// Les droits d'accès de l'utilisateur
private static $LSaccess = array();
- // Authentification parameters
- private static $authParams = array();
-
// Les fichiers temporaires
private static $tmp_file = array();
// L'objet de l'utilisateur connecté
private static $LSuserObject = NULL;
+
+ // The LSauht object of the session
+ private static $LSauthObject = false;
+
+ // User LDAP credentials
+ private static $userLDAPcreds = false;
/**
* Include un fichier PHP
* @retval true si tout c'est bien passé, false sinon
*/
public static function includeFile($file) {
- if (!file_exists($file)) {
+ if (file_exists(LS_LOCAL_DIR.'/'.$file)) {
+ $file=LS_LOCAL_DIR.'/'.$file;
+ }
+ elseif (!file_exists($file)) {
return;
}
- if (LSdebug) {
+ if (defined('LSdebug') && constant('LSdebug')) {
return include_once($file);
}
else {
* @retval true si tout c'est bien passé, false sinon
*/
private static function startLStemplate() {
- if ( self :: includeFile(LSconfig :: get('Smarty')) ) {
- $GLOBALS['Smarty'] = new Smarty();
- $GLOBALS['Smarty'] -> template_dir = LS_TEMPLATES_DIR;
- $GLOBALS['Smarty'] -> compile_dir = LS_TMP_DIR;
-
- if (LSdebug) {
- $GLOBALS['Smarty'] -> caching = 0;
- // cache files are always regenerated
- $GLOBALS['Smarty'] -> force_compile = TRUE;
- // recompile template if it is changed
- $GLOBALS['Smarty'] -> compile_check = TRUE;
- if (isset($_REQUEST['debug_smarty'])) {
- // debug smarty
- $GLOBALS['Smarty'] -> debugging = true;
- }
- }
-
- $GLOBALS['Smarty'] -> assign('LS_CSS_DIR',LS_CSS_DIR);
- $GLOBALS['Smarty'] -> assign('LS_IMAGES_DIR',LS_IMAGES_DIR);
-
- self :: addJSconfigParam('LS_IMAGES_DIR',LS_IMAGES_DIR);
- return true;
+ if ( self :: loadLSclass('LStemplate') ) {
+ return LStemplate :: start(
+ array(
+ 'smarty_path' => LSconfig :: get('Smarty'),
+ 'template_dir' => LS_TEMPLATES_DIR,
+ 'image_dir' => LS_IMAGES_DIR,
+ 'css_dir' => LS_CSS_DIR,
+ 'compile_dir' => LS_TMP_DIR,
+ 'debug' => LSdebug,
+ 'debug_smarty' => (isset($_REQUEST['LStemplate_debug'])),
+ )
+ );
}
- die("ERROR : Can't load Smarty.");
- return;
+ return False;
}
/**
if(!self :: loadLSclass('LSerror')) {
return;
}
+ set_error_handler(array('LSerror','errorHandler'),E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED & ~E_WARNING);
self :: defineLSerrors();
return true;
}
if (!LSconfig :: set("LSobjects.$object",$GLOBALS['LSobjects'][$object])) {
$error = 1;
}
+ else if (isset($GLOBALS['LSobjects'][$object]['LSaddons'])){
+ if (is_array($GLOBALS['LSobjects'][$object]['LSaddons'])) {
+ foreach ($GLOBALS['LSobjects'][$object]['LSaddons'] as $addon) {
+ if (!self :: loadLSaddon($addon)) {
+ $error = 1;
+ }
+ }
+ }
+ else {
+ if (!self :: loadLSaddon($GLOBALS['LSobjects'][$object]['LSaddons'])) {
+ $error = 1;
+ }
+ }
+ }
}
if ($error) {
LSerror :: addErrorCode('LSsession_04',$object);
}
/**
+ * Chargement d'une classe d'authentification d'LdapSaisie
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com
+ *
+ * @retval boolean true si le chargement a reussi, false sinon.
+ */
+ public static function loadLSauth() {
+ if (self :: loadLSclass('LSauth')) {
+ return true;
+ }
+ else {
+ LSerror :: addErrorCode('LSsession_05','LSauth');
+ }
+ return;
+ }
+
+ /**
* Chargement des addons LdapSaisie
*
* Chargement des LSaddons contenue dans la variable
bindtextdomain(LS_TEXT_DOMAIN, LS_I18N_DIR);
textdomain(LS_TEXT_DOMAIN);
- if (is_file(LS_I18N_DIR.'/'.$lang.'/lang.php')) {
- include(LS_I18N_DIR.'/'.$lang.'/lang.php');
+ self :: includeFile(LS_I18N_DIR.'/'.$lang.'/lang.php');
+
+ foreach (listFiles(LS_LOCAL_DIR.'/'.LS_I18N_DIR.'/'.$lang,'/^lang.+\.php$/') as $file) {
+ include(LS_LOCAL_DIR.'/'.LS_I18N_DIR."/$lang/$file");
}
}
else {
* @retval boolean True si l'initialisation à réussi, false sinon.
