| [ Index ] |
|
Code source de eZ Publish 3.9.0 |
1 <?php 2 // 3 // Definition of eZLDAPUser class 4 // 5 // Created on: <24-Jul-2003 15:48:06 wy> 6 // 7 // SOFTWARE NAME: eZ publish 8 // SOFTWARE RELEASE: 3.9.0 9 // BUILD VERSION: 17785 10 // COPYRIGHT NOTICE: Copyright (C) 1999-2006 eZ systems AS 11 // SOFTWARE LICENSE: GNU General Public License v2.0 12 // NOTICE: > 13 // This program is free software; you can redistribute it and/or 14 // modify it under the terms of version 2.0 of the GNU General 15 // Public License as published by the Free Software Foundation. 16 // 17 // This program is distributed in the hope that it will be useful, 18 // but WITHOUT ANY WARRANTY; without even the implied warranty of 19 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 // GNU General Public License for more details. 21 // 22 // You should have received a copy of version 2.0 of the GNU General 23 // Public License along with this program; if not, write to the Free 24 // Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 25 // MA 02110-1301, USA. 26 // 27 // 28 29 /*! \file ezldapuser.php 30 */ 31 32 /*! 33 \class eZLDAPUser ezldapuser.php 34 \ingroup eZDatatype 35 \brief The class eZLDAPUser does 36 37 */ 38 include_once ( "kernel/classes/datatypes/ezuser/ezusersetting.php" ); 39 include_once ( "kernel/classes/datatypes/ezuser/ezuser.php" ); 40 include_once ( 'lib/ezutils/classes/ezini.php' ); 41 42 class eZLDAPUser extends eZUser 43 { 44 /*! 45 Constructor 46 */ 47 function eZLDAPUser() 48 { 49 } 50 51 /*! 52 \static 53 Logs in the user if applied username and password is 54 valid. The userID is returned if succesful, false if not. 55 */ 56 function &loginUser( $login, $password, $authenticationMatch = false ) 57 { 58 $http =& eZHTTPTool::instance(); 59 $db =& eZDB::instance(); 60 61 if ( $authenticationMatch === false ) 62 $authenticationMatch = eZUser::authenticationMatch(); 63 64 $loginEscaped = $db->escapeString( $login ); 65 $passwordEscaped = $db->escapeString( $password ); 66 67 $loginArray = array(); 68 if ( $authenticationMatch & EZ_USER_AUTHENTICATE_LOGIN ) 69 $loginArray[] = "login='$loginEscaped'"; 70 if ( $authenticationMatch & EZ_USER_AUTHENTICATE_EMAIL ) 71 $loginArray[] = "email='$loginEscaped'"; 72 if ( count( $loginArray ) == 0 ) 73 $loginArray[] = "login='$loginEscaped'"; 74 $loginText = implode( ' OR ', $loginArray ); 75 76 $contentObjectStatus = EZ_CONTENT_OBJECT_STATUS_PUBLISHED; 77 78 $ini =& eZINI::instance(); 79 $LDAPIni =& eZINI::instance( 'ldap.ini' ); 80 $databaseImplementation = $ini->variable( 'DatabaseSettings', 'DatabaseImplementation' ); 81 // if mysql 82 if ( $databaseImplementation == "ezmysql" ) 83 { 84 $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login 85 FROM ezuser, ezcontentobject 86 WHERE ( $loginText ) AND 87 ezcontentobject.status='$contentObjectStatus' AND 88 ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( $loginText ) AND password_hash=PASSWORD('$passwordEscaped') ) )"; 89 } 90 else 91 { 92 $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login 93 FROM ezuser, ezcontentobject 94 WHERE ( $loginText ) AND 95 ezcontentobject.status='$contentObjectStatus' AND 96 ezcontentobject.id=contentobject_id"; 97 } 98 99 $users = $db->arrayQuery( $query ); 100 $exists = false; 101 if ( count( $users ) >= 1 ) 102 { 103 foreach ( array_keys( $users ) as $key ) 104 { 105 $userRow =& $users[$key]; 106 $userID = $userRow['contentobject_id']; 107 $hashType = $userRow['password_hash_type']; 108 $hash = $userRow['password_hash']; 109 $exists = eZUser::authenticateHash( $userRow['login'], $password, eZUser::site(), 110 $hashType, 111 $hash ); 112 113 // If hash type is MySql 114 if ( $hashType == EZ_USER_PASSWORD_HASH_MYSQL and $databaseImplementation == "ezmysql" ) 115 { 116 $queryMysqlUser = "SELECT contentobject_id, password_hash, password_hash_type, email, login 117 FROM ezuser, ezcontentobject 118 WHERE ezcontentobject.status='$contentObjectStatus' AND 119 password_hash_type=4 AND ( $loginText ) AND password_hash=PASSWORD('$passwordEscaped') "; 120 $mysqlUsers = $db->arrayQuery( $queryMysqlUser ); 121 if ( count( $mysqlUsers ) >= 1 ) 122 $exists = true; 123 } 124 125 eZDebugSetting::writeDebug( 'kernel-user', eZUser::createHash( $userRow['login'], $password, eZUser::site(), 126 $hashType ), "check hash" ); 127 eZDebugSetting::writeDebug( 'kernel-user', $hash, "stored hash" ); 128 // If current user has been disabled after a few failed login attempts. 129 $canLogin = eZUser::isEnabledAfterFailedLogin( $userID ); 130 131 if ( $exists ) 132 { 133 // We should store userID for warning message. 