X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=2262718feee29e28c1302b785ac85c3c0d73e246;hb=b130a469e86d937a382fac5864219c190f2a6e36;hp=fda4672ef5937a3495d71aaf474856750fb53c9f;hpb=9b2c394c2529291ab3295e5892e184c824b31220;p=gosa.git diff --git a/include/functions.inc b/include/functions.inc index fda4672ef..2262718fe 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -295,12 +295,8 @@ function ldap_init ($server, $base, $binddn='', $pass='') /* Sadly we've no proper return values here. Use the error message instead. */ if (!preg_match("/Success/i", $ldap->error)){ - print_red(sprintf(_("Error when connecting the LDAP. Server said '%s'."), - $ldap->get_error())); - echo $_SESSION['errors']; - - /* Hard error. We'd like to use the LDAP, anyway... */ - exit; + echo sprintf(_("FATAL: Error when connecting the LDAP. Server said '%s'."), $ldap->get_error()); + exit(); } /* Preset connection base to $base and return to caller */ @@ -317,8 +313,10 @@ function ldap_login_user ($username, $password) $ldap = $config->get_ldap_link(); if (!preg_match("/Success/i", $ldap->error)){ print_red(sprintf(_("User login failed. LDAP server said '%s'."), $ldap->get_error())); - echo $_SESSION['errors']; - exit; + $smarty= get_smarty(); + $smarty->display(get_template_path('headers.tpl')); + echo "".$_SESSION['errors'].""; + exit(); } $ldap->cd($config->current['BASE']); $ldap->search("(&(uid=$username)(objectClass=gosaAccount))", array("uid")); @@ -367,6 +365,100 @@ function ldap_login_user ($username, $password) } +function ldap_expired_account($config, $userdn, $username) +{ + $this->config= $config; + $ldap= $this->config->get_ldap_link(); + $ldap->cat($userdn); + $attrs= $ldap->fetch(); + + /* default value no errors */ + $expired = 0; + + $sExpire = 0; + $sLastChange = 0; + $sMax = 0; + $sMin = 0; + $sInactive = 0; + $sWarning = 0; + + $current= date("U"); + + $current= floor($current /60 /60 /24); + + /* special case of the admin, should never been locked */ + /* FIXME should allow any name as user admin */ + if($username != "admin") + { + + if(isset($attrs['shadowExpire'][0])){ + $sExpire= $attrs['shadowExpire'][0]; + } else { + $sExpire = 0; + } + + if(isset($attrs['shadowLastChange'][0])){ + $sLastChange= $attrs['shadowLastChange'][0]; + } else { + $sLastChange = 0; + } + + if(isset($attrs['shadowMax'][0])){ + $sMax= $attrs['shadowMax'][0]; + } else { + $smax = 0; + } + + if(isset($attrs['shadowMin'][0])){ + $sMin= $attrs['shadowMin'][0]; + } else { + $sMin = 0; + } + + if(isset($attrs['shadowInactive'][0])){ + $sInactive= $attrs['shadowInactive'][0]; + } else { + $sInactive = 0; + } + + if(isset($attrs['shadowWarning'][0])){ + $sWarning= $attrs['shadowWarning'][0]; + } else { + $sWarning = 0; + } + + /* is the account locked */ + /* shadowExpire + shadowInactive (option) */ + if($sExpire >0){ + if($current >= ($sExpire+$sInactive)){ + return(1); + } + } + + /* the user should be warned to change is password */ + if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ + if (($sExpire - $current) < $sWarning){ + return(2); + } + } + + /* force user to change password */ + if(($sLastChange >0) && ($sMax) >0){ + if($current >= ($sLastChange+$sMax)){ + return(3); + } + } + + /* the user should not be able to change is password */ + if(($sLastChange >0) && ($sMin >0)){ + if (($sLastChange + $sMin) >= $current){ + return(4); + } + } + } + return($expired); +} + function add_lock ($object, $user) { global $config;