34f248dbbd70a0ced6935273dc391f8ba476ac57
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20 require "tabs_group.inc";
22 class groupManagement extends plugin
23 {
24 /* Definitions */
25 var $plHeadline= "Groups";
26 var $plDescription= "This does something";
27 var $departments = array();
29 /* Dialog attributes */
30 var $grouptab= NULL;
31 var $grouplist= array();
32 var $ui= NULL;
33 var $acl= "";
35 function groupManagement ($config, $ui)
36 {
37 /* Save configuration for internal use */
38 $this->config= $config;
39 $this->ui= $ui;
41 /* Get global filter config */
42 if (!is_global("groupfilter")){
43 $base= get_base_from_people($ui->dn);
44 $groupfilter= array("primarygroups" => "checked",
45 "mailgroups" => "checked",
46 "sambagroups" => "checked",
47 "appgroups" => "checked",
48 "functionalgroups" => "checked",
49 "guser" => "*",
50 "subsearch" => "",
51 "depselect" => $base,
52 "regex" => "*");
53 register_global("groupfilter", $groupfilter);
54 }
55 }
57 function execute()
58 {
59 /* Save data */
60 $groupfilter= get_global("groupfilter");
61 $s_action = "";
62 $s_entry = "";
65 if (!isset($this->grouptab)){
66 foreach( array("depselect", "guser", "regex") as $type){
67 if (isset($_POST[$type])){
68 $groupfilter[$type]= $_POST[$type];
69 }
70 }
71 if (isset($_POST['regex'])){
72 foreach( array("primarygroups", "sambagroups", "mailgroups", "appgroups",
73 "functionalgroups", "subsearch") as $type){
75 if (isset($_POST[$type])) {
76 $groupfilter[$type]= "checked";
77 } else {
78 $groupfilter[$type]= "";
79 }
80 }
81 }
82 if (isset($_GET['search'])){
83 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
84 if ($s == "**"){
85 $s= "*";
86 }
87 $groupfilter['regex']= $s;
88 }
89 register_global("groupfilter", $groupfilter);
90 }
93 /* Test Posts */
94 foreach($_POST as $key => $val){
95 // Post for delete
96 if(preg_match("/group_del.*/",$key)){
97 $s_action = "del";
98 $s_entry = preg_replace("/group_".$s_action."_/i","",$key);
99 // Post for edit
100 }elseif(preg_match("/group_edit_.*/",$key)){
101 $s_action="edit";
102 $s_entry = preg_replace("/group_".$s_action."_/i","",$key);
103 // Post for new
104 }elseif(preg_match("/dep_back.*/i",$key)){
105 $s_action="back";
106 }elseif(preg_match("/group_new.*/",$key)){
107 $s_action="new";
108 }elseif(preg_match("/dep_home.*/i",$key)){
109 $s_action="home";
110 }elseif(preg_match("/group_tplnew.*/i",$key)){
111 $s_action="new_tpl";
112 }elseif(preg_match("/group_chgpw.*/i",$key)){
113 $s_action="change_pw";
114 $s_entry = preg_replace("/group_chgpw_/i","",$key);
115 }elseif(preg_match("/dep_root.*/i",$key)){
116 $s_action="root";
117 }
118 }
119 $s_entry = preg_replace("/_.$/","",$s_entry);
121 /* Start for New List Managment */
122 if(isset($_GET['act'])&&($_GET['act']=="dep_open")){
123 $s_action="open";
124 $s_entry = base64_decode($_GET['dep_id']);
125 $groupfilter['depselect']= "".$this->config->departments[trim($s_entry)];
126 }
128 // Edit if
129 if((isset($_GET['act']))&&($_GET['act']=="edit_entry")){
130 $s_action ="edit";
131 $s_entry = $_GET['id'];
132 }
134 /* Department changed? */
135 if(isset($_POST['depselect']) && $_POST['depselect']){
136 $groupfilter['depselect']= $_POST['depselect'];
137 }
139 /* Homebutton is posted */
140 if($s_action=="home"){
141 $groupfilter['depselect']= (preg_replace("/^[^,]+,/","",$this->ui->dn));
142 $groupfilter['depselect']= (preg_replace("/^[^,]+,/","",$groupfilter['depselect']));
143 }
145 if($s_action=="root"){
146 $groupfilter['depselect']=($this->config->current['BASE']);
147 }
149 /* If Backbutton is Posted */