*/
public static function initialize() {
- if (!self :: startLSconfig()) {
- return;
+ try {
+ if (!self :: startLSconfig()) {
+ return;
+ }
+
+ self :: startLSerror();
+ self :: startLStemplate();
+
+ session_start();
+
+ self :: setLocale();
+
+ self :: loadLSaddons();
+ self :: loadLSauth();
+ }
+ catch (Exception $e) {
+ die('LSsession : fail to initialize session. Error : '.$e->getMessage());
}
-
- self :: startLStemplate();
-
- session_start();
-
- self :: setLocale();
-
- self :: startLSerror();
- self :: loadLSaddons();
return true;
}
public static function startLSsession() {
if (!self :: initialize()) {
return;
- }
-
- // Déconnexion
- if (isset($_GET['LSsession_logout'])||isset($_GET['LSsession_recoverPassword'])) {
- session_destroy();
-
- if (is_array($_SESSION['LSsession']['tmp_file'])) {
- self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
- }
- self :: deleteTmpFile();
- unset($_SESSION['LSsession']);
- }
-
- // Récupération de mot de passe
- if (isset($_GET['recoveryHash'])) {
- $_POST['LSsession_user'] = 'a determiner plus tard';
}
- if(isset($_SESSION['LSsession']['dn'])) {
- // Session existante
- self :: $topDn = $_SESSION['LSsession']['topDn'];
- self :: $dn = $_SESSION['LSsession']['dn'];
- self :: $rdn = $_SESSION['LSsession']['rdn'];
- self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
- self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
- self :: $authParams = $_SESSION['LSsession']['authParams'];
+ if(isset($_SESSION['LSsession']['dn']) && !isset($_GET['LSsession_recoverPassword'])) {
+ LSdebug('LSsession : Session existente');
+ // --------------------- Session existante --------------------- //
+ self :: $topDn = $_SESSION['LSsession']['topDn'];
+ self :: $dn = $_SESSION['LSsession']['dn'];
+ self :: $rdn = $_SESSION['LSsession']['rdn'];
+ self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
+ self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
+ self :: $userLDAPcreds = $_SESSION['LSsession']['userLDAPcreds'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId);
+ if (!LSauth :: start()) {
+ LSdebug("LSsession : can't start LSauth -> stop");
+ return;
+ }
self :: $LSprofiles = $_SESSION['LSsession']['LSprofiles'];
self :: $LSaccess = $_SESSION['LSsession']['LSaccess'];
if (!self :: LSldapConnect())
}
else {
self :: setLdapServer(self :: $ldapServerId);
+ if (!LSauth :: start()) {
+ LSdebug("LSsession : can't start LSauth -> stop");
+ return;
+ }
if (!self :: LSldapConnect())
return;
self :: loadLSprofiles();
}
if ( self :: cacheSudDn() && (!isset($_REQUEST['LSsession_refresh'])) ) {
- self :: $_subDnLdapServer = $_SESSION['LSsession_subDnLdapServer'];
+ self :: $_subDnLdapServer = ((isset($_SESSION['LSsession_subDnLdapServer']))?$_SESSION['LSsession_subDnLdapServer']:NULL);
}
if (!self :: loadLSobject(self :: $ldapServer['authObjectType'])) {
return;
}
- self :: getLSuserObject();
+ if (isset($_GET['LSsession_logout'])) {
+ LSauth :: logout();
+ session_destroy();
+
+ if (is_array($_SESSION['LSsession']['tmp_file'])) {
+ self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
+ }
+ self :: deleteTmpFile();
+ unset($_SESSION['LSsession']);
+
+ self :: redirect('index.php');
+ return;
+ }
if ( !self :: cacheLSprofiles() || isset($_REQUEST['LSsession_refresh']) ) {
self :: loadLSaccess();
}
- $GLOBALS['Smarty'] -> assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
+ LStemplate :: assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
- if ($_POST['LSsession_topDn']) {
+ if (isset ($_POST['LSsession_topDn']) && $_POST['LSsession_topDn']) {
if (self :: validSubDnLdapServer($_POST['LSsession_topDn'])) {
self :: $topDn = $_POST['LSsession_topDn'];
$_SESSION['LSsession']['topDn'] = $_POST['LSsession_topDn'];
}
else {
+ // --------------------- Session inexistante --------------------- //
+ if (isset($_GET['LSsession_recoverPassword'])) {
+ session_destroy();
+ }
// Session inexistante
if (isset($_POST['LSsession_ldapserver'])) {
self :: setLdapServer($_POST['LSsession_ldapserver']);
if (self :: LSldapConnect()) {
// topDn
- if ( $_POST['LSsession_topDn'] != '' ){
+ if (isset($_POST['LSsession_topDn']) && $_POST['LSsession_topDn'] != '' ){
self :: $topDn = $_POST['LSsession_topDn'];
}
else {
self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
}
$_SESSION['LSsession_topDn']=self :: $topDn;
-
+
+ if (!LSauth :: start()) {
+ LSdebug("LSsession : can't start LSauth -> stop");
+ return;
+ }
+
if (isset($_GET['LSsession_recoverPassword'])) {
$recoveryPasswordInfos = self :: recoverPasswd(
$_REQUEST['LSsession_user'],
);
}
else {
- if (self :: loadLSclass('LSauth')) {
- if (isset(self :: $ldapServer['LSauth']['method'])) {
- $LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
- if (!self :: loadLSclass($LSauthClass)) {
- LSerror :: addErrorCode('LSsession_08',$LSauthClass);
- $LSauthClass = 'LSauth';
+ $LSuserObject = LSauth :: forceAuthentication();
+ if ($LSuserObject) {
+ // Authentication successful
