public function authenticate($username, $password)
{
$this->username = $username;
if (strlen($password) == 0) {
// LDAP will succeed binding with no password on AD
// (defaults to anon bind)
return false;
}
$rs = ldap_connect($this->ldap_host, $this->ldap_port);
if ($rs) {
ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($rs, LDAP_OPT_REFERRALS, 0);
$ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass;
$ldap_bind_dn = $this->ldap_search_user;
if (ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) {
$filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8');
$result = ldap_search($rs, $this->base_dn, $filter_r);
if ($result) {
$result_user = ldap_get_entries($rs, $result);
if ($result_user['count'] != 0) {
$first_user = $result_user[0];
$ldap_user_dn = $first_user['dn'];
// Bind with the dn of the user that matched our filter
// (only one user should match sAMAccountName or uid etc..)
if (ldap_bind($rs, $ldap_user_dn, $password)) {
if ($this->userExists($username)) {
// Update password if different
$tmpUser = new CUser();
$tmpUser->load($this->userId($username));
$hash_pass = $this->hashPassword($password);
if ($hash_pass != $tmpUser->user_password) {
$tmpUser->user_password = $hash_pass;
$tmpUser->store();
}
return true;
} else {
$this->createsqluser($username, $password, $first_user);
}
return true;
}
}
}
}
}
if ($this->fallback == true) {
$sqlAuth = new w2p_Authenticators_SQL();
return $sqlAuth->authenticate($username, $password);
}
return false;
}
protected function hook_preUpdate()
{
$this->perm_func = 'updateLogin';
$tmpUser = new CUser();
$tmpUser->overrideDatabase($this->_query);
$tmpUser->load($this->user_id);
if ('' == trim($this->user_password)) {
$this->user_password = $tmpUser->user_password;
} elseif ($tmpUser->user_password != $this->authenticator->hashPassword($this->user_password)) {
$this->user_password = $this->authenticator->hashPassword($this->user_password);
} else {
$this->user_password = $tmpUser->user_password;
}
parent::hook_preUpdate();
}
$contact->contact_private = 1;
$contact->store();
}
}
} else {
$AppUI->setMsg('failed to delete role', UI_MSG_ERROR);
}
} else {
if ($user_role) {
$public_contact = false;
if (dPgetConfig('user_contact_activate') && !$perms->checkLogin($user_id)) {
$public_contact = true;
}
if ($perms->insertUserRole($user_role, $user_id)) {
$AppUI->setMsg('added', UI_MSG_OK, true);
if ($public_contact) {
// Mark contact as public
$obj = new CUser();
$contact = new CContact();
$obj->load($user_id);
if ($contact->load($obj->user_contact)) {
$contact->contact_private = 0;
$contact->store();
}
}
} else {
$AppUI->setMsg('failed to add role', UI_MSG_ERROR);
}
}
}
$AppUI->redirect();
die('You should not access this file directly.');
}
$del = isset($_REQUEST['del']) ? w2PgetParam($_REQUEST, 'del', false) : false;
$notify_new_user = isset($_POST['notify_new_user']) ? $_POST['notify_new_user'] : 0;
$perms =& $AppUI->acl();
if (!$perms->checkModule('admin', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$perms->checkModule('users', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
// prepare (and translate) the module name ready for the suffix
$AppUI->setMsg('Roles');
if ($_REQUEST['user_id']) {
$user = new CUser();
$user->load($_REQUEST['user_id']);
$contact = new CContact();
$contact->load($user->user_contact);
}
if ($del) {
if ($perms->deleteUserRole(w2PgetParam($_REQUEST, 'role_id', 0), w2PgetParam($_REQUEST, 'user_id', 0))) {
$AppUI->setMsg('deleted', UI_MSG_ALERT, true);
$AppUI->redirect();
} else {
$AppUI->setMsg('failed to delete role', UI_MSG_ERROR);
$AppUI->redirect();
}
return;
}
if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) {
if ($perms->insertUserRole($_REQUEST['user_role'], $_REQUEST['user_id'])) {
public function authenticate($username, $password)
{
global $w2Pconfig;
$this->username = $username;
if (strlen($password) == 0) {
return false;
// LDAP will succeed binding with no password on AD (defaults to anon bind)
}
if ($rs = ldap_connect($this->ldap_host, $this->ldap_port)) {
ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($rs, LDAP_OPT_REFERRALS, 0);
if ('' == $this->ldap_complete_string) {
/*
* This should be compliant with the old/previous LDAP settings
* that we've used all along.