150 if($s_action == "back"){
151 $base_back= preg_replace("/^[^,]+,/","",$groupfilter['depselect']);
152 $base_back= convert_department_dn($base_back);
154 if(isset($this->config->departments[trim($base_back)])){
155 $groupfilter['depselect']= $this->config->departments[trim($base_back)];
156 }else{
157 $groupfilter['depselect']= $this->config->departments["/"];
158 }
159 }
160 register_global("groupfilter", $groupfilter);
162 $smarty= get_smarty();
164 /* Prepare formular */
165 $this->reload();
167 /* Check for exeeded sizelimit */
168 if (($message= check_sizelimit()) != ""){
169 return($message);
170 }
172 /* New group? */
173 if ($s_action=="new"){
175 /* By default we set 'dn' to 'new', all relevant plugins will
176 react on this. */
177 $this->dn= "new";
179 /* Create new usertab object */
180 $this->grouptab= new grouptabs($this->config,
181 $this->config->data['TABS']['GROUPTABS'], $this->dn);
182 $this->grouptab->set_acl(array(':all'));
183 }
185 /* Cancel dialogs */
186 if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
187 del_lock ($this->grouptab->dn);
188 unset ($this->grouptab);
189 $this->grouptab= NULL;
190 unset($_SESSION['objectinfo']);
191 }
193 /* Finish group edit is triggered by the tabulator dialog, so
194 the user wants to save edited data. Check and save at this
195 point. */
196 if (isset($_POST['edit_finish'])){
198 /* Check tabs, will feed message array */
199 $message= $this->grouptab->check();
201 /* Save, or display error message? */
202 if (count($message) == 0){
204 /* Save user data to ldap */
205 $this->grouptab->save();
206 gosa_log ("Group object'".$this->dn."' has been saved");
208 /* Group has been saved successfully, remove lock from
209 LDAP. */
210 if ($this->dn != "new"){
211 del_lock ($this->dn);
212 }
214 /* There's no page reload so we have to read new users at
215 this point. */
216 $this->reload ();
217 unset ($this->grouptab);
218 $this->grouptab= NULL;
219 unset ($_SESSION['objectinfo']);
221 } else {
222 /* Ok. There seem to be errors regarding to the tab data,
223 show message and continue as usual. */
224 show_errors($message);
225 }
226 }
228 /* User wants to edit data? */
229 if ($s_action=="edit"){
231 /* Get 'dn' from posted 'uid', must be unique */
232 $this->dn= $this->grouplist[trim($s_entry)]['dn'];
234 /* Check locking, save current plugin in 'back_plugin', so
235 the dialog knows where to return. */
236 if (($user= get_lock($this->dn)) != ""){
237 return(gen_locked_message ($user, $this->dn));
238 }
240 /* Lock the current entry, so everyone will get the
241 above dialog */
242 add_lock ($this->dn, $this->ui->dn);
244 /* Set up the users ACL's for this 'dn' */
245 $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
247 /* Register grouptab to trigger edit dialog */
248 $this->grouptab= new grouptabs($this->config,
249 $this->config->data['TABS']['GROUPTABS'], $this->dn);
250 $this->grouptab->set_acl($acl);
251 $_SESSION['objectinfo']= $this->dn;
252 }
254 /* Remove user was requested */
255 if ($s_action=="del"){
256 /* Get 'dn' from posted 'uid' */
257 $this->dn= $this->grouplist[trim($s_entry)]['dn'];
259 /* Load permissions for selected 'dn' and check if
260 we're allowed to remove this 'dn' */
261 $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
262 $this->acl= get_module_permission($acl, "group", $this->dn);
263 if (chkacl($this->acl, "delete") == ""){
265 /* Check locking, save current plugin in 'back_plugin', so
266 the dialog knows where to return. */
267 if (($user= get_lock($this->dn)) != ""){
268 return(gen_locked_message ($user, $this->dn));
269 }