+ self :: $LSuserObject = $LSuserObject;
+ self :: $dn = $LSuserObject->getValue('dn');
+ self :: $rdn = $LSuserObject->getValue('rdn');
+ if (isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
+ self :: $userLDAPcreds = LSauth :: getLDAPcredentials($LSuserObject);
+ if (!is_array(self :: $userLDAPcreds)) {
+ LSerror :: addErrorCode('LSsession_14');
+ self :: $userLDAPcreds = false;
+ return;
}
- }
- else {
- $LSauthClass = 'LSauth';
- }
-
- $authObj = new $LSauthClass();
- self :: $authParams = $authObj->params;
- if ($authObj -> getPostData()) {
- $LSuserObject = $authObj -> authenticate();
- if ($LSuserObject) {
- // Authentification réussi
- self :: $LSuserObject = $LSuserObject;
- self :: $dn = $LSuserObject->getValue('dn');
- self :: $rdn = $LSuserObject->getValue('rdn');
- self :: loadLSprofiles();
- self :: loadLSaccess();
- $GLOBALS['Smarty'] -> assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
- $_SESSION['LSsession']=self :: getContextInfos();
- return true;
+ if (!LSldap :: reconnectAs(self :: $userLDAPcreds['dn'],self :: $userLDAPcreds['pwd'])) {
+ LSerror :: addErrorCode('LSsession_15');
+ return;
}
}
- }
- else {
- LSerror :: addErrorCode('LSsession_05','LSauth');
+ self :: loadLSprofiles();
+ self :: loadLSaccess();
+ LStemplate :: assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
+ $_SESSION['LSsession']=self :: getContextInfos();
+ return true;
}
}
}
else {
LSerror :: addErrorCode('LSsession_09');
}
+
if (self :: $ldapServerId) {
- $GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
+ LStemplate :: assign('ldapServerId',self :: $ldapServerId);
}
- $GLOBALS['Smarty'] -> assign('topDn',self :: $topDn);
+ LStemplate :: assign('topDn',self :: $topDn);
if (isset($_GET['LSsession_recoverPassword'])) {
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
}
- elseif(self :: $authParams['displayLoginForm']) {
+ elseif(LSauth :: displayLoginForm()) {
self :: displayLoginForm();
}
else {
);
$result = $authobject -> listObjects($filter,self :: $topDn);
}
- else {
+ elseif (!empty($username)) {
$result = $authobject -> searchObject(
$username,
self :: $topDn,
self :: $ldapServer['authObjectFilter']
);
}
+ else {
+ return $recoveryPasswordInfos;
+ }
$nbresult=count($result);
'topDn' => self :: $topDn,
'dn' => self :: $dn,
'rdn' => self :: $rdn,
+ 'userLDAPcreds' => self :: $userLDAPcreds,
'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles,
- 'LSaccess' => self :: $LSaccess,
- 'authParams' => self :: $authParams
+ 'LSaccess' => self :: $LSaccess
);
}
self :: $ldapServerId = $id;
self :: $ldapServer = $conf;
self :: setLocale();
+ self :: setGlobals();
return true;
}
else {
if (!self :: loadLSclass('LSldap')) {
return;
}
- LSldap :: connect(self :: $ldapServer['ldap_config']);
+ if (self :: $dn && isset(self :: $ldapServer['useUserCredentials']) && self :: $ldapServer['useUserCredentials']) {
+ LSldap :: reconnectAs(self :: $userLDAPcreds['dn'], self :: $userLDAPcreds['pwd'],self :: $ldapServer['ldap_config']);
+ }
+ else {
+ LSldap :: connect(self :: $ldapServer['ldap_config']);
+ }
if (LSldap :: isConnected()) {
return true;
}
*
* @retval mixed Tableau des subDn, false si une erreur est survenue.
*/
- public static function getSubDnLdapServer() {
- if (self :: cacheSudDn() && isset(self :: $_subDnLdapServer[self :: $ldapServerId])) {
- return self :: $_subDnLdapServer[self :: $ldapServerId];
+ public static function getSubDnLdapServer($login=false) {
+ $login=(bool)$login;
+ if (self :: cacheSudDn() && isset(self :: $_subDnLdapServer[self :: $ldapServerId][$login])) {
+ return self :: $_subDnLdapServer[self :: $ldapServerId][$login];
}
if (!self::subDnIsEnabled()) {
return;
}
$return=array();
foreach(self :: $ldapServer['subDn'] as $subDn_name => $subDn_config) {
+ if ($login && isset($subDn_config['nologin']) && $subDn_config['nologin']) continue;
if ($subDn_name == 'LSobject') {
if (is_array($subDn_config)) {
foreach($subDn_config as $LSobject_name => $LSoject_config) {
- if ($LSoject_config['basedn']) {
+ if (isset($LSoject_config['basedn']) && !empty($LSoject_config['basedn'])) {
$basedn = $LSoject_config['basedn'];
}
else {
$basedn = self::getRootDn();
}
- if ($LSoject_config['displayName']) {
+ if (isset($LSoject_config['displayName']) && !empty($LSoject_config['displayName'])) {
$displayName = $LSoject_config['displayName'];
}
else {
}
}
if (self :: cacheSudDn()) {
- self :: $_subDnLdapServer[self :: $ldapServerId]=$return;
+ self :: $_subDnLdapServer[self :: $ldapServerId][$login]=$return;
$_SESSION['LSsession_subDnLdapServer'] = self :: $_subDnLdapServer;
}
return $return;
*
* @return array() Tableau des subDn trié
*/
- public static function getSortSubDnLdapServer() {
- $subDnLdapServer = self :: getSubDnLdapServer();
+ public static function getSortSubDnLdapServer($login=false) {
+ $subDnLdapServer = self :: getSubDnLdapServer($login);
if (!$subDnLdapServer) {
return array();
}
*
* @retval string Les options (<option>) pour la sélection du topDn.