*/
if (strpos($this->ldap_search_user, 'CN=') === false) {
$ldap_bind_dn = 'CN=' . $this->ldap_search_user . ',OU=Users,' . $this->base_dn;
} else {
$ldap_bind_dn = $this->ldap_search_user . ',' . $this->base_dn;
}
} else {
/*
* In case the LDAP configuration is different than expected,
* we can configure a completely custom one.
*/
$ldap_bind_dn = $this->ldap_complete_string;
}
$ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass;
if ($bindok = ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) {
$filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8');
$result = ldap_search($rs, $this->base_dn, $filter_r);
if ($result) {
$result_user = ldap_get_entries($rs, $result);
if ($result_user['count'] != 0) {
$first_user = $result_user[0];
$ldap_user_dn = $first_user['dn'];
// Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..)
if ($bind_user = ldap_bind($rs, $ldap_user_dn, $password)) {
if ($this->userExists($username)) {
// Update password if different
$tmpUser = new CUser();
$tmpUser->load($this->userId($username));
$hash_pass = MD5($password);
if ($hash_pass != $tmpUser->user_password) {
$tmpUser->user_password = $hash_pass;
$tmpUser->store();
}
return true;
} else {
$this->createsqluser($username, $password, $first_user);
}
return true;
}
}
}
}
}
if ($this->fallback == true) {
return parent::authenticate($username, $password);
}
return false;
}
<?php
/**
* $Id: ajax_vw_user_authentications.php 25142 2014-10-07 12:16:51Z phenxdesign $
*
* @category Admin
* @package Mediboard
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision: 25142 $
* @link http://www.mediboard.org
*/
CCanDo::checkEdit();
// Récuperation de l'utilisateur sélectionné
$user_id = CValue::get("user_id");
$start = CValue::get("start");
$user = new CUser();
$user->load($user_id);
$user->countConnections();
$user_authentication = new CUserAuthentication();
$ds = $user_authentication->getDS();
$where = array("user_id" => $ds->prepare("= ?", $user_id));
$limit = intval($start) . ", 30";
$list = $user_authentication->loadList($where, "datetime_login DESC", $limit);
$smarty = new CSmartyDP();
$smarty->assign("list", $list);
$smarty->assign("user", $user);
$smarty->display("inc_vw_user_authentications.tpl");
/**
* Search and map a user inside the LDAP
*
* @param CUser $user
* @param CSourceLDAP $source_ldap
* @param resource $ldapconn
* @param string $person [optional]
* @param string $filter [optional]
* @param boolean $force_create [optional]
*
* @return CUser
*/
static function searchAndMap(CUser $user, CSourceLDAP $source_ldap, $ldapconn, $person = null, $filter = null, $force_create = false)
{
if (!$person) {
$person = $user->user_username;
}
$person = utf8_encode($person);
if (!$filter) {
$filter = "(samaccountname={$person})";
}
$results = $source_ldap->ldap_search($ldapconn, $filter);
if (!$results || $results["count"] == 0) {
$user->_bound = false;
$user->_count_ldap = 0;
return $user;
}
if ($results["count"] > 1) {
throw new CMbException("CSourceLDAP_too-many-results");
}
$results = $results[0];
$idex = new CIdSante400();
$idex->tag = CAppUI::conf("admin LDAP ldap_tag");
$idex->object_class = "CUser";
$idex->id400 = self::getObjectGUID($results);
$idex->loadMatchingObject();
// On sauvegarde le password renseigné
$user_password = $user->user_password;
$_user_password = $user->_user_password;
// objectguid retrouvé on charge le user
if ($idex->_id) {
$user = new CUser();
$user->load($idex->object_id);
} else {
// objectguid non retrouvé on associe à l'user courant l'objectguid
// Si on est pas en mode création on le recherche
if (!$force_create) {
// Suppression du password pour le loadMatchingObject
$user->user_password = null;
$user->_user_password = null;
$user->loadMatchingObject();
if (!$user->_id) {
throw new CMbException("Auth-failed-user-unknown");
}
}
}
$user->_bound = true;
$user = self::mapTo($user, $results);
// Save Mediuser variables
$actif = $user->_user_actif;
$deb_activite = $user->_user_deb_activite;
$fin_activite = $user->_user_fin_activite;
