/**
* Validate the data for the admin user account
*
* @param string &$username the login id for the admin user -
* @param string $passwd the password for the new user
* @param string $passwd2 the verification password for the new user
* @param string $fname the first name of the administrator
* @param string $lname the lastname of the administrator
*
* @return array list of errors - empty array if valid
*
* @internal we pass the username by ref so it can be unset if invalid
*/
function validate_admin(&$username, $passwd, &$passwd2, $fname, $lname)
{
phpgw::import_class('phpgwapi.globally_denied');
$errors = array();
if ($passwd != $passwd2) {
$errors[] = lang('Passwords did not match, please re-enter');
} else {
$account = new phpgwapi_user();
try {
$account->validate_password($passwd);
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
if (!$username) {
$errors[] = lang('You must enter a username for the admin');
} else {
if (phpgwapi_globally_denied::user($username)) {
$errors[] = lang('You can not use %1 as the admin username, please try again with another username', $username);
$username = '';
}
}
return $errors;
}
/**
* Validate a username
*
* @param string $username the username to validate
* @param boolean $lookup check if the account already exists
*
* @return boolean is the username valid?
*
* @throws Exception when username is invalid
*/
private function _validate_username($username, $lookup = true)
{
if (!strlen($username)) {
throw new Exception('Username is too short');
}
if ($lookup) {
$id = $GLOBALS['phpgw']->accounts->name2id($username);
if ($id && $id != $this->_data['id']) {
throw new Exception('Username already in use');
}
}
phpgw::import_class('phpgwapi.globally_denied');
if (phpgwapi_globally_denied::user($username)) {
throw new Exception('Username is blocked');
}
return true;
}
/**
* Create a new session
*
* @param string $login user login
* @param string $passwd user password
* @param boolean $skip_auth create a sesison without authenticating the user?
*
* @return string session id
*/
public function create($login, $passwd = '', $skip_auth = false)
{
phpgw::import_class('phpgwapi.globally_denied');
$accounts =& $GLOBALS['phpgw']->accounts;
if (is_array($login)) {
$this->_login = $login['login'];
$this->_passwd = $login['passwd'];
$login = $this->_login;
} else {
$this->_login = $login;
$this->_passwd = $passwd;
}
$now = time();
$this->_set_login($login);
$user_ip = $this->_get_user_ip();
if ($this->_login_blocked($login, $this->_get_user_ip())) {
$this->reason = 'blocked, too many attempts';
$this->cd_reason = 99;
// log unsuccessfull login
$this->log_access($this->reason, $login, $user_ip, 0);
return false;
}
if (phpgwapi_globally_denied::user($this->_account_lid) || !$accounts->name2id($this->_account_lid) || !$skip_auth && !$GLOBALS['phpgw']->auth->authenticate($this->_account_lid, $this->_passwd) || get_class($accounts->get($accounts->name2id($this->_account_lid))) == phpgwapi_account::CLASS_TYPE_GROUP) {
$this->reason = 'bad login or password';
$this->cd_reason = 5;
// log unsuccessfull login
$this->log_access($this->reason, $login, $user_ip, 0);
return false;
}
if (!$accounts->exists($this->_account_lid) && $GLOBALS['phpgw_info']['server']['auto_create_acct']) {
$this->_account_id = $accounts->auto_add($this->_account_lid, $passwd);
} else {
$this->_account_id = $accounts->name2id($this->_account_lid);
}
$GLOBALS['phpgw_info']['user']['account_id'] = $this->_account_id;
$accounts->set_account($this->_account_id);