*/
- public static function getSubDnLdapServerOptions($selected=NULL) {
- $list = self :: getSubDnLdapServer();
+ public static function getSubDnLdapServerOptions($selected=NULL,$login=false) {
+ $list = self :: getSubDnLdapServer($login);
if ($list) {
asort($list);
$display='';
* @retval void
*/
public static function displayLoginForm() {
- $GLOBALS['Smarty'] -> assign('pagetitle',_('Connection'));
+ LStemplate :: assign('pagetitle',_('Connection'));
if (isset($_GET['LSsession_logout'])) {
- $GLOBALS['Smarty'] -> assign('loginform_action','index.php');
+ LStemplate :: assign('loginform_action','index.php');
}
else {
- $GLOBALS['Smarty'] -> assign('loginform_action',$_SERVER['REQUEST_URI']);
+ LStemplate :: assign('loginform_action',$_SERVER['REQUEST_URI']);
}
if (count(LSconfig :: get('ldap_servers'))==1) {
- $GLOBALS['Smarty'] -> assign('loginform_ldapserver_style','style="display: none"');
+ LStemplate :: assign('loginform_ldapserver_style','style="display: none"');
}
- $GLOBALS['Smarty'] -> assign('loginform_label_ldapserver',_('LDAP server'));
+ LStemplate :: assign('loginform_label_ldapserver',_('LDAP server'));
$ldapservers_name=array();
$ldapservers_index=array();
foreach(LSconfig :: get('ldap_servers') as $id => $infos) {
$ldapservers_index[]=$id;
$ldapservers_name[]=__($infos['name']);
}
- $GLOBALS['Smarty'] -> assign('loginform_ldapservers_name',$ldapservers_name);
- $GLOBALS['Smarty'] -> assign('loginform_ldapservers_index',$ldapservers_index);
+ LStemplate :: assign('loginform_ldapservers_name',$ldapservers_name);
+ LStemplate :: assign('loginform_ldapservers_index',$ldapservers_index);
- $GLOBALS['Smarty'] -> assign('loginform_label_level',_('Level'));
- $GLOBALS['Smarty'] -> assign('loginform_label_user',_('Identifier'));
- $GLOBALS['Smarty'] -> assign('loginform_label_pwd',_('Password'));
- $GLOBALS['Smarty'] -> assign('loginform_label_submit',_('Connect'));
- $GLOBALS['Smarty'] -> assign('loginform_label_recoverPassword',_('Forgot your password ?'));
+ LStemplate :: assign('loginform_label_level',_('Level'));
+ LStemplate :: assign('loginform_label_user',_('Identifier'));
+ LStemplate :: assign('loginform_label_pwd',_('Password'));
+ LStemplate :: assign('loginform_label_submit',_('Connect'));
+ LStemplate :: assign('loginform_label_recoverPassword',_('Forgot your password ?'));
self :: setTemplate('login.tpl');
self :: addJSscript('LSsession_login.js');
* @retval void
*/
public static function displayRecoverPasswordForm($recoveryPasswordInfos) {
- $GLOBALS['Smarty'] -> assign('pagetitle',_('Recovery of your credentials'));
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_action','index.php?LSsession_recoverPassword');
+ LStemplate :: assign('pagetitle',_('Recovery of your credentials'));
+ LStemplate :: assign('recoverpasswordform_action','index.php?LSsession_recoverPassword');
if (count(LSconfig :: get('ldap_servers'))==1) {
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_ldapserver_style','style="display: none"');
+ LStemplate :: assign('recoverpasswordform_ldapserver_style','style="display: none"');
}
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_label_ldapserver',_('LDAP server'));
+ LStemplate :: assign('recoverpasswordform_label_ldapserver',_('LDAP server'));
$ldapservers_name=array();
$ldapservers_index=array();
foreach(LSconfig :: get('ldap_servers') as $id => $infos) {
$ldapservers_index[]=$id;
$ldapservers_name[]=$infos['name'];
}
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_ldapservers_name',$ldapservers_name);
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_ldapservers_index',$ldapservers_index);
+ LStemplate :: assign('recoverpasswordform_ldapservers_name',$ldapservers_name);
+ LStemplate :: assign('recoverpasswordform_ldapservers_index',$ldapservers_index);
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_label_user',_('Identifier'));
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_label_submit',_('Validate'));
- $GLOBALS['Smarty'] -> assign('recoverpasswordform_label_back',_('Back'));
+ LStemplate :: assign('recoverpasswordform_label_user',_('Identifier'));
+ LStemplate :: assign('recoverpasswordform_label_submit',_('Validate'));
+ LStemplate :: assign('recoverpasswordform_label_back',_('Back'));
$recoverpassword_msg = _('Please fill the identifier field to proceed recovery procedure');
);
}
- $GLOBALS['Smarty'] -> assign('recoverpassword_msg',$recoverpassword_msg);
+ LStemplate :: assign('recoverpassword_msg',$recoverpassword_msg);
self :: setTemplate('recoverpassword.tpl');
self :: addJSscript('LSsession_recoverPassword.js');
/**
* Ajoute une feuille de style au chargement de la page
*
- * Remarque : les scripts doivents être dans le dossier LS_CSS_DIR.