// Restore User password variables
$user->user_password = $user_password;
$user->_user_password = $_user_password;
if (!$user->user_type) {
$user->user_type = 0;
}
// Pas de profil
$user->template = 0;
$user->user_login_errors = 0;
$user->repair();
$msg = $user->store();
if ($msg) {
throw new CMbException($msg);
}
if (!$force_create && !$user->_ref_mediuser->actif || $force_create && !$actif) {
throw new CMbException("Auth-failed-user-deactivated");
}
// Restore Mediuser variables
$user->_user_actif = $actif;
$user->_user_deb_activite = $deb_activite;
$user->_user_fin_activite = $fin_activite;
$user->_count_ldap = 1;
if (!$idex->_id) {
$idex->object_id = $user->_id;
$idex->last_update = CMbDT::dateTime();
if ($msg = $idex->store()) {
throw new CMbException($msg);
}
}
return $user;
}
<?php
/**
* $Id$
*
* @category Admin
* @package Mediboard
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision$
* @link http://www.mediboard.org
*/
$forceChange = CView::request("forceChange", "bool");
$lifeDuration = CView::request("lifeDuration", "bool");
CView::checkin();
$user = new CUser();
$user->load(CAppUI::$user->_id);
$user->updateSpecs();
$user->isLDAPLinked();
$password_info = CAppUI::$user->_specs['_user_password']->minLength > 4 ? "Le mot de passe doit être composé d'au moins 6 caractères, comprenant des lettres et au moins un chiffre." : "Le mot de passe doit être composé d'au moins 4 caractères.";
// Création du template
$smarty = new CSmartyDP();
$smarty->assign("user", $user);
$smarty->assign("forceChange", $forceChange);
$smarty->assign("lifeDuration", $lifeDuration);
$smarty->assign("lifetime", CAppUI::conf("admin CUser password_life_duration"));
$smarty->assign("pwd_info", $password_info);
$smarty->display("change_password.tpl");
/**
* @see parent::check()
*/
function check()
{
$msg = null;
$this->completeField("chir_id", "plageop_id", "sejour_id");
if (!$this->_id && !$this->chir_id) {
$msg .= "Praticien non valide ";
}
// Bornes du séjour
$sejour = $this->loadRefSejour();
$this->loadRefPlageOp();
if ($this->_check_bounds && !$this->_forwardRefMerging) {
if ($this->plageop_id !== null && !$sejour->entree_reelle) {
$date = CMbDT::date($this->_datetime);
$entree = CMbDT::date($sejour->entree_prevue);
$sortie = CMbDT::date($sejour->sortie_prevue);
if (!CMbRange::in($date, $entree, $sortie)) {
$msg .= "Intervention du {$date} en dehors du séjour du {$entree} au {$sortie}";
}
}
}
// Vérification de la signature de l'anesthésiste pour la visite de pré-anesthésie
if ($this->fieldModified("prat_visite_anesth_id") && $this->prat_visite_anesth_id !== null && $this->prat_visite_anesth_id != CAppUI::$user->_id) {
$anesth = new CUser();
$anesth->load($this->prat_visite_anesth_id);
if (!CUser::checkPassword($anesth->user_username, $this->_password_visite_anesth)) {
$msg .= "Mot de passe incorrect";
}
}
return $msg . parent::check();
}
/**
* @return string error message when necessary, null otherwise
*/
function copyPermissionsFrom($user_id, $delExistingPerms = false)
{
if (!$user_id) {
return null;
}
// Copy user type
$profile = new CUser();
$profile->load($user_id);
$this->user_type = $profile->user_type;
if ($msg = $this->store()) {
return $msg;
}
// Delete existing permissions
if ($delExistingPerms) {
$this->removePerms();
}
// Get other user's permissions
// Module permissions
$perms = new CPermModule();
$perms = $perms->loadList("user_id = '{$user_id}'");
// Copy them
foreach ($perms as $perm) {
$perm->perm_module_id = null;
$perm->user_id = $this->user_id;
$perm->store();
}
//Object permissions
$perms = new CPermObject();
$perms = $perms->loadList("user_id = '{$user_id}'");
// Copy them
foreach ($perms as $perm) {
$perm->perm_object_id = null;
$perm->user_id = $this->user_id;
$perm->store();
}
return null;
}
public function getTaskEmailLog(CTask $task, CTask_Log $log)
{
$project = new CProject();
$projname = $project->load($task->task_project)->project_name;
$contact = new CContact();
$creatorname = $contact->findContactByUserid($log->task_log_creator)->contact_display_name;