134 $GLOBALS['eZFailedLoginAttemptUserID'] = $userID; 135 136 $userSetting = eZUserSetting::fetch( $userID ); 137 $isEnabled = $userSetting->attribute( "is_enabled" ); 138 if ( $hashType != eZUser::hashType() and 139 strtolower( $ini->variable( 'UserSettings', 'UpdateHash' ) ) == 'true' ) 140 { 141 $hashType = eZUser::hashType(); 142 $hash = eZUser::createHash( $login, $password, eZUser::site(), 143 $hashType ); 144 $db->query( "UPDATE ezuser SET password_hash='$hash', password_hash_type='$hashType' WHERE contentobject_id='$userID'" ); 145 } 146 break; 147 } 148 } 149 } 150 if ( $exists and $isEnabled and $canLogin ) 151 { 152 eZDebugSetting::writeDebug( 'kernel-user', $userRow, 'user row' ); 153 $user = new eZUser( $userRow ); 154 eZDebugSetting::writeDebug( 'kernel-user', $user, 'user' ); 155 $userID = $user->attribute( 'contentobject_id' ); 156 157 eZUser::updateLastVisit( $userID ); 158 eZUser::setCurrentlyLoggedInUser( $user, $userID ); 159 160 // Reset number of failed login attempts 161 eZUser::setFailedLoginAttempts( $userID, 0 ); 162 163 return $user; 164 } 165 else if ( $LDAPIni->variable( 'LDAPSettings', 'LDAPEnabled' ) == "true" ) 166 { 167 // read LDAP ini settings 168 // and then try to bind to the ldap server 169 170 $LDAPVersion = $LDAPIni->variable( 'LDAPSettings', 'LDAPVersion' ); 171 $LDAPServer = $LDAPIni->variable( 'LDAPSettings', 'LDAPServer' ); 172 $LDAPPort = $LDAPIni->variable( 'LDAPSettings', 'LDAPPort' ); 173 $LDAPBaseDN = $LDAPIni->variable( 'LDAPSettings', 'LDAPBaseDn' ); 174 $LDAPBindUser = $LDAPIni->variable( 'LDAPSettings', 'LDAPBindUser' ); 175 $LDAPBindPassword = $LDAPIni->variable( 'LDAPSettings', 'LDAPBindPassword' ); 176 $LDAPSearchScope = $LDAPIni->variable( 'LDAPSettings', 'LDAPSearchScope' ); 177 178 $LDAPLoginAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPLoginAttribute' ); 179 $LDAPFirstNameAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPFirstNameAttribute' ); 180 $LDAPLastNameAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPLastNameAttribute' ); 181 $LDAPEmailAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPEmailAttribute' ); 182 183 $defaultUserPlacement = $ini->variable( "UserSettings", "DefaultUserPlacement" ); 184 185 $LDAPUserGroupAttributeType = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupAttributeType' ); 186 $LDAPUserGroupAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupAttribute' ); 187 188 if ( $LDAPIni->hasVariable( 'LDAPSettings', 'Utf8Encoding' ) ) 189 { 190 $Utf8Encoding = $LDAPIni->variable( 'LDAPSettings', 'Utf8Encoding' ); 191 if ( $Utf8Encoding == "true" ) 192 $isUtf8Encoding = true; 193 else 194 $isUtf8Encoding = false; 195 } 196 else 197 { 198 $isUtf8Encoding = false; 199 } 200 201 if ( $LDAPIni->hasVariable( 'LDAPSettings', 'LDAPSearchFilters' ) ) 202 { 203 $LDAPFilters = $LDAPIni->variable( 'LDAPSettings', 'LDAPSearchFilters' ); 204 } 205 if ( $LDAPIni->hasVariable( 'LDAPSettings', 'LDAPUserGroupType' ) and $LDAPIni->hasVariable( 'LDAPSettings', 'LDAPUserGroup' ) ) 206 { 207 $LDAPUserGroupType = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupType' ); 208 $LDAPUserGroup = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroup' ); 209 } 210 211 $LDAPFilter = "( &"; 212 if ( count( $LDAPFilters ) > 0 ) 213 { 214 foreach ( array_keys( $LDAPFilters ) as $key ) 215 { 216 $LDAPFilter .= "(" . $LDAPFilters[$key] . ")"; 217 } 218 } 219 $LDAPEqualSign = trim($LDAPIni->variable( 'LDAPSettings', "LDAPEqualSign" ) ); 220 $LDAPBaseDN = str_replace( $LDAPEqualSign, "=", $LDAPBaseDN ); 221 $LDAPFilter = str_replace( $LDAPEqualSign, "=", $LDAPFilter ); 222 223 $ds = ldap_connect( $LDAPServer, $LDAPPort ); 224 225 if ( $ds ) 226 { 227 ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, $LDAPVersion ); 228 if ( $LDAPBindUser == '' ) 229 { 230 $r = ldap_bind( $ds ); 231 } 232 else 233 { 234 $r = ldap_bind( $ds, $LDAPBindUser, $LDAPBindPassword ); 235 } 236 if ( !$r ) 237 { 238 // Increase number of failed login attempts. 239 if ( isset( $userID ) ) 240 eZUser::setFailedLoginAttempts( $userID ); 241 242 $user = false; 243 return $user; 244 } 245 246 $LDAPFilter .= "($LDAPLoginAttribute=$login)"; 247 $LDAPFilter .= ")"; 248 249 ldap_set_option( $ds, LDAP_OPT_SIZELIMIT, 0 ); 250 ldap_set_option( $ds, LDAP_OPT_TIMELIMIT, 0 ); 251 252 $retrieveAttributes = array( $LDAPLoginAttribute, 253 $LDAPFirstNameAttribute, 254 $LDAPLastNameAttribute, 255 $LDAPEmailAttribute ); 256 if ( $LDAPUserGroupAttributeType ) 257 $retrieveAttributes[] = $LDAPUserGroupAttribute; 258 259 if ( $LDAPSearchScope == "one" ) 260 $sr = ldap_list( $ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes ); 261 else if ( $LDAPSearchScope == "base" ) 262 $sr = ldap_read( $ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes ); 263 else 264 $sr = ldap_search( $ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes ); 265 266 $info = ldap_get_entries( $ds, $sr ) ; 267 if ( $info['count'] > 1 ) 268 { 269 // More than one user with same uid, not allow login. 270 $user = false; 271 return $user; 272 } 273 else if ( $info['count'] < 1 ) 274 { 275 // Increase number of failed login attempts. 276 if ( isset( $userID ) ) 277 eZUser::setFailedLoginAttempts( $userID ); 278 279 // user DN was not found 280 $user = false; 281 return $user; 282 } 283 284 if( !$password ) 285 { 286 $password = crypt( microtime() ); 287 } 288 289 // is it real authenticated LDAP user? 290 if ( !@ldap_bind( $ds, $info[0]['dn'], $password ) ) 291 { 292 // Increase number of failed login attempts. 