diff --git a/gosa-core/plugins/personal/generic/class_user.inc b/gosa-core/plugins/personal/generic/class_user.inc
index accfef029ff36a60cae48b498d75d2e66057a193..da5180054daee2081c0b2ace8e55b483fd594e40 100644 (file)
}
/* Make hash default to md5 if not set in config */
- $hash= $this->config->get_cfg_value("core","passwordDefaultHash", "crypt/md5");
+ $hash= $this->config->get_cfg_value("core","passwordDefaultHash");
/* Load data from LDAP? */
if ($dn !== NULL){
/* Handle add/delete for restriction mode */
if (isset($_POST['add_res']) && isset($_POST['res'])) {
- $val= validate($_POST['res']);
+ $val= get_post('res');
if (preg_match('/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/', $val) ||
preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+)$/', $val) ||
preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/', $val)) {
$this->gosaLoginRestrictionWidget->addEntry($val);
} else {
- msg_dialog::display(_("Error"), _("Please add a single IP address or a network/netmask combination!"), ERROR_DIALOG);
+ msg_dialog::display(_("Error"), _("Please add a single IP address or a network/net mask combination!"), ERROR_DIALOG);
}
}
/* Save picture */
if (isset($_POST['picture_edit_finish'])){
- /* Check for clean upload */
- if ($_FILES['picture_file']['name'] != ""){
- if (!is_uploaded_file($_FILES['picture_file']['tmp_name'])) {
- msg_dialog::display(_("Error"), _("Cannot upload file!"), ERROR_DIALOG);
- }else{
- /* Activate new picture */
- $this->set_picture($_FILES['picture_file']['tmp_name']);
+ /* Check for clean upload */
+ if ($_FILES['picture_file']['name'] != ""){
+ $filename = gosa_file_name($_FILES['picture_file']['tmp_name']);
+ if (!file_exists($filename)) {
+ msg_dialog::display(_("Error"), _("Cannot upload file!"), ERROR_DIALOG);
+ }else{
+ /* Activate new picture */
+ $this->set_picture($filename);
+ }
}
- }
- $this->picture_dialog= FALSE;
+ $this->picture_dialog= FALSE;
$this->dialog= FALSE;
$this->is_modified= TRUE;
}
if (array_key_exists($val."_file", $_FILES) &&
array_key_exists('name', $_FILES[$val."_file"]) &&
$_FILES[$val."_file"]['name'] != "" &&
- is_uploaded_file($_FILES[$val."_file"]['tmp_name'])) {
- $this->set_cert("$val", $_FILES[$val."_file"]['tmp_name']);
+ is_readable($_FILES[$val."_file"]['tmp_name'])) {
+ $this->set_cert("$val", gosa_file_name($_FILES[$val."_file"]['tmp_name']));
}
}
if (isset($_POST["certificateSerialNumber"]) &&
$_POST["certificateSerialNumber"] != ""){
- if (!tests::is_id($_POST["certificateSerialNumber"])){
+ if (!tests::is_id(get_post('certificateSerialNumber'))){
$fail = true;
msg_dialog::display(_("Error"), msgPool::invalid(_("Serial number"),$_POST["certificateSerialNumber"],"/[0-9]/"),ERROR_DIALOG);
}
}
- $this->certificateSerialNumber= $_POST["certificateSerialNumber"];
+ $this->certificateSerialNumber= get_post("certificateSerialNumber");
$this->is_modified= TRUE;
}
if(!$fail){
/* Load attributes and acl's */
$ui =get_userinfo();
foreach($this->attributes as $val){
- $smarty->assign("$val", $this->$val);
- if(in_array($val,$this->multi_boxes)){
+ $smarty->assign("$val", set_post($this->$val));
+ if(in_array_strict($val,$this->multi_boxes)){
$smarty->assign("use_".$val,TRUE);
}else{
$smarty->assign("use_".$val,FALSE);
}
}
foreach(array("base","pw_storage","edit_picture") as $val){
- if(in_array($val,$this->multi_boxes)){
+ if(in_array_strict($val,$this->multi_boxes)){
$smarty->assign("use_".$val,TRUE);
}else{
$smarty->assign("use_".$val,FALSE);
// In case of multiple edit, we need a readonly ACL for the list.