session_start();
$this->_sessionid = session_id();
if (isset($GLOBALS['phpgw_info']['server']['usecookies']) && $GLOBALS['phpgw_info']['server']['usecookies']) {
$this->phpgw_setcookie(session_name(), $this->_sessionid);
$this->phpgw_setcookie('domain', $this->_account_domain);
}
if (isset($GLOBALS['phpgw_info']['server']['usecookies']) && $GLOBALS['phpgw_info']['server']['usecookies'] || isset($_COOKIE['last_loginid'])) {
// Create a cookie which expires in 14 days
$cookie_expires = $now + 60 * 60 * 24 * 14;
$this->phpgw_setcookie('last_loginid', $this->_account_lid, $cookie_expires);
$this->phpgw_setcookie('last_domain', $this->_account_domain, $cookie_expires);
}
/* we kill this for security reasons */
unset($GLOBALS['phpgw_info']['server']['default_domain']);
/* init the crypto object */
$this->_key = md5($this->_sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->_iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->_key, $this->_iv));
$this->read_repositories();
if ($this->_data['expires'] != -1 && $this->_data['expires'] < time()) {
if (is_object($GLOBALS['phpgw']->log)) {
$GLOBALS['phpgw']->log->message(array('text' => 'W-LoginFailure, account loginid %1 is expired', 'p1' => $this->_account_lid, 'line' => __LINE__, 'file' => __FILE__));
$GLOBALS['phpgw']->log->commit();
}
$this->cd_reason = 2;
return false;
}
$GLOBALS['phpgw_info']['user'] = $this->_data;
// $GLOBALS['phpgw_info']['hooks'] = $this->hooks;
phpgwapi_cache::session_set('phpgwapi', 'password', base64_encode($this->_passwd));
if ($GLOBALS['phpgw']->acl->check('anonymous', 1, 'phpgwapi')) {
$session_flags = 'A';
} else {
$session_flags = 'N';
}
$GLOBALS['phpgw']->db->transaction_begin();
$this->register_session($login, $user_ip, $now, $session_flags);
$this->log_access($this->_sessionid, $login, $user_ip, $this->_account_id);
$GLOBALS['phpgw']->auth->update_lastlogin($this->_account_id, $user_ip);
$GLOBALS['phpgw']->db->transaction_commit();
return $this->_sessionid;
}
$tmp = $info[$i]['uidnumber'][0];
$account_info[$tmp]['id'] = $info[$i]['uidnumber'][0];
$account_info[$tmp]['lid'] = $info[$i]['uid'][0];
$account_info[$tmp]['firstname'] = $info[$i]['givenname'][0];
$account_info[$tmp]['lastname'] = $info[$i]['sn'][0];
$account_info[$tmp]['password'] = isset($info[$i]['userpassword'][0]) ? $info[$i]['userpassword'][0] : '';
//echo 'password?';
}
}
$group_info = array();
if ($GLOBALS['phpgw_info']['server']['ldap_group_context']) {
$srg = ldap_search($ldap, $config['ldap_group_context'], '(|(cn=*))', array('gidnumber', 'cn', 'memberuid'));
$info = ldap_get_entries($ldap, $srg);
$tmp = '';
for ($i = 0; $i < $info['count']; ++$i) {
if (isset($info[$i]['cn'][0]) && !phpgwapi_globally_denied::user($info[$i]['cn'][0]) && (!isset($account_info[$i][$info[$i]['cn'][0]]) || !$account_info[$i][$info[$i]['cn'][0]])) {
$tmp = $info[$i]['gidnumber'][0];
$group_info[$tmp]['id'] = $info[$i]['gidnumber'][0];
$group_info[$tmp]['lid'] = $info[$i]['cn'][0];
$group_info[$tmp]['members'] = $info[$i]['memberuid'];
$group_info[$tmp]['firstname'] = $info[$i]['cn'][0];
$group_info[$tmp]['lastname'] = 'Group';
}
}
}
$GLOBALS['phpgw_setup']->db->query("SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name", __LINE__, __FILE__);
while ($GLOBALS['phpgw_setup']->db->next_record()) {
$apps[$GLOBALS['phpgw_setup']->db->f('app_name')] = lang($GLOBALS['phpgw_setup']->db->f('app_name'));
}
if (isset($_POST['cancel']) && $_POST['cancel']) {
Header("Location: ldap.php");