$body = $this->_AppUI->_('Project', UI_OUTPUT_RAW) . ': ' . $projname . "\n";
if ($task->task_parent != $task->task_id) {
$tmpTask = new CTask();
$taskname = $tmpTask->load($task->task_parent)->task_name;
$body .= $this->_AppUI->_('Parent Task', UI_OUTPUT_RAW) . ': ' . $taskname . "\n";
}
$body .= $this->_AppUI->_('Task', UI_OUTPUT_RAW) . ': ' . $task->task_name . "\n";
$task_types = w2PgetSysVal('TaskType');
$body .= $this->_AppUI->_('Task Type', UI_OUTPUT_RAW) . ':' . $task_types[$task->task_type] . "\n";
$body .= $this->_AppUI->_('URL', UI_OUTPUT_RAW) . ': ' . W2P_BASE_URL . '/index.php?m=tasks&a=view&task_id=' . $task->task_id . "\n\n";
$body .= "------------------------\n\n";
$body .= $this->_AppUI->_('User', UI_OUTPUT_RAW) . ': ' . $creatorname . "\n";
$body .= $this->_AppUI->_('Hours', UI_OUTPUT_RAW) . ': ' . $log->task_log_hours . "\n";
$body .= $this->_AppUI->_('Summary', UI_OUTPUT_RAW) . ': ' . $log->task_log_name . "\n\n";
$body .= $log->task_log_description;
$user = new CUser();
$body .= "\n--\n" . $user->load($this->_AppUI->user_id)->user_signature;
return $body;
}
public function store(CAppUI $AppUI = null)
{
global $AppUI;
$perms = $AppUI->acl();
$stored = false;
$this->_error = $this->check();
if (count($this->_error)) {
return false;
}
if ($this->user_id && $perms->checkModuleItem('users', 'edit', $this->user_id)) {
$perm_func = 'updateLogin';
$tmpUser = new CUser();
$tmpUser->load($this->user_id);
if ('' == trim($this->user_password)) {
$this->user_password = $tmpUser->user_password;
} elseif ($tmpUser->user_password != md5($this->user_password)) {
$this->user_password = md5($this->user_password);
} else {
$this->user_password = $tmpUser->user_password;
}
if ($msg = parent::store()) {
$this->_error = $msg;
return false;
}
$stored = true;
}
if (0 == $this->user_id && $perms->checkModuleItem('users', 'add')) {
$perm_func = 'addLogin';
$this->user_password = md5($this->user_password);
if ($msg = parent::store()) {
$this->_error = $msg;
return false;
}
$stored = true;
}
if ($stored) {
$perms->{$perm_func}($this->user_id, $this->user_username);
$q = $this->_query;
//Lets check if the user has allready default users preferences set, if not insert the default ones
$q->addTable('user_preferences', 'upr');
$q->addWhere('upr.pref_user = '******'user_preferences', 'dup');
$q->addWhere('dup.pref_user = 0');
$w2prefs = $q->loadList();
$q->clear();
foreach ($w2prefs as $w2prefskey => $w2prefsvalue) {
$q->addTable('user_preferences', 'up');
$q->addInsert('pref_user', $this->user_id);
$q->addInsert('pref_name', $w2prefsvalue['pref_name']);
$q->addInsert('pref_value', $w2prefsvalue['pref_value']);
$q->exec();
$q->clear();
}
}
return $stored;
}
return $stored;
}
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$user_id = (int) w2PgetParam($_GET, 'user_id', 0);
$tab = $AppUI->processIntState('UserVwTab', $_GET, 'tab', 0);
$addPwT = $AppUI->processIntState('addProjWithTasks', $_POST, 'add_pwt', 0);
$user = new CUser();
if (!$user->load($user_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
$canEdit = $user->canEdit();
$user->loadFull($user_id);
global $addPwT, $company_id, $dept_ids, $department, $min_view, $m, $a;
if ($user_id != $AppUI->user_id && (!$perms->checkModuleItem('users', 'view', $user_id) || !$perms->checkModuleItem('users', 'view', $user_id))) {
$AppUI->redirect(ACCESS_DENIED);
}
$company_id = $AppUI->getState('UsrProjIdxCompany') !== null ? $AppUI->getState('UsrProjIdxCompany') : $AppUI->user_company;
$company_prefix = 'company_';
if (isset($_POST['department'])) {
$AppUI->setState('UsrProjIdxDepartment', $_POST['department']);
//if department is set, ignore the company_id field
unset($company_id);
}
$department = $AppUI->getState('UsrProjIdxDepartment') !== null ? $AppUI->getState('UsrProjIdxDepartment') : $company_prefix . $AppUI->user_company;
//if $department contains the $company_prefix string that it's requesting a company and not a department. So, clear the
// $department variable, and populate the $company_id variable.
