function updateLDAPUser($authtype, $userid)
{
global $authMechs;
$esc_userid = mysql_real_escape_string($userid);
$userData = getLDAPUserData($authtype, $userid);
if (is_null($userData)) {
return NULL;
}
$affilid = $authMechs[$authtype]['affiliationid'];
$now = unixToDatetime(time());
// select desired data from db
$qbase = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "af.shibonly, " . "u.emailnotices, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "af.id = {$affilid} AND ";
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) {
$query = $qbase . "u.uid = {$userData['numericid']}";
} else {
$query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}";
}
$qh = doQuery($query, 255);
$updateuid = 0;
# check to see if there is a matching entry where uid is NULL but unityid and affiliationid match
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !mysql_num_rows($qh)) {
$updateuid = 1;
$query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}";
$qh = doQuery($query, 255);
}
// if get a row
// update db
// update results from select
if ($user = mysql_fetch_assoc($qh)) {
$user["unityid"] = $userid;
$user["firstname"] = $userData['first'];
$user["lastname"] = $userData["last"];
$user["email"] = $userData["email"];
$user["lastupdated"] = $now;
$query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$userData['first']}', " . "lastname = '{$userData['last']}', " . "email = '{$userData['email']}', ";
if ($updateuid) {
$query .= "uid = {$userData['numericid']}, ";
}
$query .= "lastupdated = '{$now}' ";
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !$updateuid) {
$query .= "WHERE uid = {$userData['numericid']}";
} else {
$query .= "WHERE unityid = '{$esc_userid}' AND " . "affiliationid = {$affilid}";
}
doQuery($query, 256, 'vcl', 1);
} else {
// call addLDAPUser
$id = addLDAPUser($authtype, $userid);
$query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups, " . "u.usepublickeys, " . "u.sshpublickeys, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}";
$qh = doQuery($query, 101);
if (!($user = mysql_fetch_assoc($qh))) {
return NULL;
}
$user['sshpublickeys'] = htmlspecialchars($user['sshpublickeys']);
}
// TODO handle generic updating of groups
switch (getAffiliationName($affilid)) {
case 'EXAMPLE1':
updateEXAMPLE1Groups($user);
break;
default:
//TODO possibly add to a default group
}
$user["groups"] = getUsersGroups($user["id"], 1);
$user["groupperms"] = getUsersGroupPerms(array_keys($user['groups']));
$user["privileges"] = getOverallUserPrivs($user["id"]);
$user['login'] = $user['unityid'];
return $user;
}
function updateITECSUser($userid)
{
global $ENABLE_ITECSAUTH;
if (!$ENABLE_ITECSAUTH) {
return NULL;
}
$query = "SELECT id AS uid, " . "first, " . "last, " . "email, " . "created " . "FROM user " . "WHERE email = '{$userid}'";
$qh = doQuery($query, 101, "accounts");
if (!($userData = mysql_fetch_assoc($qh))) {
return NULL;
}
$now = unixToDatetime(time());
// select desired data from db
$query = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.uid = {$userData['uid']}";
$qh = doQuery($query, 255);
// if get a row
// update db
// update results from select
$esc_userid = mysql_real_escape_string($userid);
$first = mysql_real_escape_string($userData['first']);
$last = mysql_real_escape_string($userData['last']);
$email = mysql_real_escape_string($userData['email']);
if ($user = mysql_fetch_assoc($qh)) {
$user["unityid"] = $userid;
$user["firstname"] = $userData['first'];
$user["lastname"] = $userData["last"];
$user["email"] = $userData["email"];
$user["lastupdated"] = $now;
$query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$first}', " . "lastname = '{$last}', " . "email = '{$email}', " . "lastupdated = '{$now}' " . "WHERE uid = {$userData['uid']}";
doQuery($query, 256, 'vcl', 1);
} else {
// call addITECSUser
$id = addITECSUser($userid);
$query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}";
$qh = doQuery($query, 101);
$user = mysql_fetch_assoc($qh);
# add account to demo group
#$demoid = getUserGroupID('demo', getAffiliationID('ITECS'));
#updateGroups(array($demoid), $user['id']);
}
$user["groups"] = getUsersGroups($user["id"], 1);
$user["groupperms"] = getUsersGroupPerms(array_keys($user['groups']));
checkExpiredDemoUser($user['id'], $user['groups']);
$user["privileges"] = getOverallUserPrivs($user["id"]);
$tmparr = explode('@', $user['unityid']);
$user['login'] = $tmparr[0];
return $user;
}
function checkUserHasPerm($perm, $userid = 0)
{
global $user;
if ($userid == 0) {
if (is_array($user) && array_key_exists('groupperms', $user)) {
$perms = $user['groupperms'];
} else {
return 0;
}
} else {
$usersgroups = getUsersGroups($userid, 1);
$perms = getUsersGroupPerms(array_keys($usersgroups));
}
if (is_array($perms) && in_array($perm, $perms)) {
return 1;
}
return 0;
}
function AJsaveUserGroupPrivs()
{
global $user;
$groups = getUserGroups(0, $user['affiliationid']);
$groupid = processInputVar('groupid', ARG_NUMERIC);
if (!array_key_exists($groupid, $groups)) {
sendJSON(array('failed' => 'noaccess'));
return;
}
$permids = processInputVar('permids', ARG_STRING);
if (!preg_match('/^[0-9,]*$/', $permids)) {
sendJSON(array('failed' => 'invalid input'));
return;
}
$perms = explode(',', $permids);
$query = "DELETE FROM usergrouppriv WHERE usergroupid = {$groupid}";
doQuery($query, 101);
if (empty($perms[0])) {
sendJSON(array('success' => 1));
return;
}
$values = array();
foreach ($perms as $permid) {
$values[] = "({$groupid}, {$permid})";
}
$allvals = implode(',', $values);
$query = "INSERT INTO usergrouppriv " . "(usergroupid, " . "userprivtypeid) " . "VALUES {$allvals}";
doQuery($query, 101);
sendJSON(array('success' => 1));
$_SESSION['user']["groupperms"] = getUsersGroupPerms(array_keys($user['groups']));
}