$smarty->assign('gosaLoginRestriction_ONLY_R_ACL', preg_replace("/[^r]/i","", $this->getacl($val)));
- $smarty->assign("pwmode", $pwd_methods);
- $smarty->assign("pwmode_select", $this->pw_storage);
+ $smarty->assign("pwmode", set_post($pwd_methods));
+ $smarty->assign("pwmode_select", set_post($this->pw_storage));
$smarty->assign("pw_configurable", $is_configurable);
$smarty->assign("passwordStorageACL", $this->getacl("userPassword"));
$smarty->assign("CertificatesACL", $this->getacl("Certificate"));
"internet,ivbv", "internet,testa", "internet,ivbv,testa");
$smarty->assign("ivbbmodes", $ivbbmodes);
foreach ($this->govattrs as $val){
- $smarty->assign("$val", $this->$val);
+ $smarty->assign("$val", set_post($this->$val));
$smarty->assign("$val"."ACL", $this->getacl($val));
}
} else {
$smarty->assign("has_phoneaccount", "false");
}
$smarty->assign("multiple_support" , $this->multiple_support_active);
- $smarty->assign("manager_name",$this->manager_name);
+ $smarty->assign("manager_name", set_post($this->manager_name));
return($smarty->fetch (get_template_path('generic.tpl', TRUE, dirname(__FILE__))));
}
// Update 'manager' attributes from gosaDepartment and inetOrgPerson
$filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter($this->dn)."))";
$ocs = $ldap->get_objectclasses();
- if(isset($ocs['gosaDepartment']['MAY']) && in_array('manager', $ocs['gosaDepartment']['MAY'])){
+ if(isset($ocs['gosaDepartment']['MAY']) && in_array_strict('manager', $ocs['gosaDepartment']['MAY'])){
$filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter($this->dn).")))";
}
$leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'],
plugin::save_object ();
/* Refresh base */
- if ($this->acl_is_moveable($this->base)){
+ if ($this->acl_is_moveable($this->base) ||
+ ($this->dn == "new" && $this->acl_is_createable($this->base))){
if (!$this->baseSelector->update()) {
msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG);
}
if ($this->governmentmode){
foreach ($this->govattrs as $val){
if ($this->acl_is_writeable($val)){
- $data= stripcslashes($_POST["$val"]);
+ $data= get_post($val);
if ($data != $this->$val){
$this->is_modified= TRUE;
}
if (isset($_POST['pw_storage'])){
foreach(array("pw_storage") as $val){
if(isset($_POST[$val])){
- $data= validate($_POST[$val]);
+ $data= get_post($val);
if ($data != $this->$val){
$this->is_modified= TRUE;
}
} else {
- /* Fallback if there's no image magick inside PHP */
- if (!function_exists("imagick_blob2image")){
- /* Get temporary file name for conversation */
- $fname = tempnam (TEMP_DIR, "GOsa");
-
- /* Open file and write out photoData */
- $fp = fopen ($fname, "w");
- fwrite ($fp, $this->photoData);
- fclose ($fp);
-
- /* Build conversation query. Filename is generated automatically, so
- we do not need any special security checks. Exec command and save
- output. For PHP safe mode, you'll need a configuration which respects
- image magick as executable... */
- $query= "convert -size 147x200 $fname -resize 147x200 +profile \"*\" -";
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
- $query, "Execute");
-
- /* Read data written by convert */
- $output= "";
- $sh= popen($query, 'r');
- while (!feof($sh)){
- $output.= fread($sh, 4096);
- }
- pclose($sh);
-
- unlink($fname);
-
- /* Save attribute */
- $this->attrs["jpegPhoto"] = $output;
-
- } else {
-
- /* Load the new uploaded Photo */
- if(!$handle = imagick_blob2image($this->photoData)) {
- new log("debug","users/".get_class($this),$this->dn,array(),"Could not access uploaded image");
- }