- *
* @param[in] $script Le nom du fichier css à charger.
*
* @retval void
*/
public static function addCssFile($file,$path=NULL) {
- $cssFile=array(
- 'file' => $file,
- 'path' => $path
- );
- self :: $CssFiles[$path.$file]=$cssFile;
+ if ($path) {
+ $file = $path.$file;
+ }
+ else {
+ $file = LStemplate :: getCSSPath($file);
+ }
+ self :: $CssFiles[$file]=$file;
}
/**
self :: addJSconfigParam('keepLSsessionActive',ini_get('session.gc_maxlifetime'));
}
- $GLOBALS['Smarty'] -> assign('LSjsConfig',json_encode(self :: $_JSconfigParams));
+ LStemplate :: assign('LSjsConfig',json_encode(self :: $_JSconfigParams));
if (LSdebug) {
$JSscript_txt.="<script type='text/javascript'>LSdebug_active = 1;</script>\n";
$JSscript_txt.="<script type='text/javascript'>LSdebug_active = 0;</script>\n";
}
- $GLOBALS['Smarty'] -> assign('LSsession_js',$JSscript_txt);
+ LStemplate :: assign('LSsession_js',$JSscript_txt);
// Css
self :: addCssFile("LSdefault.css");
+ if (isset($GLOBALS['defaultCSSfiles']) && is_array($GLOBALS['defaultCSSfiles'])) {
+ foreach ($GLOBALS['defaultCSSfiles'] as $file) {
+ self :: addCssFile($file);
+ }
+ }
$Css_txt='';
foreach (self :: $CssFiles as $file) {
- if (!$file['path']) {
- $file['path']=LS_CSS_DIR.'/';
- }
- $Css_txt.="<link rel='stylesheet' type='text/css' href='".$file['path'].$file['file']."' />\n";
+ $Css_txt.="<link rel='stylesheet' type='text/css' href='".$file."' />\n";
}
- $GLOBALS['Smarty'] -> assign('LSsession_css',$Css_txt);
+ LStemplate :: assign('LSsession_css',$Css_txt);
if (isset(self :: $LSaccess[self :: $topDn])) {
- $GLOBALS['Smarty'] -> assign('LSaccess',self :: $LSaccess[self :: $topDn]);
+ LStemplate :: assign('LSaccess',self :: $LSaccess[self :: $topDn]);
}
// Niveau
$listTopDn = self :: getSubDnLdapServer();
if (is_array($listTopDn)) {
asort($listTopDn);
- $GLOBALS['Smarty'] -> assign('label_level',self :: getSubDnLabel());
- $GLOBALS['Smarty'] -> assign('_refresh',_('Refresh'));
+ LStemplate :: assign('label_level',self :: getSubDnLabel());
+ LStemplate :: assign('_refresh',_('Refresh'));
$LSsession_topDn_index = array();
$LSsession_topDn_name = array();
foreach($listTopDn as $index => $name) {
$LSsession_topDn_index[] = $index;
$LSsession_topDn_name[] = $name;
}
- $GLOBALS['Smarty'] -> assign('LSsession_subDn_indexes',$LSsession_topDn_index);
- $GLOBALS['Smarty'] -> assign('LSsession_subDn_names',$LSsession_topDn_name);
- $GLOBALS['Smarty'] -> assign('LSsession_subDn',self :: $topDn);
- $GLOBALS['Smarty'] -> assign('LSsession_subDnName',self :: getSubDnName());
+ LStemplate :: assign('LSsession_subDn_indexes',$LSsession_topDn_index);
+ LStemplate :: assign('LSsession_subDn_names',$LSsession_topDn_name);
+ LStemplate :: assign('LSsession_subDn',self :: $topDn);
+ LStemplate :: assign('LSsession_subDnName',self :: getSubDnName());
}
- $GLOBALS['Smarty'] -> assign('LSlanguages',self :: getLangList());
- $GLOBALS['Smarty'] -> assign('LSlang',self :: $lang);
- $GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
- $GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
+ LStemplate :: assign('LSlanguages',self :: getLangList());
+ LStemplate :: assign('LSlang',self :: $lang);
+ LStemplate :: assign('LSencoding',self :: $encoding);
+ LStemplate :: assign('lang_label',_('Language'));
- $GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
+ LStemplate :: assign('displayLogoutBtn',LSauth :: displayLogoutBtn());
+ LStemplate :: assign('displaySelfAccess',LSauth :: displaySelfAccess());
// Infos
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
$txt_infos.="<li>$info</li>\n";
}
$txt_infos.="</ul>\n";
- $GLOBALS['Smarty'] -> assign('LSinfos',$txt_infos);
+ LStemplate :: assign('LSinfos',$txt_infos);
$_SESSION['LSsession_infos']=array();
}
if (self :: $ajaxDisplay) {
- $GLOBALS['Smarty'] -> assign('LSerror_txt',LSerror :: getErrors());
- $GLOBALS['Smarty'] -> assign('LSdebug_txt',LSdebug_print(true));
+ LStemplate :: assign('LSerror_txt',LSerror :: getErrors());
+ LStemplate :: assign('LSdebug_txt',LSdebug_print(true));
}
else {
LSerror :: display();
if (!self :: $template)
self :: setTemplate('empty.tpl');
- $GLOBALS['Smarty'] -> assign('connected_as',_("Connected as"));
+ LStemplate :: assign('connected_as',_("Connected as"));
- $GLOBALS['Smarty'] -> display(self :: $template);
+ LStemplate :: display(self :: $template);
}
/**
*/
public static function fetchTemplate($template,$variables=array()) {
foreach($variables as $name => $val) {
- $GLOBALS['Smarty'] -> assign($name,$val);
+ LStemplate :: assign($name,$val);
}
- return $GLOBALS['Smarty'] -> fetch($template);
+ return LStemplate :: fetch($template);
}
/**
+ * Prend un tableau de LSobject et le réduit en utilisant un filtre de
+ * recherche sur un autre type de LSobject.