293 if ( isset( $userID ) ) 294 eZUser::setFailedLoginAttempts( $userID ); 295 296 $user = false; 297 return $user; 298 } 299 300 $extraNodeAssignments = array(); 301 302 // default user group assigning 303 if ( $LDAPUserGroupType != null ) 304 { 305 if ( $LDAPUserGroupType == "name" ) 306 { 307 if ( is_array( $LDAPUserGroup ) ) 308 { 309 foreach ( array_keys( $LDAPUserGroup ) as $key ) 310 { 311 $groupName = $LDAPUserGroup[$key]; 312 $groupQuery = "SELECT ezcontentobject_tree.node_id 313 FROM ezcontentobject, ezcontentobject_tree 314 WHERE ezcontentobject.name like '$groupName' 315 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 316 AND ezcontentobject.contentclass_id=3"; 317 $groupObject = $db->arrayQuery( $groupQuery ); 318 if ( count( $groupObject ) > 0 and $key == 0 ) 319 { 320 $defaultUserPlacement = $groupObject[0]['node_id']; 321 } 322 else if ( count( $groupObject ) > 0 ) 323 { 324 $extraNodeAssignments[] = $groupObject[0]['node_id']; 325 } 326 } 327 } 328 else 329 { 330 $groupName = $LDAPUserGroup; 331 $groupQuery = "SELECT ezcontentobject_tree.node_id 332 FROM ezcontentobject, ezcontentobject_tree 333 WHERE ezcontentobject.name like '$groupName' 334 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 335 AND ezcontentobject.contentclass_id=3"; 336 $groupObject = $db->arrayQuery( $groupQuery ); 337 338 if ( count( $groupObject ) > 0 ) 339 { 340 $defaultUserPlacement = $groupObject[0]['node_id']; 341 } 342 } 343 } 344 else if ( $LDAPUserGroupType == "id" ) 345 { 346 if ( is_array( $LDAPUserGroup ) ) 347 { 348 foreach ( array_keys( $LDAPUserGroup ) as $key ) 349 { 350 $groupID = $LDAPUserGroup[$key]; 351 $groupQuery = "SELECT ezcontentobject_tree.node_id 352 FROM ezcontentobject, ezcontentobject_tree 353 WHERE ezcontentobject.id='$groupID' 354 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 355 AND ezcontentobject.contentclass_id=3"; 356 $groupObject = $db->arrayQuery( $groupQuery ); 357 if ( count( $groupObject ) > 0 and $key == 0 ) 358 { 359 $defaultUserPlacement = $groupObject[0]['node_id']; 360 } 361 else if ( count( $groupObject ) > 0 ) 362 { 363 $extraNodeAssignments[] = $groupObject[0]['node_id']; 364 } 365 } 366 } 367 else 368 { 369 $groupID = $LDAPUserGroup; 370 $groupQuery = "SELECT ezcontentobject_tree.node_id 371 FROM ezcontentobject, ezcontentobject_tree 372 WHERE ezcontentobject.id='$groupID' 373 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 374 AND ezcontentobject.contentclass_id=3"; 375 $groupObject = $db->arrayQuery( $groupQuery ); 376 377 if ( count( $groupObject ) > 0 ) 378 { 379 $defaultUserPlacement = $groupObject[0]['node_id']; 380 } 381 } 382 } 383 } 384 385 $adminUser = eZUser::fetchByName( 'admin' ); 386 $adminUserContentObjectID = $adminUser->attribute( 'contentobject_id' ); 387 388 // read group mapping LDAP settings 389 $LDAPGroupMappingType = $LDAPIni->variable( 'LDAPSettings', 'LDAPGroupMappingType' ); 390 $LDAPUserGroupMap = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupMap' ); 391 392 if ( !is_array( $LDAPUserGroupMap ) ) 393 $LDAPUserGroupMap = array(); 394 395 // group mapping constants 396 $ByMemberAttribute = 'SimpleMapping'; // by group's member attributes (with mapping) 397 $ByMemberAttributeHierarhicaly = 'GetGroupsTree'; // by group's member attributes hierarhically 398 $ByGroupAttribute = 'UseGroupAttribute'; // by user's group attribute (old style) 399 $groupMappingTypes = array( $ByMemberAttribute, 400 $ByMemberAttributeHierarhicaly, 401 $ByGroupAttribute); 402 403 $userData =& $info[ 0 ]; 404 405 // default mapping using old style 406 if ( !in_array( $LDAPGroupMappingType, $groupMappingTypes ) ) 407 { 408 $LDAPGroupMappingType = $ByGroupAttribute; 409 } 410 411 if ( $LDAPGroupMappingType == $ByMemberAttribute or 412 $LDAPGroupMappingType == $ByMemberAttributeHierarhicaly ) 413 { 414 $LDAPGroupBaseDN = $LDAPIni->variable( 'LDAPSettings', 'LDAPGroupBaseDN' ); 415 $LDAPGroupClass = $LDAPIni->variable( 'LDAPSettings', 'LDAPGroupClass' ); 416 417 $LDAPGroupNameAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPGroupNameAttribute' ); 418 $LDAPGroupMemberAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPGroupMemberAttribute' ); 419 $LDAPGroupDescriptionAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPGroupDescriptionAttribute' ); 420 421 $groupSearchingDepth = ( $LDAPGroupMappingType == '1' ) ? 1 : 1000; 422 423 // now, get all parents for currently ldap authenticated user 424 $requiredParams = array(); 425 $requiredParams[ 'LDAPLoginAttribute' ] = $LDAPLoginAttribute; 426 $requiredParams[ 'LDAPGroupBaseDN' ] = $LDAPGroupBaseDN; 427 $requiredParams[ 'LDAPGroupClass' ] = $LDAPGroupClass; 428 $requiredParams[ 'LDAPGroupNameAttribute' ] = $LDAPGroupNameAttribute; 429 $requiredParams[ 'LDAPGroupMemberAttribute' ] = $LDAPGroupMemberAttribute; 430 $requiredParams[ 'LDAPGroupDescriptionAttribute' ] = $LDAPGroupDescriptionAttribute; 431 $requiredParams[ 'ds' ] =& $ds; 432 $requiredParams[ 'TopUserGroupNodeID' ] = 5; 433 434 $groupsTree = array(); 435 $stack = array(); 436 $newfilter = '(&(objectClass=' . $LDAPGroupClass . ')(' . $LDAPGroupMemberAttribute . '=' . $userData['dn'] . '))'; 437 438 $groupsTree[ $userData['dn'] ] = array( 'data' => & $userData, 439 'parents' => array(), 440 'children' => array() ); 441 442 eZLDAPUser::getUserGroupsTree( $requiredParams, $newfilter, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth ); 443 $userRecord =& $groupsTree[ $userData['dn'] ]; 444 445 if ( $LDAPGroupMappingType == $ByMemberAttribute ) 446 { 447 if ( count( $userRecord[ 'parents' ] ) > 0 ) 448 { 449 $remappedGroupNames = array(); 450 foreach ( array_keys( $userRecord[ 'parents' ] ) as $key ) 451 { 452 $parentGroup =& $userRecord[ 'parents' ][ $key ]; 453 if ( isset( $parentGroup[ 'data' ][ $LDAPGroupNameAttribute ] ) ) 454 { 455 $ldapGroupName = $parentGroup[ 'data' ][ $LDAPGroupNameAttribute ]; 456 if ( is_array( $ldapGroupName ) ) 457 { 458 $ldapGroupName = ( $ldapGroupName[ 'count' ] > 0 ) ? $ldapGroupName[ 0 ] : ''; 459 } 460 461 // remap group name and check that group exists 462 if ( array_key_exists( $ldapGroupName, $LDAPUserGroupMap ) ) 463 { 464 $remmapedGroupName = $LDAPUserGroupMap[ $ldapGroupName ]; 465 $groupQuery = "SELECT ezcontentobject_tree.node_id 466 FROM ezcontentobject, ezcontentobject_tree 467 WHERE ezcontentobject.name like '$remmapedGroupName' 468 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 469 AND ezcontentobject.contentclass_id=3"; 470 $groupRow = $db->arrayQuery( $groupQuery ); 471 472 if ( count( $groupRow ) > 0 ) 473 { 474 $userRecord['new_parents'][] = $groupRow[ 0 ][ 'node_id' ]; 475 } 476 } 477 } 478 } 479 } 480 } 481 else if ( $LDAPGroupMappingType == $ByMemberAttributeHierarhicaly ) 482 { 483 eZUser::setCurrentlyLoggedInUser( $adminUser, $adminUserContentObjectID ); 484 485 $stack = array(); 486 goAndPublishGroups( $requiredParams, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth, true ); 487 } 488 if ( isset( $userRecord['new_parents'] ) and 489 count( $userRecord['new_parents'] ) > 0 ) 490 { 491 $defaultUserPlacement = $userRecord['new_parents'][0]; 492 $extraNodeAssignments = array_merge( $extraNodeAssignments, $userRecord['new_parents'] ); 493 } 494 } 495 else if ( $LDAPGroupMappingType == $ByGroupAttribute ) // old style mapping by group (employeetype) attribute 496 { 497 if ( $LDAPUserGroupAttributeType ) 498 { 499 $groupAttributeCount = $info[0][$LDAPUserGroupAttribute]['count']; 500 if ( $LDAPUserGroupAttributeType == "name" ) 501 { 502 for ( $i = 0; $i < $groupAttributeCount; $i++ ) 503 { 504 if ( $isUtf8Encoding ) 505 { 506 $groupName = utf8_decode( $info[0][$LDAPUserGroupAttribute][$i] ); 507 } 508 else 509 { 510 $groupName = $info[0][$LDAPUserGroupAttribute][$i]; 511 } 512 if ( $groupName != null ) 513 { 514 $groupQuery = "SELECT ezcontentobject_tree.node_id 515 FROM ezcontentobject, ezcontentobject_tree 516 WHERE ezcontentobject.name like '$groupName' 517 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 518 AND ezcontentobject.contentclass_id=3"; 519 $groupObject = $db->arrayQuery( $groupQuery ); 520 521 if ( count( $groupObject ) > 0 and $i == 0 ) 522 { 523 $defaultUserPlacement = $groupObject[0]['node_id']; 524 } 525 else if ( count( $groupObject ) > 0 ) 526 { 527 $extraNodeAssignments[] = $groupObject[0]['node_id']; 528 } 529 } 530 } 531 } 532 else if ( $LDAPUserGroupAttributeType == "id" ) 533 { 534 for ( $i = 0; $i < $groupAttributeCount; $i++ ) 535 { 536 if ( $isUtf8Encoding ) 537 { 538 $groupID = utf8_decode( $info[0][$LDAPUserGroupAttribute][$i] ); 539 } 540 else 541 { 542 $groupID = $info[0][$LDAPUserGroupAttribute][$i]; 543 } 544 545 if ( $groupID != null ) 546 { 547 $groupName = "LDAP " . $groupID; 548 $groupQuery = "SELECT ezcontentobject_tree.node_id 549 FROM ezcontentobject, ezcontentobject_tree 550 WHERE ezcontentobject.name like '$groupName' 551 AND ezcontentobject.id=ezcontentobject_tree.contentobject_id 552 AND ezcontentobject.contentclass_id=3"; 553 $groupObject = $db->arrayQuery( $groupQuery ); 554 555 if ( count( $groupObject ) > 0 and $i == 0 ) 556 { 557 $defaultUserPlacement = $groupObject[0]['node_id']; 558 } 559 else if ( count( $groupObject ) > 0 ) 560 { 561 $extraNodeAssignments[] = $groupObject[0]['node_id']; 562 } 563 } 564 } 565 } 566 } 567 } 568 569 $userAttributes = array( 'login' => $login, 570 'first_name' => $userData[ $LDAPFirstNameAttribute ][0], 571 'last_name' => $userData[ $LDAPLastNameAttribute ][0], 572 'email' => $userData[ $LDAPEmailAttribute ][0] ); 573 574 eZUser::setCurrentlyLoggedInUser( $adminUser, $adminUserContentObjectID ); 575 $existingUser = eZLDAPUser::publishUpdateUser( $extraNodeAssignments, $defaultUserPlacement, $userAttributes, $isUtf8Encoding ); 576 eZUser::setCurrentlyLoggedInUser( $existingUser, $existingUser->attribute( 'contentobject_id' ) ); 577 578 ldap_close( $ds ); 579 return $existingUser; 580 } 581 else 582 { 583 eZDebug::writeError( 'Cannot initialize connection for LDAP server', 'eZLDAPUser::loginUser()' ); 584 $user = false; 585 return $user; 586 } 587 } 588 else 589 { 590 // Increase number of failed login attempts. 591 if ( isset( $userID ) ) 592 eZUser::setFailedLoginAttempts( $userID ); 593 594 $user = false; 595 return $user; 596 } 597 } 598 599 /* 600 Static method, for internal usage only. 601 Publishes new or update existing user 602 */ 603 function publishUpdateUser( $parentNodeIDs, $defaultUserPlacement, $userAttributes, $isUtf8Encoding = false ) 604 { 605 $thisFunctionErrorLabel = 'eZLDAPUser.php, function publishUpdateUser()'; 606 607 if ( !is_array( $userAttributes ) or 608 !isset( $userAttributes[ 'login' ] ) or empty( $userAttributes[ 'login' ] ) ) 609 { 610 eZDebug::writeWarning( 'Empty user login passed.', 611 $thisFunctionErrorLabel ); 612 return false; 613 } 614 615 if ( ( !is_array( $parentNodeIDs ) or count( $parentNodeIDs ) < 1 ) and 616 !is_numeric( $defaultUserPlacement ) ) 617 { 618 eZDebug::writeWarning( 'No one parent node IDs was passed for publishing new user (login = "' . 