+ if(class_exists('Imagick')){
+
+ $im = new Imagick();
+ $im->readImageBlob($this->photoData);
+ $im->setImageOpacity(1.0);
+ $im->resizeImage(147,200,Imagick::FILTER_UNDEFINED,0.5,TRUE);
+ $im->setCompressionQuality(90);
+ $im->setImageFormat('jpeg');
+ $this->attrs["jpegPhoto"] = $im->getImageBlob();
+
+ }elseif (exec('convert')){
+ /* Get temporary file name for conversation */
+ $fname = tempnam (TEMP_DIR, "GOsa");
+
+ /* Open file and write out photoData */
+ $fp = fopen ($fname, "w");
+ fwrite ($fp, $this->photoData);
+ fclose ($fp);
+
+ /* Build conversation query. Filename is generated automatically, so
+ we do not need any special security checks. Exec command and save
+ output. For PHP safe mode, you'll need a configuration which respects
+ image magick as executable... */
+ $query= "convert -size 147x200 $fname -resize 147x200 +profile \"*\" -";
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
+ $query, "Execute");
+
+ /* Read data written by convert */
+ $output= "";
+ $sh= popen($query, 'r');
+ while (!feof($sh)){
+ $output.= fread($sh, 4096);
+ }
+ pclose($sh);
- /* Resizing image to 147x200 and blur */
- if(!imagick_resize($handle,147,200,IMAGICK_FILTER_GAUSSIAN,0)){
- new log("debug","users/".get_class($this),$this->dn,array(),"Could not resize uploaded image");
- }
+ unlink($fname);
- /* Converting image to JPEG */
- if(!imagick_convert($handle,"JPEG")) {
- new log("debug","users/".get_class($this),$this->dn,array(),"Could not convert uploaded image to jepg");
- }
+ /* Save attribute */
+ $this->attrs["jpegPhoto"] = $output;
+ }else{
+ msg_dialog::display(_("Error"),
+ _("Cannot save user picture: GOsa requires the package 'imagemagick' or 'php5-imagick' to be installed!"),
+ ERROR_DIALOG);
- /* Creating binary Code for the Image */
- if(!$dump = imagick_image2blob($handle)){
- new log("debug","users/".get_class($this),$this->dn,array(),"Could not create new user image");
}
-
- /* Sending Image */
- $output= $dump;
-
- /* Save attribute */
- $this->attrs["jpegPhoto"] = $output;
- }
-
- }
-
- /* This only gets called when user is renaming himself */
- $ldap= $this->config->get_ldap_link();
- if ($this->dn != $this->new_dn){
-
- /* Write entry on new 'dn' */
- $this->update_acls($this->dn,$this->new_dn);
- $this->move($this->dn, $this->new_dn);
-
- /* Happen to use the new one */
- change_ui_dn($this->dn, $this->new_dn);
- $this->dn= $this->new_dn;
}
-
/* Save data. Using 'modify' implies that the entry is already present, use 'add' for
new entries. So do a check first... */
+ $ldap= $this->config->get_ldap_link();
$ldap->cat ($this->dn, array('dn'));
if ($ldap->fetch()){
$mode= "modify";
function update_new_dn()
{
// Alternative way to handle DN
- $pattern= $this->config->get_cfg_value("core","accountRDN");
+ $pattern= $this->config->get_cfg_value("user","accountRDN");
if ($pattern != "") {
$rdn= $this->create_initial_rdn($pattern);
$attribute= preg_replace('/=.*$/', '', $rdn);
/* Check if we are allowed to create/move this user */
if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
$message[]= msgPool::permCreate();
- }elseif($this->orig_dn != "new" && $this->new_dn != $this->orig_dn && !$this->acl_is_moveable($this->base)){
- $message[]= msgPool::permMove();
+ }elseif($this->orig_dn != "new" && $this->new_dn != $this->orig_dn){
+
+ /* Check if the objects dn has changed while the base was left unchanged.
+ * In this case we've to check move permissions for the object itself.
+ *
+ * If the base has changed then we've to check the permission for the destination
+ * base.