+ *
+ * Si une erreur est présente dans le tableau de définition du filtre, un
+ * tableau vide est renvoyé.
+ *
+ * @param[in] string $LSobject le type LSobject par défaut
+ * @param[in] array $set tableau de LSobject
+ * @param[in] array $filter_def définition du filtre de recherche pour la réduction
+ * @param[in] string $basend basedn pour la recherche, null par défaut
+ *
+ * @retval array le nouveau tableau de LSobject
+ */
+ private static function reduceLdapSet($LSobject, $set, $filter_def, $basedn=null) {
+ if (empty($set)) {
+ return array();
+ }
+
+ if (! isset($filter_def['filter']) &&
+ (! isset($filter_def['attr']) ||
+ ! isset($filter_def['attr_value']))) {
+ LSdebug("Filtre de profil LSobject invalide " . var_export($filter_def, true));
+ return array();
+ }
+
+ LSdebug('LSsession :: reducing set of');
+ foreach ($set as $object) {
+ LSdebug('LSsession :: -> ' . $object -> getDn());
+ }
+
+ $LSobject = isset($filter_def['LSObject']) ? $filter_def['LSobject'] : $LSobject;
+ LSdebug('LSobject :: ' . $LSobject);
+ $filters = array();
+ foreach ($set as $object) {
+ if (isset($filter_def['filter'])) {
+ $filters[] = $object -> getFData($filter_def['filter']);
+ }
+ else {
+ $value = $object -> getFData($filter_def['attr_value']);
+ $filters[] = Net_LDAP2_Filter::create($filter_def['attr'], 'equals', $value);
+ }
+ }
+ $filter = LSldap::combineFilters('or', $filters);
+ $params = array(
+ 'basedn' => isset($filter_def['basedn']) ? $filter_def['basedn'] : $basedn,
+ 'filter' => $filter,
+ );
+ if (isset($filter_def['params']) && is_array($filter_def['params'])) {
+ $params = array_merge($filter_def['params'],$params);
+ }
+ $LSsearch = new LSsearch($LSobject,'LSsession :: loadLSprofiles',$params,true);
+ $LSsearch -> run(false);
+
+ $set = $LSsearch -> listObjects();
+ LSdebug('LSsession :: reduced set to');
+ foreach ($set as $object) {
+ LSdebug('LSsession :: -> ' . $object -> getDn());
+ }
+ return $set;
+ }
+
+ /**
+ * Charge les droits LS de l'utilisateur : uniquement du type LSobjects
+ *
+ * @param[in] string $
+ *
+ * @retval void
+ */
+ private static function loadLSprofilesLSobjects($profile, $LSobject, $listInfos) {
+ if (! self :: loadLSclass('LSsearch')) {
+ LSdebug('Impossible de charger la classe LSsearch');
+ return;
+ }
+ # we are gonna grow a set of objects progressively, we start from the user
+ $set = array(self :: getLSuserObject());
+ $basedn = isset($listInfos['basedn']) ? $listInfos['basedn'] : null;
+ $LSobject = isset($listInfos['LSobject']) ? $listInfos['LSobject'] : $LSobject;
+
+ if (isset($listInfos['filters']) && is_array($listInfos['filters'])) {
+ foreach ($listInfos['filters'] as $filter_def) {
+ $set = self :: reduceLdapSet($LSobject, $set, $filter_def, $basedn);
+ }
+ }
+ if (isset($listInfos['filter']) || (isset($listInfos['attr']) && isset($listInfos['attr_value']))) {
+ # support legacy profile definition
+ $set = self :: reduceLdapSet($LSobject, $set, $listInfos, $basedn);
+ }
+
+ $DNs = [];
+ foreach ($set as $object) {
+ $DNs[] = $object -> getDn();
+ }
+ if (!is_array(self :: $LSprofiles[$profile])) {
+ self :: $LSprofiles[$profile]=$DNs;
+ }
+ else {
+ foreach($DNs as $dn) {
+ if (!in_array($dn,self :: $LSprofiles[$profile])) {
+ self :: $LSprofiles[$profile][] = $dn;
+ }
+ }
+ }
+ }
+
+ /**
* Charge les droits LS de l'utilisateur
*
* @retval boolean True si le chargement à réussi, false sinon.