271 /* Lock the current entry, so nobody will edit it during deletion */
272 add_lock ($this->dn, $this->ui->dn);
273 $smarty->assign("info", sprintf(_("You're about to delete the group '%s'."), $this->dn));
274 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
275 } else {
277 /* Obviously the user isn't allowed to delete. Show message and
278 clean session. */
279 print_red (_("You are not allowed to delete this group!"));
280 }
281 }
283 /* Confirmation for deletion has been passed. Group should be deleted. */
284 if (isset($_POST['delete_group_confirm'])){
286 /* Some nice guy may send this as POST, so we've to check
287 for the permissions again. */
288 if (chkacl($this->acl, "delete") == ""){
290 /* Delete request is permitted, perform LDAP action */
291 $this->grouptab= new grouptabs($this->config,
292 $this->config->data['TABS']['GROUPTABS'], $this->dn);
293 $this->grouptab->set_acl(array($this->acl));
294 $this->grouptab->delete ();
295 gosa_log ("Group object'".$this->dn."' has been removed");
296 unset ($this->grouptab);
297 $this->grouptab= NULL;
299 /* Group list has changed, reload it. */
300 $this->reload ();
301 } else {
303 /* Normally this shouldn't be reached, send some extra
304 logs to notify the administrator */
305 print_red (_("You are not allowed to delete this group!"));
306 gosa_log ("Warning: '".$this->ui->uid."' tried to trick group deletion.");
307 }
309 /* Remove lock file after successfull deletion */
310 del_lock ($this->dn);
311 unset($_SESSION['objectinfo']);
312 }
315 /* Delete group canceled? */
316 if (isset($_POST['delete_cancel'])){
317 del_lock ($this->dn);
318 unset($_SESSION['objectinfo']);
319 }
321 /* Show tab dialog if object is present */
322 if ($this->grouptab){
323 $display= $this->grouptab->execute();
325 /* Don't show buttons if tab dialog requests this */
326 if (!$this->grouptab->by_object[$this->grouptab->current]->dialog){
327 $display.= "<p style=\"text-align:right\">\n";
328 $display.= "<input type=submit name=\"edit_finish\" value=\""._("Finish")."\">\n";
329 $display.= " \n";
330 $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
331 $display.= "</p>";
332 }
333 return ($display);
334 }
336 /* Prepare departments */
337 $options= "";
338 foreach ($this->config->idepartments as $key => $value){
339 if ($groupfilter['depselect'] == $key){
340 $options.= "<option selected value='$key'>$value</option>";
341 } else {
342 $options.= "<option value='$key'>$value</option>";
343 }
344 }
346 // Managment
347 $listhead = "<div style='background:#F0F0F9;padding:5px;'>".
348 " <input type='image' align='middle' src='images/list_back.png' title='"._("Go up one department")."' alt='"._("Up")."' name='dep_back'> ".
349 " <input type='image' src='images/list_root.png' align='middle' title='"._("Go to root department")."' name='dep_root' alt='"._("Root")."'> ".
350 " <input type='image' align='middle' src='images/list_home.png' title='"._("Go to users department")."'
351 alt='"._("Home")."' name='dep_home'> ".
352 " <img src='images/list_seperator.png' align='middle' alt='' height='16' width='1'> ".
353 " <input type='image' align='middle' src='images/list_new_group.png' title='"._("Create new group")."'
354 alt='"._("New")."' name='group_new'> ".
355 " <img src='images/list_seperator.png' align='middle' alt='' height='16' width='1'> ".
356 _("Current base")." <select name='depselect' onChange='mainform.submit()'>$options</select>".
357 " <input type='image' src='images/list_submit.png' align='middle' title='"._("Submit department")."' name='submit_department' alt='"._("Submit")."'> ".
