packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/index.php
author Dan Fuhry <dan@fuhry.us>
Sat, 16 Feb 2013 20:47:45 -0500
changeset 7 faf6f7941e8f
parent 4 2212b2ded8bf
permissions -rw-r--r--
Enhancements to User CP - handle attribute deletion/mod more gracefully

<?php

require('includes/starthere.php');

if ( isset($_POST['action']) )
{
	switch($_POST['action'])
	{
	case 'change-password':
		try
		{
			// verify old password
			$result = @ldap_bind($_ldapconn, ldap_make_user_dn($_SERVER['REMOTE_USER']), $_POST['old_password']);
			if ( !$result )
				throw new Exception("Your old password was incorrect.");
			
			if ( ($result = test_password($_POST['password'])) !== true )
				throw new Exception("Your new password $result.");
			
			if ( $_POST['password'] !== $_POST['password_confirm'] )
				throw new Exception("The passwords you entered did not match.");
			
			if ( reset_password($_SERVER['REMOTE_USER'], $_POST['password']) )
			{
				// rebind to LDAP as manager, since we did a bind to verify the old password
				ldap_bind($_ldapconn, $ldap_manager['dn'], $ldap_manager['password']);
				queue_message(E_NOTICE, "Your password has been changed.");
				break;
			}
			else
			{
				throw new Exception("Internal error when performing password reset.");
			}
		}
		catch ( Exception $e )
		{
			queue_message(E_ERROR, $e->getMessage());
			
			// rebind to LDAP as manager, since we did a bind to verify the old password
			ldap_bind($_ldapconn, $ldap_manager['dn'], $ldap_manager['password']);
		}
		break;
	case 'profile-update':
		// header('Content-type: text/plain'); print_r(!empty($_POST['sshPublicKey']) ? $_POST['sshPublicKey'] : array()); exit;
		$ui = ldap_get_user($_SERVER['REMOTE_USER']);
		
		foreach ( array('mail', 'sshPublicKey') as $field )
		{
			if ( empty($_POST[$field]) && empty($ui[$field]) )
			{
				// both empty, do nothing
			}
			else if ( empty($_POST[$field]) && !empty($ui[$field]) )
			{
				// POST empty, database not. Delete attr.
				$result = ldap_mod_del($_ldapconn, ldap_make_user_dn($_SERVER['REMOTE_USER']), array(
						$field => array()
					));
			}
			else if ( !empty($_POST[$field]) && empty($ui[$field]) )
			{
				// POST filled, database empty. Add attr.
				$result = ldap_mod_add($_ldapconn, ldap_make_user_dn($_SERVER['REMOTE_USER']), array(
						$field => is_array($_POST[$field]) ? array_unique($_POST[$field]) : array($_POST[$field])
					));
			}
			else if ( !empty($_POST[$field]) && !empty($ui[$field]) )
			{
				// POST and database filled. Replace attr.
				$result = ldap_mod_replace($_ldapconn, ldap_make_user_dn($_SERVER['REMOTE_USER']), array(
						$field => is_array($_POST[$field]) ? array_unique($_POST[$field]) : array($_POST[$field])
					));
			}
		}
		
		if ( $result || ldap_error($_ldapconn) === 'Success' )
		{
			queue_message(E_NOTICE, "Your information has been updated.");
			redirect('/');
		}
		else
		{
			queue_message(E_ERROR, ldap_error($_ldapconn));
		}
		break;
	}
}

display_template('index');