619 $userAttributes[ 'login' ] . '")', 620 $thisFunctionErrorLabel ); 621 return false; 622 } 623 $parentNodeIDs[] = $defaultUserPlacement; 624 $parentNodeIDs = array_unique( $parentNodeIDs ); 625 626 627 $login = $userAttributes[ 'login' ]; 628 $first_name = $userAttributes[ 'first_name' ]; 629 $last_name = $userAttributes[ 'last_name' ]; 630 $email = $userAttributes[ 'email' ]; 631 632 $user = eZUser::fetchByName( $login ); 633 $createNewUser = ( is_object( $user ) ) ? false : true; 634 635 if ( $createNewUser ) 636 { 637 if ( !isset( $first_name ) or empty( $first_name ) or 638 !isset( $last_name ) or empty( $last_name ) or 639 !isset( $email ) or empty( $email ) ) 640 { 641 eZDebug::writeWarning( 'Cannot create user with empty first name (last name or email).', 642 $thisFunctionErrorLabel ); 643 return false; 644 } 645 646 $ini =& eZINI::instance(); 647 $userClassID = $ini->variable( "UserSettings", "UserClassID" ); 648 $userCreatorID = $ini->variable( "UserSettings", "UserCreatorID" ); 649 $defaultSectionID = $ini->variable( "UserSettings", "DefaultSectionID" ); 650 651 $class = eZContentClass::fetch( $userClassID ); 652 $contentObject = $class->instantiate( $userCreatorID, $defaultSectionID ); 653 654 $remoteID = "LDAP_" . $login; 655 $contentObject->setAttribute( 'remote_id', $remoteID ); 656 $contentObject->store(); 657 658 $userID = $contentObjectID = $contentObject->attribute( 'id' ); 659 660 $version =& $contentObject->version( 1 ); 661 $version->setAttribute( 'modified', time() ); 662 $version->setAttribute( 'status', EZ_VERSION_STATUS_DRAFT ); 663 $version->store(); 664 665 $user = eZLDAPUser::create( $userID ); 666 $user->setAttribute( 'login', $login ); 667 } 668 else 669 { 670 $userID = $contentObjectID = $user->attribute( 'contentobject_id' ); 671 $contentObject =& eZContentObject::fetch( $userID ); 672 $version =& $contentObject->attribute( 'current' ); 673 //$currentVersion = $contentObject->attribute( 'current_version' ); 674 } 675 676 //================= common part : start ======================== 677 $contentObjectAttributes =& $version->contentObjectAttributes(); 678 679 // find ant set 'name' and 'description' attributes (as standard user group class) 680 $firstNameIdentifier = 'first_name'; 681 $lastNameIdentifier = 'last_name'; 682 $firstNameAttribute = null; 683 $lastNameAttribute = null; 684 685 foreach( array_keys( $contentObjectAttributes ) as $key ) 686 { 687 $attribute =& $contentObjectAttributes[ $key ]; 688 if ( $attribute->attribute( 'contentclass_attribute_identifier' ) == $firstNameIdentifier ) 689 $firstNameAttribute =& $attribute; 690 else 691 if ( $attribute->attribute( 'contentclass_attribute_identifier' ) == $lastNameIdentifier ) 692 $lastNameAttribute =& $attribute; 693 } 694 if ( $firstNameAttribute ) 695 { 696 if ( $isUtf8Encoding ) 697 $first_name = utf8_decode( $first_name ); 698 $firstNameAttribute->setAttribute( 'data_text', $first_name ); 699 $firstNameAttribute->store(); 700 } 701 if ( $lastNameAttribute ) 702 { 703 if ( $isUtf8Encoding ) 704 $last_name = utf8_decode( $last_name ); 705 $lastNameAttribute->setAttribute( 'data_text', $last_name ); 706 $lastNameAttribute->store(); 707 } 708 709 $contentClass =& $contentObject->attribute( 'content_class' ); 710 $name = $contentClass->contentObjectName( $contentObject ); 711 $contentObject->setName( $name ); 712 713 $user->setAttribute( 'email', $email ); 714 $user->setAttribute( 'password_hash', "" ); 715 $user->setAttribute( 'password_hash_type', 0 ); 716 $user->store(); 717 //================= common part : end ========================== 718 719 if ( $createNewUser ) 720 { 721 reset( $parentNodeIDs ); 722 //$defaultPlacement = current( $parentNodeIDs ); 723 // prepare node assignments for publishing new user 724 foreach( $parentNodeIDs as $parentNodeID ) 725 { 726 $newNodeAssignment = eZNodeAssignment::create( array( 'contentobject_id' => $contentObjectID, 727 'contentobject_version' => 1, 728 'parent_node' => $parentNodeID, 729 'is_main' => ( $defaultUserPlacement == $parentNodeID ? 1 : 0 ) ) ); 730 $newNodeAssignment->setAttribute( 'parent_remote_id', "LDAP_" . $parentNodeID ); 731 $newNodeAssignment->store(); 732 } 733 734 //$adminUser = eZUser::fetchByName( 'admin' ); 735 //eZUser::setCurrentlyLoggedInUser( $adminUser, $adminUser->attribute( 'contentobject_id' ) ); 736 737 include_once ( 'lib/ezutils/classes/ezoperationhandler.php' ); 738 $operationResult = eZOperationHandler::execute( 'content', 'publish', array( 'object_id' => $contentObjectID, 739 'version' => 1 ) ); 740 } 741 else 742 { 743 $LDAPIni =& eZINI::instance( 'ldap.ini' ); 744 $keepGroupAssignment = ( $LDAPIni->hasVariable( 'LDAPSettings', 'KeepGroupAssignment' ) ) ? 