358 "</div>";
361 $actions = "<input type='image' src='images/edit.png' alt='"._("edit")."' name='group_edit_%KEY%' title='"._("Edit this entry")."'>";
362 $actions.= "<input type='image' src='images/edittrash.png' alt='"._("delete")."' name='group_del_%KEY%' title='"._("Delete this entry")."'>";
364 // Defining Links
365 $linkopen = "<a href='?plug=".$_GET['plug']."&act=dep_open&dep_id=%s'>%s</a>";
367 // image Buttons
368 $editlink = "<a href='?plug=".$_GET['plug']."&id=%s&act=edit_entry'>%s</a>";
369 $userimg = "<img src='images/select_groups.png' alt='User' title='%s'>";
371 // Extension images
372 $posiximg = "<img src='images/select_groups.png' alt='P' title='"._("Posix") ."'>";
373 $mailimg = "<img src='images/mailto.png' alt='M' title='"._("Mail") ."'>";
374 $sambaimg = "<img src='images/select_winstation.png' alt='S' title='"._("Samba") ."'>";
375 $applimg = "<img src='images/select_application.png' alt='A' title='"._("Application")."'>";
376 $phoneimg = "<img src='images/select_phone.png' alt='Ph' title='"._("Phone") ."'>";
377 $envimg = "<img src='images/network.png' alt='E' title='"._("Environment") ."'>";
378 // Space
379 $empty = "<img src='images/empty.png' style='width:16px;height:16px;' alt=''>";
382 $divlist = new divlist("groupstab");
383 $divlist->SetHeader(array(
384 array("string" => " "),
385 array("string" => _("Groupname")." / "._("Department")),
386 array("string" => _("Properties"), "attach" => "style='width:116px;'"),
387 array("string" => _("Actions") ,"attach" => "style='border:none'")
388 ));
391 $divlist->SetSummary(_("This table displays all groups, in the selected tree."));
392 $divlist->SetEntriesPerPage(20);
394 foreach($this->departments as $key=> $val){
396 if(!isset($this->config->departments[trim($key)])){
397 $this->config->departments[trim($key)]="";
398 }
400 $non_empty="";
401 $keys= str_replace("/","\/",$key);
402 foreach($this->config->departments as $keyd=>$vald ){
403 if(preg_match("/".$keys."\/.*/",$keyd)){
404 $non_empty="full";
405 }
406 }
409 $field1 = array("string" => "<img src='images/".$non_empty."folder.png' alt='department'>");
410 $field2 = array("string" => sprintf($linkopen,base64_encode($key),$val));
411 $field3 = array("string" => " ");
412 $field4 = array("string" => " ","attach"=>"style='text-align:right;border:none'");
414 $divlist->AddEntry(array($field1,$field2,$field3,$field4));
415 }
417 foreach($this->grouplist as $key => $val){
419 if(isset($val['objectClass'])){
420 if(in_array("posixGroup", $val['objectClass'])) $posix = $posiximg; else $posix = $empty;
421 if(in_array("gosaMailAccount", $val['objectClass'])) $mail = $mailimg; else $mail = $empty;
422 if(in_array("sambaGroupMapping", $val['objectClass'])) $samba = $sambaimg; else $samba = $empty;
423 if(in_array("gosaApplicationGroup", $val['objectClass'])) $appl = $applimg; else $appl = $empty;
424 if(in_array("goFonPickupGroup", $val['objectClass'])) $phone = $phoneimg; else $phone = $empty;
425 if(in_array("gotoEnvironment", $val['objectClass'])) $enviro= $envimg; else $enviro = $empty;
426 }else{
427 $posix=$mail=$samba=$appl=$phone=$empty;
428 }
430 $title = "title='gid : ".$key." - dn : ".$val['dn']."'";
432 if(!isset($val['description'][0])){
433 $desc = "";
434 }else{
435 $desc = " - [ ".$val['description'][0]." ]";
436 }
437 $field1 = array("string" => sprintf($userimg,$val['dn']),"attach"=>"style='width:20px;align:middle;'");
438 $field2 = array("string" => sprintf($editlink,$key,($val['cn']['0'].$desc)),"attach"=>$title);
