| author | Dan Fuhry <dan@fuhry.us> |
| Fri, 11 Jan 2013 05:41:41 -0500 | |
| changeset 4 | 2212b2ded8bf |
| parent 0 | 3906ca745819 |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
2 |
||
|
4
2212b2ded8bf
Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents:
0
diff
changeset
|
3 |
define('NEED_ADMIN', 1);
|
| 0 | 4 |
require('includes/starthere.php');
|
5 |
||
6 |
// POSTed actions |
|
7 |
if ( !empty($_SERVER['PATH_INFO']) ) |
|
8 |
{
|
|
9 |
$pi = explode('/', trim($_SERVER['PATH_INFO'], '/'));
|
|
10 |
switch($pi[0]) |
|
11 |
{
|
|
12 |
case 'disable': |
|
13 |
if ( !isset($pi[1]) ) |
|
14 |
break; |
|
15 |
||
16 |
$user =& $pi[1]; |
|
17 |
$userinfo = ldap_get_user($user); |
|
18 |
if ( !$userinfo ) |
|
19 |
break; |
|
20 |
||
21 |
disable_user($user); |
|
22 |
||
23 |
queue_message(E_NOTICE, "{$userinfo['cn']}'s account was disabled.");
|
|
24 |
break; |
|
25 |
case 'enable': |
|
26 |
if ( !isset($pi[1]) ) |
|
27 |
break; |
|
28 |
||
29 |
$user =& $pi[1]; |
|
30 |
$userinfo = ldap_get_user($user); |
|
31 |
if ( !$userinfo ) |
|
32 |
break; |
|
33 |
||
34 |
enable_user($user); |
|
35 |
||
36 |
queue_message(E_NOTICE, "{$userinfo['cn']}'s account was enabled.");
|
|
37 |
break; |
|
38 |
case 'delete': |
|
39 |
if ( !isset($pi[1]) ) |
|
40 |
break; |
|
41 |
||
42 |
$user =& $pi[1]; |
|
43 |
$userinfo = ldap_get_user($user); |
|
44 |
if ( !$userinfo ) |
|
45 |
break; |
|
46 |
||
47 |
delete_user($user); |
|
48 |
||
49 |
queue_message(E_NOTICE, "{$userinfo['cn']}'s account was deleted.");
|
|
50 |
break; |
|
51 |
case 'create': |
|
52 |
||
53 |
if ( empty($_POST) ) |
|
54 |
{
|
|
55 |
queue_message(E_ERROR, "Bad request"); |
|
56 |
break; |
|
57 |
} |
|
58 |
||
59 |
// basic re-validation |
|
60 |
if ( $_POST['password'] !== $_POST['password_confirm'] ) |
|
61 |
{
|
|
62 |
queue_message(E_ERROR, "Passwords do not match"); |
|
63 |
break; |
|
64 |
} |
|
65 |
||
66 |
if ( empty($_POST['cn']) ) |
|
67 |
$_POST['cn'] = "{$_POST['givenName']} {$_POST['surname']}";
|
|
68 |
||
69 |
if ( empty($_POST['uid']) ) |
|
70 |
$_POST['uid'] = sprintf("%s%s", strtolower($_POST['givenName']{0}), strtolower(preg_replace('/[^A-Za-z0-9]/', '', $_POST['surname'])));
|
|
71 |
||
72 |
if ( create_user($_POST['uid'], $_POST['password'], $_POST['givenName'], $_POST['surname'], $_POST['cn'], $_POST['title']) ) |
|
73 |
queue_message(E_NOTICE, "{$_POST['cn']}'s account has been created!");
|
|
74 |
else |
|
75 |
queue_message(E_ERROR, "Failed to create account"); |
|
76 |
||
77 |
break; |
|
78 |
case 'resetpw': |
|
79 |
||
80 |
if ( empty($_POST) ) |
|
81 |
{
|
|
82 |
queue_message(E_ERROR, "Bad request"); |
|
83 |
break; |
|
84 |
} |
|
85 |
||
86 |
// basic re-validation |
|
87 |
if ( $_POST['password'] !== $_POST['password_confirm'] || empty($_POST['uid']) ) |
|
88 |
{
|
|
89 |
queue_message(E_ERROR, "Passwords do not match"); |
|
90 |
break; |
|
91 |
} |
|
92 |
||
93 |
$userinfo = ldap_get_user($_POST['uid']); |
|
94 |
if ( !$userinfo ) |
|
95 |
break; |
|
96 |
||
97 |
if ( reset_password($_POST['uid'], $_POST['password']) ) |
|
98 |
queue_message(E_NOTICE, "{$userinfo['cn']}'s password has been reset.");
|
|
99 |
else |
|
100 |
queue_message(E_ERROR, "Failed to reset password"); |
|
101 |
||
102 |
break; |
|
103 |
||
104 |
case 'edit': |
|
105 |
if ( !isset($pi[1]) ) |
|
106 |
break; |
|
107 |
||
108 |
$user =& $pi[1]; |
|
109 |
$userinfo = ldap_get_user($user); |
|
110 |
if ( !$userinfo ) |
|
111 |
break; |
|
112 |
||
113 |
if ( !empty($_POST) ) |
|
114 |
{
|
|
115 |
if ( ldap_update_user($user, $_POST['entry']) ) |
|
116 |
{
|
|
117 |
queue_message(E_NOTICE, "Updated user \"{$_POST['entry']['cn'][0]}\".");
|
|
118 |
redirect('/users');
|
|
119 |
} |
|
120 |
} |
|
121 |
||
122 |
display_template('useredit', array(
|
|
123 |
'this_user' => $userinfo |
|
124 |
, 'readonly' => $ldap_readonly_attrs |
|
125 |
, 'field_names' => $ldap_field_names |
|
126 |
, 'dn' => ldap_make_user_dn($user) |
|
127 |
)); |
|
128 |
||
129 |
exit; |
|
130 |
break; |
|
131 |
} |
|
132 |
} |
|
133 |
||
134 |
// list users, and fill with enabled status for the UI |
|
135 |
$users = ldap_list_users(); |
|
136 |
foreach ( $users as $username => &$u ) |
|
137 |
{
|
|
138 |
$u['enabled'] = is_user_enabled($username); |
|
139 |
} |
|
140 |
unset($u); |
|
141 |
||
142 |
// Present the UI |
|
143 |
display_template('users', array(
|
|
144 |
'users' => $users |
|
145 |
)); |