745 ( $LDAPIni->variable( 'LDAPSettings', 'KeepGroupAssignment' ) == "enabled" ) : false; 746 747 if ( $keepGroupAssignment == false ) 748 { 749 $parentNodeID = $contentObject->attribute( 'main_parent_node_id' ); 750 if ( $defaultUserPlacement != $parentNodeID ) 751 { 752 //$adminUser = eZUser::fetchByName( 'admin' ); 753 //eZUser::setCurrentlyLoggedInUser( $adminUser, $adminUser->attribute( 'contentobject_id' ) ); 754 755 // Check: is there user has location (not main) in default placement 756 $nodeAssignmentList =& $version->nodeAssignments(); 757 $isAssignmentExist = false; 758 foreach ( array_keys( $nodeAssignmentList ) as $nodeAssignmentKey ) 759 { 760 $nodeAssignment =& $nodeAssignmentList[$nodeAssignmentKey]; 761 if ( $defaultUserPlacement == $nodeAssignment->attribute( 'parent_node' ) ) 762 { 763 $isAssignmentExist = true; 764 break; 765 } 766 } 767 768 if ( $isAssignmentExist ) 769 { 770 // make existing node as main 771 $existingNode = eZContentObjectTreeNode::fetchNode( $contentObjectID, $defaultUserPlacement ); 772 if ( !is_object( $existingNode ) ) 773 { 774 eZDebug::writeError( "Cannot find assigned node as $defaultUserPlacement's child.", 775 'kernel/classes/datatypes/ezuser/ezldapuser' ); 776 } 777 else 778 { 779 $existingNodeID = $existingNode->attribute( 'node_id' ); 780 $versionNum = $version->attribute( 'version' ); 781 eZContentObjectTreeNode::updateMainNodeID( $existingNodeID, $contentObjectID, $versionNum, $defaultUserPlacement ); 782 } 783 } 784 else 785 { 786 $mainNodeID = $contentObject->attribute( 'main_node_id' ); 787 $mainNode = eZContentObjectTreeNode::fetch( $mainNodeID ); 788 789 if ( !$mainNode->canMoveFrom() ) 790 { 791 eZDebug::writeError( "Cannot move node $mainNodeID.", 792 'kernel/classes/datatypes/ezuser/ezldapuser' ); 793 } 794 $newParentNode = eZContentObjectTreeNode::fetch( $defaultUserPlacement ); 795 // Check if we try to move the node as child of itself or one of its children 796 if ( in_array( $mainNodeID, $newParentNode->pathArray() ) ) 797 { 798 eZDebug::writeError( "Cannot move node $mainNodeID as child of itself or one of its own children (node $defaultUserPlacement).", 799 'kernel/classes/datatypes/ezuser/ezldapuser' ); 800 } 801 else 802 { 803 include_once ( 'kernel/classes/ezcontentobjecttreenodeoperations.php' ); 804 if ( !eZContentObjectTreeNodeOperations::move( $mainNodeID, $defaultUserPlacement ) ) 805 { 806 eZDebug::writeError( "Failed to move node $mainNodeID as child of parent node $defaultUserPlacement", 807 'kernel/classes/datatypes/ezuser/ezldapuser' ); 808 } 809 } 810 } 811 } 812 } 813 } 814 815 eZUser::updateLastVisit( $userID ); 816 //eZUser::setCurrentlyLoggedInUser( $user, $userID ); 817 // Reset number of failed login attempts 818 eZUser::setFailedLoginAttempts( $userID, 0 ); 819 return $user; 820 } 821 822 /* 823 Static method, for internal usage only. 824 Note: used user group class (see 'UserGroupClassID' ini setting, in 'UserSettings' section) 825 must have name attribute with indentifier equal 'name' 826 */ 827 function publishNewUserGroup( $parentNodeIDs, $newGroupAttributes, $isUtf8Encoding = false ) 828 { 829 $thisFunctionErrorLabel = 'eZLDAPUser.php, function publishNewUserGroup()'; 830 $newNodeIDs = array(); 831 832 if ( !is_array( $newGroupAttributes ) or 833 !isset( $newGroupAttributes[ 'name' ] ) or 834 empty( $newGroupAttributes[ 'name' ] ) ) 835 { 836 eZDebug::writeWarning( 'Cannot create user group with empty name.', 837 $thisFunctionErrorLabel ); 838 return $newNodeIDs; 839 } 840 if ( !is_array( $parentNodeIDs ) or count( $parentNodeIDs ) < 1 ) 841 { 842 eZDebug::writeWarning( 'No one parent node IDs was passed for publishing new group (group name = "' . 843 $newGroupAttributes[ 'name' ] . '")', 844 $thisFunctionErrorLabel ); 845 return $newNodeIDs; 846 } 847 848 $ini =& eZINI::instance(); 849 $userGroupClassID = $ini->variable( "UserSettings", "UserGroupClassID" ); 850 $userCreatorID = $ini->variable( "UserSettings", "UserCreatorID" ); 851 $defaultSectionID = $ini->variable( "UserSettings", "DefaultSectionID" ); 852 853 $userGroupClass = eZContentClass::fetch( $userGroupClassID ); 854 $contentObject = $userGroupClass->instantiate( $userCreatorID, $defaultSectionID ); 855 856 $remoteID = "LDAP_" . $newGroupAttributes[ 'name' ]; 857 $contentObject->setAttribute( 'remote_id', $remoteID ); 858 $contentObject->store(); 859 860 $contentObjectID = $contentObject->attribute( 'id' ); 861 862 reset( $parentNodeIDs ); 863 $defaultPlacement = current( $parentNodeIDs ); 864 array_shift( $parentNodeIDs ); 865 866 $nodeAssignment = eZNodeAssignment::create( array( 'contentobject_id' => $contentObjectID, 867 'contentobject_version' => 1, 868 'parent_node' => $defaultPlacement, 869 'is_main' => 1 ) ); 870 $nodeAssignment->setAttribute( 'parent_remote_id', "LDAP_" . $defaultPlacement ); 871 $nodeAssignment->store(); 872 873 foreach( $parentNodeIDs as $parentNodeID ) 874 { 875 $newNodeAssignment = eZNodeAssignment::create( array( 'contentobject_id' => $contentObjectID, 876 'contentobject_version' => 1, 877 'parent_node' => $parentNodeID, 878 'is_main' => 0 ) ); 879 $newNodeAssignment->setAttribute( 'parent_remote_id', "LDAP_" . $parentNodeID ); 880 $newNodeAssignment->store(); 881 } 882 883 $version =& $contentObject->version( 1 ); 884 $version->setAttribute( 'modified', time() ); 885 $version->setAttribute( 'status', EZ_VERSION_STATUS_DRAFT ); 886 $version->store(); 887 888 $contentObjectAttributes =& $version->contentObjectAttributes(); 889 890 // find ant set 'name' and 'description' attributes (as standard user