if (!(strpos($department, $company_prefix) === false)) {
$company_id = substr($department, strlen($company_prefix));
$AppUI->setState('UsrProjIdxCompany', $company_id);
$module->mod_type = $setup->mod_type;
$module->store();
if ($setup->mod_version == $module->mod_version) {
CAppUI::setMsg("Installation de '%s' à la version %s", UI_MSG_OK, $module->mod_name, $setup->mod_version);
} else {
CAppUI::setMsg("Installation de '%s' à la version %s sur %s", UI_MSG_WARNING, $module->mod_name, $module->mod_version, $setup->mod_version);
}
} else {
CAppUI::setMsg("Module '%s' non mis à jour", UI_MSG_WARNING, $module->mod_name);
}
CModule::loadModules(false);
// To force dependency re-evaluation
}
if (isset($_SESSION["_pass_deferred"]) && CAppUI::$instance->user_id == 1) {
$user = new CUser();
$user->load(1);
$user->_user_password = $_SESSION["_pass_deferred"];
$user->store();
unset($_SESSION["_pass_deferred"]);
}
// In case the setup has added some user prefs
CAppUI::buildPrefs();
error_reporting($old_er);
CAppUI::redirect();
}
$module = new CModule();
if ($mod_id) {
$module->load($mod_id);
$module->checkModuleFiles();
} else {
$module->mod_version = "all";
public function createsqluser($username, $password, $ldap_attribs = array())
{
$hash_pass = $this->hashPassword($password);
$u = new CUser();
$u->user_username = $username;
$u->user_password = $hash_pass;
$u->user_type = 0;
// Changed from 1 (administrator) to 0 (Default user)
$u->user_contact = 0;
$result = $u->store(null, true);
$user_id = $u->user_id;
$this->user_id = $user_id;
$c = new CContact();
if (count($ldap_attribs)) {
// Contact information based on the inetOrgPerson class schema
$c->contact_first_name = $ldap_attribs['givenname'][0];
$c->contact_last_name = $ldap_attribs['sn'][0];
$c->contact_city = $ldap_attribs['l'][0];
$c->contact_country = $ldap_attribs['country'][0];
$c->contact_state = $ldap_attribs['st'][0];
$c->contact_zip = $ldap_attribs['postalcode'][0];
$c->contact_job = $ldap_attribs['title'][0];
$c->contact_email = $ldap_attribs['mail'][0];
$c->contact_phone = $ldap_attribs['telephonenumber'][0];
$c->contact_owner = $this->user_id;
$result = $c->store();
$contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]);
$c->setContactMethods($contactArray);
}
//we may be able to use the above user element for this but I didnt know how it would handle an update after the store command so I created a new object.
$tmpUser = new CUser();
$tmpUser->load($user_id);
$tmpUser->user_contact = $this->contactId($user_id);
$tmpUser->store();
$acl =& $this->AppUI->acl();
$acl->insertUserRole($acl->get_group_id('normal'), $this->user_id);
}
