else {
if ($value[$count]) print "$value[$count]";
else print "(not set)";
More information about the commits
mailing list