group class) 891 $nameIdentifier = 'name'; 892 $descIdentifier = 'description'; 893 $nameContentAttribute = null; 894 $descContentAttribute = null; 895 foreach( array_keys( $contentObjectAttributes ) as $key ) 896 { 897 $attribute =& $contentObjectAttributes[ $key ]; 898 if ( $attribute->attribute( 'contentclass_attribute_identifier' ) == $nameIdentifier ) 899 { 900 $nameContentAttribute =& $attribute; 901 } else 902 if ( $attribute->attribute( 'contentclass_attribute_identifier' ) == $descIdentifier ) 903 { 904 $descContentAttribute =& $attribute; 905 } 906 } 907 if ( $nameContentAttribute ) 908 { 909 if ( $isUtf8Encoding ) 910 $newGroupAttributes[ 'name' ] = utf8_decode( $newGroupAttributes[ 'name' ] ); 911 $nameContentAttribute->setAttribute( 'data_text', $newGroupAttributes[ 'name' ] ); 912 $nameContentAttribute->store(); 913 } 914 if ( $descContentAttribute and 915 isset( $newGroupAttributes[ 'description' ] ) ) 916 { 917 if ( $isUtf8Encoding ) 918 $newGroupAttributes[ 'description' ] = utf8_decode( $newGroupAttributes[ 'description' ] ); 919 $descContentAttribute->setAttribute( 'data_text', $newGroupAttributes[ 'description' ] ); 920 $descContentAttribute->store(); 921 } 922 923 include_once ( 'lib/ezutils/classes/ezoperationhandler.php' ); 924 $operationResult = eZOperationHandler::execute( 'content', 'publish', array( 'object_id' => $contentObjectID, 925 'version' => 1 ) ); 926 $newNodes = eZContentObjectTreeNode::fetchByContentObjectID( $contentObjectID, true, 1 ); 927 foreach ( array_keys( $newNodes ) as $key ) 928 { 929 $newNode =& $newNodes[ $key ]; 930 $newNodeIDs[] = $newNode->attribute( 'node_id' ); 931 } 932 933 return $newNodeIDs; 934 } 935 936 /* 937 Static method, for internal usage only. 938 Recursive, publishes groups by prepared tree of groups returned by getUserGroupsTree() method 939 */ 940 function goAndPublishGroups( &$requiredParams, 941 $curDN, 942 &$groupsTree, 943 &$stack, 944 $depth, 945 $isUser = false ) 946 { 947 $thisFunctionErrorLabel = 'eZLDAPUser.php, function goAndPublishGroups()'; 948 if ( !isset( $groupsTree[ $curDN ] ) ) 949 { 950 eZDebug::writeError( 'Passed $curDN is not in result tree array.', 951 $thisFunctionErrorLabel ); 952 return false; 953 } 954 955 array_push( $stack, $curDN ); 956 $current =& $groupsTree[ $curDN ]; 957 958 // check the name 959 if ( $isUser ) 960 { 961 $currentName = $current[ 'data' ][ $requiredParams[ 'LDAPLoginAttribute' ] ]; 962 } 963 else 964 { 965 $currentName = $current[ 'data' ][ $requiredParams[ 'LDAPGroupNameAttribute' ] ]; 966 } 967 968 if ( is_array( $currentName ) and //count( $currentName ) > 1 and 969 isset( $currentName[ 'count' ] ) and $currentName[ 'count' ] > 0 ) 970 { 971 $currentName = $currentName[ 0 ]; 972 } 973 974 if ( empty( $currentName ) ) 975 { 976 eZDebug::writeWarning( "Cannot create/use group with empty name (dn = $curDN)", 977 $thisFunctionErrorLabel ); 978 return false; 979 } 980 981 // go through parents 982 if ( is_array( $current['parents'] ) and count( $current['parents'] ) > 0 ) 983 { 984 foreach( array_keys( $current['parents'] ) as $key ) 985 { 986 $parent =& $groupsTree[ $key ]; 987 988 if ( in_array( $parent['data']['dn'], $stack ) ) 989 { 990 $groupsTree[ '_recursion_detected_' ] = true; 991 eZDebug::writeError( 'Recursion is detected in the user-groups tree while getting parent groups for ' . $curDN, 992 $thisFunctionErrorLabel ); 993 return false; 994 } 995 if ( isset( $parent[ 'nodes' ] ) and count( $parent[ 'nodes' ] ) > 0 ) 996 { 997 continue; 998 } 999 $ret = goAndPublishGroups( $requiredParams, 1000 $parent['data']['dn'], 1001 $groupsTree, 1002 $stack, 1003 $depth - 1 ); 1004 if ( isset( $groupsTree[ '_recursion_detected_' ] ) and $groupsTree[ '_recursion_detected_' ] ) 1005 { 1006 return false; 1007 } 1008 } 1009 } 1010 else 1011 { 1012 // We've reached a top node 1013 if ( !isset( $groupsTree[ 'root' ] ) ) 1014 { 1015 $groupsTree[ 'root' ] = array( 'data' => null, 1016 'parents' => null, 1017 'children' => array(), 1018 'nodes' => array( $requiredParams[ 'TopUserGroupNodeID' ] ) ); 1019 } 1020 if ( !isset( $groupsTree[ 'root' ][ 'children' ][ $curDN ] ) ) 1021 $groupsTree[ 'root' ][ 'children' ][ $curDN ] =& $current; 1022 if ( !isset( $current[ 'parents' ][ 'root' ] ) ) 1023 $current[ 'parents' ][ 'root' ] =& $groupsTree[ 'root' ]; 1024 } 1025 1026 if ( !isset( $current[ 'nodes' ] ) ) 1027 $current[ 'nodes' ] = array(); 1028 1029 $parentNodesForNew = array(); 1030 foreach( array_keys( $current[ 'parents' ] ) as $key ) 1031 { 1032 $parent =& $groupsTree[ $key ]; 1033 if ( is_array( $parent[ 'nodes' ] ) and count( $parent[ 'nodes' ] ) > 0 ) 1034 { 1035 foreach ( $parent[ 'nodes' ] as $parentNodeID ) 1036 { 1037 // fetch current parent node 1038 $parentNode = eZContentObjectTreeNode::fetch( $parentNodeID ); 1039 if ( is_object( $parentNode ) ) 1040 { 1041 $params = array( 'Depth' => 1, 1042 'AttributeFilter' => array( array( 'name', '=', $currentName ) ) ); 1043 $nodes =& eZContentObjectTreeNode::subTree( $params, $parentNodeID ); 1044 1045 if ( is_array( $nodes ) and count( $nodes ) > 0 and !