if ($topDn == 'LSobjects') {
if (is_array($rightsInfos)) {
foreach ($rightsInfos as $LSobject => $listInfos) {
- if (self :: loadLSclass('LSsearch')) {
- if ($listInfos['filter']) {
- $filter = self :: getLSuserObject() -> getFData($listInfos['filter']);
- }
- else {
- $filter = '('.$listInfos['attr'].'='.self :: getLSuserObject() -> getFData($listInfos['attr_value']).')';
- }
-
- $params = array (
- 'basedn' => $listInfos['basedn'],
- 'filter' => $filter
- );
-
- if (is_array($listInfos['params'])) {
- $params = array_merge($listInfos['params'],$params);
- }
-
- $LSsearch = new LSsearch($LSobject,'LSsession :: loadLSprofiles',$params,true);
- $LSsearch -> run(false);
-
- $LSprofiles[$profile] = $LSsearch -> listObjectsDn();
- }
+ LSdebug('loading LSprofile ' . $profile . ' for LSobject ' . $LSobject . ' with params ' . var_export($listInfos, true));
+ self :: loadLSprofilesLSobjects($profile, $LSobject, $listInfos);
}
}
else {
*/
private static function loadLSaccess() {
$LSaccess=array();
- if (is_array(self :: $ldapServer['subDn'])) {
+ if (isset(self :: $ldapServer['subDn']) && is_array(self :: $ldapServer['subDn'])) {
foreach(self :: $ldapServer['subDn'] as $name => $config) {
if ($name=='LSobject') {
if (is_array($config)) {
$LSaccess[self :: $topDn] = $access;
}
}
- foreach($LSaccess as $dn => $access) {
- $LSaccess[$dn] = array_merge(
- array(
- 'SELF' => 'My account'
- ),
- $access
- );
+ if (LSauth :: displaySelfAccess()) {
+ foreach($LSaccess as $dn => $access) {
+ $LSaccess[$dn] = array_merge(
+ array(
+ 'SELF' => 'My account'
+ ),
+ $access
+ );
+ }
}
-
self :: $LSaccess = $LSaccess;
$_SESSION['LSsession']['LSaccess'] = $LSaccess;
}
if (($right=='r')||($right=='w')) {
foreach($whoami as $who) {
foreach ($attrs_conf as $attr_name => $attr_config) {
- if ($attr_config['rights'][$who]==$right) {
+ if (isset($attr_config['rights'][$who]) && $attr_config['rights'][$who]==$right) {
return true;
}
}
else {
foreach($whoami as $who) {
foreach ($attrs_conf as $attr_name => $attr_config) {
- if ( ($attr_config['rights'][$who]=='r') || ($attr_config['rights'][$who]=='w') ) {
+ if ( (isset($attr_config['rights'][$who])) && ( ($attr_config['rights'][$who]=='r') || ($attr_config['rights'][$who]=='w') ) ) {
return true;
}
}
* @retval boolean True si l'utilisateur a accès, false sinon
*/
public static function canCreate($LSobject) {
+ if (!self :: loadLSobject($LSobject)) {
+ return;
+ }
+ if (LSconfig :: get("LSobjects.$LSobject.disable_creation")) {
+ return;
+ }
return self :: canAccess($LSobject,NULL,'w','rdn');
}
if (($right=='w') || ($right=='r')) {
$r = 'n';
foreach($whoami as $who) {
- $nr = $relConf['rights'][$who];
+ $nr = ((isset($relConf['rights'][$who]))?$relConf['rights'][$who]:'');
if($nr == 'w') {
$r = 'w';
}
}
else {
foreach($whoami as $who) {
- if (($relConf['rights'][$who] == 'w') || ($relConf['rights'][$who] == 'r')) {
+ if ((isset($relConf['rights'][$who])) && ( ($relConf['rights'][$who] == 'w') || ($relConf['rights'][$who] == 'r') ) ) {
return true;
}
}
}
/**
+ * Retourne le droit de l'utilisateur a executer une customAction
+ *
+ * @param[in] string $dn Le DN de l'objet
+ * @param[in] string $LSobject Le type de l'objet
+ * @param[in] string $customActionName Le nom de la customAction
+ *
+ * @retval boolean True si l'utilisateur peut executer cette customAction, false sinon
+ */
+ public static function canExecuteCustomAction($dn,$LSobject,$customActionName) {
+ $conf=LSconfig :: get('LSobjects.'.$LSobject.'.customActions.'.$customActionName);
+ if (!is_array($conf))
+ return;
+ $whoami = self :: whoami($dn);
+
+ if (isset($conf['rights']) && is_array($conf['rights'])) {
+ foreach($whoami as $who) {
+ if (in_array($who,$conf['rights'])) {
+ return True;
+ }
+ }
+ }
+
+ return;
+ }
+
+ /**
+ * Retourne le droit de l'utilisateur a executer une customAction
+ * sur une recherche
+ *
+ * @param[in] string $LSsearch L'objet LSsearch
+ * @param[in] string $customActionName Le nom de la customAction
+ *
+ * @retval boolean True si l'utilisateur peut executer cette customAction, false sinon
+ */
+ public static function canExecuteLSsearchCustomAction($LSsearch,$customActionName) {
+ $conf=LSconfig :: get('LSobjects.'.$LSsearch -> LSobject.'.LSsearch.customActions.'.$customActionName);