439 $field3 = array("string" => $posix." ".$enviro." ".$mail." ".$samba." ".$appl." ".$phone);
440 $field4 = array("string" => preg_replace("/%KEY%/", $key, $actions),"attach"=>"style='text-align:right;border:none;width:32px;'");
442 $divlist->AddEntry(array($field1,$field2,$field3,$field4));
443 }
445 /* Show main page */
446 $smarty->assign("grouplisthead", $listhead);
447 $smarty->assign("grouplist", $divlist->DrawList());
448 $smarty->assign("search_image", get_template_path('images/search.png'));
449 $smarty->assign("searchu_image", get_template_path('images/search_user.png'));
450 $smarty->assign("tree_image", get_template_path('images/tree.png'));
451 $smarty->assign("infoimage", get_template_path('images/info.png'));
452 $smarty->assign("launchimage", get_template_path('images/launch.png'));
453 $smarty->assign("deplist", $this->config->idepartments);
454 foreach( array("depselect", "guser", "regex", "primarygroups", "mailgroups","appgroups", "sambagroups", "functionalgroups", "subsearch") as $type){
455 $smarty->assign("$type", $groupfilter[$type]);
456 }
458 /* Extend if we are not using javascript */
459 $smarty->assign("apply", apply_filter());
460 $smarty->assign("alphabet", generate_alphabet());
461 $smarty->assign("hint", print_sizelimit_warning());
463 return($smarty->fetch(get_template_path('headpage.tpl', TRUE)));
464 }
466 function reload($CreatePosixsList=false)
467 {
468 /* Get config */
469 $groupfilter= get_global('groupfilter');
471 /* Set base for all searches */
472 $base= $groupfilter['depselect'];
474 /* Regex filter? */
475 if ($groupfilter['regex'] != ""){
476 $regex= $groupfilter['regex'];
477 } else {
478 $regex= "*";
479 }
481 /* User filter? */
482 $filter= "(objectclass=posixGroup)";
483 $error= "";
484 $error2= "";
485 $this->grouplist= array();
487 /* What are primary groups? */
488 $primaries= array();
489 $ldap= $this->config->get_ldap_link();
490 $ldap->cd($base);
491 $ldap->search("(&(uid=$regex)(!(uid=*$))(objectClass=posixAccount)(gidNumber=*))", array("gidNumber", "cn"));
492 show_ldap_error($ldap->get_error());
493 while ($attrs= $ldap->fetch()){
494 $primaries[$attrs['gidNumber'][0]]= $attrs['cn'][0];
495 }
497 /* Set filter depending on selection */
498 $sfilter= "";
499 if ($groupfilter['appgroups'] == "checked"){
500 $filter.= "(objectClass=gosaApplicationGroup)";
501 }
502 if ($this->config->current['SAMBAVERSION'] == 3){
503 if ($groupfilter['primarygroups'] != "checked"){
504 $sfilter= "(objectClass=sambaGroupMapping)";
505 } elseif ($groupfilter['sambagroups'] == "checked"){
506 $filter.= "(objectClass=sambaGroupMapping)";
507 }
508 }
510 if ($groupfilter['mailgroups'] == "checked"){
511 $filter.= "(objectClass=gosaMailAccount)";
512 }
513 $functional= array();
514 $ldap->cd(get_groups_ou().$base);
515 $ldap->set_size_limit($_SESSION['size_limit']);
516 $ldap->search("(&(cn=$regex)(objectClass=posixGroup)(!(|(objectClass=gosaMailAccount)(objectClass=gosaApplicationGroup)$sfilter)))", array("cn", "gidNumber", "description"));
517 $error2= $ldap->error;
518 while ($attrs= $ldap->fetch()){
519 if (!isset($primaries[$attrs['gidNumber'][0]])){
520 $functional[$attrs['gidNumber'][0]]= $attrs['gidNumber'][0];
521 }
522 }
524 /*
525 * We also need to search for the departments
526 * So we are able to navigate like in konquerer
527 */
529 /* Only needed if we are in GroupManagement */
530 if(!$CreatePosixsList){