$isUser ) 1046 { 1047 // if group with given name already exist under $parentNode then get fetch 1048 // group node and remember its ID 1049 $node =& $nodes[ 0 ]; 1050 $nodeID = $node->attribute( 'node_id' ); 1051 $current[ 'nodes' ][] = $nodeID; 1052 } 1053 else 1054 { 1055 // if not exist then remember $parentNodeID to publish a new one 1056 $parentNodesForNew[] = $parentNodeID; 1057 } 1058 } 1059 else 1060 { 1061 eZDebug::writeError( 'Cannot fetch parent node for creating new user group ' . $parentNodeID, 1062 $thisFunctionErrorLabel ); 1063 } 1064 } 1065 } 1066 else 1067 { 1068 eZDebug::writeError( "Cannot get any published parent group for group/user with name = '$currentName'" . 1069 " (dn = '" . $current[ 'data' ]['dn'] . "')", 1070 $thisFunctionErrorLabel ); 1071 } 1072 } 1073 1074 if ( count( $parentNodesForNew ) > 0 ) 1075 { 1076 if ( $isUser ) 1077 { 1078 $current[ 'new_parents' ] = $parentNodesForNew; 1079 $newNodeIDs = array(); 1080 } 1081 else 1082 { 1083 $newNodeIDs = eZLDAPUser::publishNewUserGroup( $parentNodesForNew, array( 'name' => $currentName, 1084 'description' => '' ) ); 1085 } 1086 $current[ 'nodes' ] = array_merge( $current[ 'nodes' ], $newNodeIDs ); 1087 } 1088 1089 array_pop( $stack ); 1090 return true; 1091 } 1092 1093 /* 1094 Static method, for internal usage only 1095 Recursive method, which parses tree of groups from ldap server 1096 */ 1097 function getUserGroupsTree( &$requiredParams, 1098 $filter, 1099 $curDN, 1100 &$groupsTree, 1101 &$stack, // stack for recursion checking 1102 $depth = 0 ) 1103 { 1104 if ( $depth == 0 ) 1105 { 1106 return false; 1107 } 1108 $thisFunctionErrorLabel = 'eZLDAPUser.php, function getUserGroupsTree()'; 1109 1110 if ( !isset( $requiredParams[ 'LDAPGroupBaseDN' ] ) or empty( $requiredParams[ 'LDAPGroupBaseDN' ] ) or 1111 !isset( $requiredParams[ 'LDAPGroupClass' ] ) or empty( $requiredParams[ 'LDAPGroupClass' ] ) or 1112 !isset( $requiredParams[ 'LDAPGroupNameAttribute' ] ) or empty( $requiredParams[ 'LDAPGroupNameAttribute' ] ) or 1113 !isset( $requiredParams[ 'LDAPGroupMemberAttribute' ] ) or empty( $requiredParams[ 'LDAPGroupMemberAttribute' ] ) or 1114 !isset( $requiredParams[ 'ds' ] ) or !$requiredParams[ 'ds' ] ) 1115 { 1116 eZDebug::writeError( 'Missing one of required parameters.', 1117 $thisFunctionErrorLabel ); 1118 return false; 1119 } 1120 if ( !isset( $groupsTree[ $curDN ] ) ) 1121 { 1122 eZDebug::writeError( 'Passed $curDN is not in result tree array. Algorithm\'s usage error.', 1123 $thisFunctionErrorLabel ); 1124 return false; 1125 } 1126 array_push( $stack, $curDN ); 1127 1128 $LDAPGroupBaseDN =& $requiredParams[ 'LDAPGroupBaseDN' ]; 1129 $LDAPGroupClass =& $requiredParams[ 'LDAPGroupClass' ]; 1130 $LDAPGroupNameAttribute =& $requiredParams[ 'LDAPGroupNameAttribute' ]; 1131 $LDAPGroupMemberAttribute =& $requiredParams[ 'LDAPGroupMemberAttribute' ]; 1132 $LDAPGroupDescriptionAttribute =& $requiredParams[ 'LDAPGroupDescriptionAttribute' ]; 1133 $ds =& $requiredParams[ 'ds' ]; 1134 1135 $current =& $groupsTree[ $curDN ]; 1136 1137 $retrieveAttributes = array( $LDAPGroupNameAttribute, 1138 $LDAPGroupMemberAttribute ); 1139 $sr = ldap_search( $ds, $LDAPGroupBaseDN, $filter, $retrieveAttributes ); 1140 $entries = ldap_get_entries( $ds, $sr ); 1141 1142 if ( is_array( $entries ) and 1143 isset( $entries[ 'count' ] ) and $entries[ 'count' ] > 0 ) 1144 { 1145 $newfilter = '(&(objectClass=' . $LDAPGroupClass . ')'; 1146 1147 for ( $i = 0; $i < $entries[ 'count' ]; $i++ ) 1148 { 1149 $parent =& $entries[ $i ]; 1150 if ( is_null( $parent ) ) 1151 continue; 1152 1153 $parentDN =& $parent['dn']; 1154 if ( in_array( $parentDN, $stack ) ) 1155 { 1156 $requiredParams[ 'LDAPGroupNameAttribute' ]; 1157 1158 eZDebug::writeError( 'Recursion is detected in the user-groups tree while getting parent groups for ' . $curDN, 1159 $thisFunctionErrorLabel ); 1160 $groupsTree[ '_recursion_detected_' ] = true; 1161 return false; 1162 } 1163 1164 if ( !isset( $groupsTree[ $parentDN ] ) ) 1165 { 1166 $groupsTree[ $parentDN ] = array( 'data' => $parent, 1167 'parents' => array(), 1168 'children' => array() ); 1169 } 1170 $groupsTree[ $parentDN ][ 'children' ][ $curDN ] =& $current; 1171 $current[ 'parents' ][ $parentDN ] =& $groupsTree[ $parentDN ]; 1172 $newfilter1 = $newfilter . '(' . $LDAPGroupMemberAttribute . '=' . $parentDN . '))'; 1173 $ret = eZLDAPUser::getUserGroupsTree( $requiredParams, 1174 $newfilter1, 1175 $parentDN, 1176 $groupsTree, 1177 $stack, 1178 $depth - 1 ); 1179 if ( isset( $groupsTree[ '_recursion_detected_' ] ) and 1180 $groupsTree[ '_recursion_detected_' ] ) 1181 { 1182 return false; 1183 } 1184 } 1185 } 1186 else 1187 { 1188 // We've reached a top node 1189 if ( !isset( $groupsTree[ 'root' ] ) ) 1190 { 1191 $groupsTree[ 'root' ] = array( 'data' => null, 1192 'parents' => null, 1193 'children' => array(), 1194 'nodes' => array( $requiredParams[ 'TopUserGroupNodeID' ] ) ); 1195 } 1196 if ( !isset( $groupsTree[ 'root' ][ 'children' ][ $curDN ] ) ) 1197 $groupsTree[ 'root' ][ 'children' ][ $curDN ] =& $current; 1198 if ( !isset( $current[ 'parents' ][ 'root' ] ) ) 1199 $current[ 'parents' ][ 'root' ] =& $groupsTree[ 'root' ]; 1200 } 1201 1202 array_pop( $stack ); 1203 return true; 1204 } 1205 1206 1207 } 1208 1209 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sat Feb 24 10:30:04 2007 | par Balluche grâce à PHPXref 0.7 |