+ if (!is_array($conf))
+ return;
+ $dn=$LSsearch -> basedn;
+ if (is_null($dn)) $dn=self::getTopDn();
+
+ $whoami = self :: whoami($dn);
+
+ if (isset($conf['rights']) && is_array($conf['rights'])) {
+ foreach($whoami as $who) {
+ if (in_array($who,$conf['rights'])) {
+ return True;
+ }
+ }
+ }
+
+ return;
+ }
+
+ /**
* Ajoute un fichier temporaire
*
* @author Benjamin Renard <brenard@easter-eggs.com>
if (!$subDn) {
$subDn = self :: $topDn;
}
- if (self :: getSubDnLdapServer()) {
- if (isset(self :: $_subDnLdapServer[self :: $ldapServerId][$subDn])) {
- return self :: $_subDnLdapServer[self :: $ldapServerId][$subDn];
+ if (self :: getSubDnLdapServer(false)) {
+ if (isset(self :: $_subDnLdapServer[self :: $ldapServerId][false][$subDn])) {
+ return self :: $_subDnLdapServer[self :: $ldapServerId][false][$subDn];
}
}
return '';
*/
public static function isSubDnLSobject($type) {
$result = false;
- if (is_array(self :: $ldapServer['subDn']['LSobject'])) {
+ if (isset(self :: $ldapServer['subDn']['LSobject']) && is_array(self :: $ldapServer['subDn']['LSobject'])) {
foreach(self :: $ldapServer['subDn']['LSobject'] as $key => $value) {
if ($key==$type) {
$result=true;
* @retval boolean true si le serveur LDAP courant a des subDn, false sinon
*/
public static function haveSubDn() {
- return (is_array(self :: $ldapServer['subDn']));
+ return (isset(self :: $ldapServer['subDn']) && is_array(self :: $ldapServer['subDn']));
}
/**
* @retval void
*/
public static function redirect($url,$exit=true) {
- $GLOBALS['Smarty'] -> assign('url',$url);
- $GLOBALS['Smarty'] -> display('redirect.tpl');
+ LStemplate :: assign('url',$url);
+ LStemplate :: display('redirect.tpl');
if ($exit) {
exit();
}
*/
public static function addHelpInfos($group,$infos) {
if (is_array($infos)) {
- if (is_array(self :: $_JSconfigParams['helpInfos'][$group])) {
+ if (isset(self :: $_JSconfigParams['helpInfos'][$group]) && is_array(self :: $_JSconfigParams['helpInfos'][$group])) {
self :: $_JSconfigParams['helpInfos'][$group] = array_merge(self :: $_JSconfigParams['helpInfos'][$group],$infos);
}
else {
LSerror :: defineError('LSsession_12',
_("LSsession : Some informations are missing to display this page.")
);
- // 13 -> 16 : not yet used
+ LSerror :: defineError('LSsession_13',
+ _("LSsession : The function of the custom action %{name} does not exists or is not configured.")
+ );
+ LSerror :: defineError('LSsession_14',
+ _("LSsession : Fail to retreive user's LDAP credentials from LSauth.")
+ );
+ LSerror :: defineError('LSsession_15',
+ _("LSsession : Fail to reconnect to LDAP server with user's LDAP credentials.")
+ );
+ LSerror :: defineError('LSsession_16',
+ _("LSsession : No import/export format define for this object type.")
+ );
LSerror :: defineError('LSsession_17',
_("LSsession : Error during creation of list of levels. Contact administrators. (Code : %{code})")
);
LSerror :: defineError('LSsession_20',
_("LSsession : Error during password recovery. Contact administrators.(Step : %{step})")
);
- // 21 : not yet used
+ LSerror :: defineError('LSsession_21',
+ _("LSsession : call function %{func} do not provided from LSaddon %{addon}.")
+ );
LSerror :: defineError('LSsession_22',
_("LSsession : problem during initialisation.")
);
self :: setLdapServer($_REQUEST['server']);
$data = array();
if ( self :: LSldapConnect() ) {
- session_start();
+ if (session_id()=="") session_start();
if (isset($_SESSION['LSsession_topDn'])) {
$sel = $_SESSION['LSsession_topDn'];
}
else {
$sel = NULL;
}
- $list = self :: getSubDnLdapServerOptions($sel);
+ $list = self :: getSubDnLdapServerOptions($sel,true);
if (is_string($list)) {
$data['list_topDn'] = "<select name='LSsession_topDn' id='LSsession_topDn'>".$list."</select>";
$data['subDnLabel'] = self :: getSubDnLabel();
$data=array('recoverPassword' => isset(self :: $ldapServer['recoverPassword']));
}
}
+
+ /**
+ * Set globals from the ldap server
+ *
+ * @retval void
+ */
+ public static function setGlobals() {
+ if ( isset(self :: $ldapServer['globals'])) {
+ foreach(self :: $ldapServer['globals'] as $key => $value) {
+ $GLOBALS[$key] = $value;
+ }
+ }
+ }
}
?>
projects / ldapsaisie.git / blobdiff