531 $res3 = get_list2($this->ui->subtreeACL, "(&(|(ou=$regex)(description=$regex))(objectClass=gosaDepartment))",
532 FALSE, $base, array("ou", "description"), TRUE);
533 $this->departments= array();
534 $tmp = array();
535 foreach ($res3 as $value){
536 $tmp[strtolower($value['dn']).$value['dn']]=$value;
537 }
538 ksort($tmp);
539 foreach($tmp as $value){
540 if($value["description"][0]!=".."){
541 $this->departments[$value['dn']]=convert_department_dn2($value['dn'])." - [".$value["description"][0]."]";
542 }else{
543 $this->departments[$value['dn']]=$value["description"][0];
544 }
545 }
546 }
547 /* Ende department generation
548 */
550 /* Generate grouplist */
551 if ($filter != ""){
552 $filter= "(&(cn=$regex)(objectClass=posixGroup)(|$filter))";
553 if ($groupfilter['guser'] != ""){
554 $filter= "(&(|(memberUID=" . $groupfilter['guser'] . ")(cn=" . $groupfilter['guser'] . "))$filter)";
555 }
556 }
558 /* Depending on $CreatePosixsList we have to create different lists */
560 if ($groupfilter['subsearch'] == "checked"){
561 $res= get_list($this->ui->subtreeACL, "$filter", FALSE, $base, array("cn", "description", "gidNumber"), TRUE);
562 } else {
563 $base= get_groups_ou().$base;
564 $res= get_list($this->ui->subtreeACL, "$filter", FALSE, $base, array("cn", "description", "gidNumber"), TRUE);
565 }
566 if (preg_match("/size limit/i", $error) || preg_match("/size limit/i", $error2)){
567 $_SESSION['limit_exceeded']= TRUE;
568 }
570 foreach ($res as $value){
571 if ($groupfilter['functionalgroups'] != "checked" && isset($functional[$value['gidNumber'][0]])){
572 continue;
573 }
574 if ($groupfilter['primarygroups'] == "checked"){
575 $this->grouplist[$value['gidNumber'][0]]= $value;
576 } else {
577 if (!isset($primaries[$value['gidNumber'][0]])){
578 $this->grouplist[$value['gidNumber'][0]]= $value;
579 }
580 }
581 }
583 $tmp=array();
585 /* If true ; this result is used for posix tab, group membership selection. */
586 if($CreatePosixsList){
588 /* Addd to array */
589 foreach($this->grouplist as $tkey => $val ){
590 $tmp[strtolower($val['cn'][0]).$val['cn'][0]]=$val;
591 }
593 /* Sort index */
594 ksort($tmp);
596 /* Recreate index array[dn]=cn[description]*/
597 $this->grouplist=array();
598 foreach($tmp as $val){
599 if(isset($val['description'])){
600 $this->grouplist[$val['dn']]=$val['cn'][0]." [".$val['description'][0]."]";
601 }else{
602 $this->grouplist[$val['dn']]=$val['cn'][0];
603 }
604 }
605 }else{
607 /* Create result for group management listbox*/
608 foreach($this->grouplist as $tkey => $val ){
609 $tmp[strtolower($val['cn'][0]).$val['cn'][0]]=$val;
610 }
611 ksort($tmp);
612 $this->grouplist=array();
613 foreach($tmp as $val){
614 $this->grouplist[]=$val;
615 }
616 reset ($this->grouplist);
617 }
618 }
620 function remove_from_parent()
621 {
622 /* Optionally execute a command after we're done */
623 $this->postremove();
624 }
627 /* Save data to object */
628 function save_object()
629 {
630 }
633 /* Check values */
634 function check()
635 {
636 }
639 /* Save to LDAP */
640 function save()
641 {
642 /* Optionally execute a command after we're done */
643 $this->postcreate();
644 }
646 function adapt_from_template($dn)
647 {
648 }
650 function password_change_needed()
651 {
652 }
654 function show_header($button_text, $text, $disabled= FALSE)
655 {
656 }
658 function remove_lock()
659 {
660 if (isset($this->grouptab->dn)){
661 del_lock ($this->grouptab->dn);
662 }
663 }
665 }
667 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
668 ?>