+ */
+ if($this->orig_base == $this->base && !$this->acl_is_moveable($this->dn)){
+ $message[]= msgPool::permMove();
+ }elseif($this->orig_base != $this->base && !$this->acl_is_moveable($this->base)){
+ $message[]= msgPool::permMove();
+ }
}
/* UID already used? */
return(FALSE);
}else{
- if(in_array("pw_storage",$this->multi_boxes)){
+ if(in_array_strict("pw_storage",$this->multi_boxes)){
return(TRUE);
}
return($this->pw_storage != $this->last_pw_storage && !$this->is_template);
/* Get base */
$this->base= preg_replace('/^[^,]+,'.preg_quote(get_people_ou(), '/').'/i', '', $dn);
+ $this->baseSelector->setBase($this->base);
if($this->governmentmode){
/* Walk through govattrs */
foreach ($this->govattrs as $val){
- if (in_array($val, $skip)){
+ if (in_array_strict($val, $skip)){
continue;
}
$this->givenName= $this->parent->givenName;
}
- if ($this->dateOfBirth) {
+ /* Generate dateOfBirth entry */
+ if (isset ($this->attrs['dateOfBirth'])){
/* This entry is ISO 8601 conform */
- list($year, $month, $day)= explode("-", $this->dateOfBirth, 3);
+ list($year, $month, $day)= explode("-", $this->attrs['dateOfBirth'][0], 3);
#TODO: use $lang to convert date
$this->dateOfBirth= "$day.$month.$year";
+ } else {
+ $this->dateOfBirth= "";
}
}
$smarty->assign("passwordTodo","clear");
if(isset($_POST['passwordTodo'])){
- $smarty->assign("passwordTodo",$_POST['passwordTodo']);
+ $smarty->assign("passwordTodo",set_post(get_post('passwordTodo')));
}
- $smarty->assign("sn", $this->sn);
- $smarty->assign("givenName",$this->givenName);
- $smarty->assign("uid", $this->uid);
+ $smarty->assign("sn", set_post($this->sn));
+ $smarty->assign("givenName",set_post($this->givenName));
+ $smarty->assign("uid", set_post($this->uid));
$smarty->assign("rand", $rand);
$str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE,dirname(__FILE__)));
$this->set_acl_base($this->base);
if((isset($_FILES['picture_file']['tmp_name'])) && ($_FILES['picture_file']['size'] > 0)){
- $this->set_picture($_FILES['picture_file']['tmp_name']);
+ $this->set_picture(gosa_file_name($_FILES['picture_file']['tmp_name']));
}
/* Remove picture? */
$attrs = array("uid","givenName","sn");
foreach($attrs as $attr){
if(isset($_POST[$attr])){
- $this->$attr = $_POST[$attr];
+ $this->$attr = get_post($attr);
}
}
}
"plCategory" => array("users" => array("description" => _("Users"),
"objectClass" => "gosaAccount")),
+ "plRequirements"=> array(
+ 'ldapSchema' => array(
+ 'gosaAccount' => '>=2.7',
+ 'gosaUserTemplate' => '>=2.7'
+ ),
+ 'onFailureDisablePlugin' => array(get_class(),'userManagement', 'user')
+ ),
+
+ "plProperties" => array(
+ array(
+ "name" => "accountRDN",
+ "type" => "string",
+ "default" => "",
+ "description" => _("Pattern for the generation of user DNs. Please read the FAQ for details."),
+ "check" => "gosaProperty::isString",
+ "migrate" => "",
+ "group" => "plugin",
+ "mandatory" => FALSE
+ )
+
+ ),
"plProvidedAcls" => array(
"sn" => _("Surname"),
"employeeType" => _("Employee type"),
"roomNumber" => _("Room number"),
- "telephoneNumber" => _("Telefon number"),
+ "telephoneNumber" => _("Telephone number"),
"pager" => _("Pager number"),
"mobile" => _("Mobile number"),
"facsimileTelephoneNumber" => _("Fax number"),
function get_multi_edit_values()
{
$ret = plugin::get_multi_edit_values();
- if(in_array("pw_storage",$this->multi_boxes)){
+ if(in_array_strict("pw_storage",$this->multi_boxes)){
$ret['pw_storage'] = $this->pw_storage;
}
- if(in_array("edit_picture",$this->multi_boxes)){
+ if(in_array_strict("edit_picture",$this->multi_boxes)){
$ret['jpegPhoto'] = $this->jpegPhoto;
$ret['photoData'] = $this->photoData;
$ret['old_jpegPhoto'] = $this->old_jpegPhoto;
unset($ret['cn']);
}
$ret['is_modified'] = $this->is_modified;
- if(in_array("base",$this->multi_boxes)){
+ if(in_array_strict("base",$this->multi_boxes)){
$ret['orig_base']="Changed_by_Multi_Plug";
$ret['base']=$this->base;
}
if (isset($_POST['pw_storage'])){
foreach(array("pw_storage") as $val){
if(isset($_POST[$val])){
- $data= validate(get_post($val));
+ $data= get_post($val);
if ($data != $this->$val){
$this->is_modified= TRUE;
}
if($this->dn == "new") {
$this->set_acl_base($this->base);
}
- if (!tests::is_url($this->labeledURI) && in_array("labeledURI",$this->multi_boxes)){
+ if (!tests::is_url($this->labeledURI) && in_array_strict("labeledURI",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Homepage"));
}
- if (!tests::is_phone_nr($this->telephoneNumber) && in_array("telephoneNumber",$this->multi_boxes)){
+ if (!tests::is_phone_nr($this->telephoneNumber) && in_array_strict("telephoneNumber",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Phone"), $this->telephoneNumber, "/[\/0-9 ()+*-]/");
}
- if (!tests::is_phone_nr($this->facsimileTelephoneNumber) && in_array("facsimileTelephoneNumber",$this->multi_boxes)){
+ if (!tests::is_phone_nr($this->facsimileTelephoneNumber) && in_array_strict("facsimileTelephoneNumber",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Fax"), $this->facsimileTelephoneNumber, "/[\/0-9 ()+*-]/");
}
- if (!tests::is_phone_nr($this->mobile) && in_array("mobile",$this->multi_boxes)){
+ if (!tests::is_phone_nr($this->mobile) && in_array_strict("mobile",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Mobile"), $this->mobile, "/[\/0-9 ()+*-]/");
}
- if (!tests::is_phone_nr($this->pager) && in_array("pager",$this->multi_boxes)){
+ if (!tests::is_phone_nr($this->pager) && in_array_strict("pager",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Pager"), $this->pager, "/[\/0-9 ()+*-]/");
}
- if (preg_match ('/[,+"?\'()=<>;\\\\]/', $this->givenName) && in_array("givenName",$this->multi_boxes)){
+ if (preg_match ('/[,+"?\'()=<>;\\\\]/', $this->givenName) && in_array_strict("givenName",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Given name"), $this->giveName, '/[^,+"?\'()=<>;\\\\]/');
}
- if (preg_match ('/[,+"?\'()=<>;\\\\]/', $this->sn) && in_array("sn",$this->multi_boxes)){
+ if (preg_match ('/[,+"?\'()=<>;\\\\]/', $this->sn) && in_array_strict("sn",$this->multi_boxes)){
$message[]= msgPool::invalid(_("Name"), $this->sn, '/[^,+"?\'()=<>;\\\\]/');
}
return($message);
// Update loginRestrictions, keep my settings while ip is optional
foreach($attrs['gosaLoginRestriction_some'] as $ip){
- if(in_array($ip, $this->gosaLoginRestriction) && in_array($ip, $attrs['gosaLoginRestriction'])){
+ if(in_array_strict($ip, $this->gosaLoginRestriction) && in_array_strict($ip, $attrs['gosaLoginRestriction'])){
$lR[] = $ip;
}
}
$data = array();
foreach($all as $ip){
$data['data'][] = $ip;
- if(!in_array($ip, $this->gosaLoginRestriction)){
+ if(!in_array_strict($ip, $this->gosaLoginRestriction)){
$data['displayData'][] = array('mode' => LIST_MARKED , 'data' => array($ip.' ('._("Entries differ").')'));
}else{
$data['displayData'][] = array('mode' => 0 , 'data' => array($ip));