function updateLDAPUser($authtype, $userid) { global $authMechs; $esc_userid = mysql_real_escape_string($userid); $userData = getLDAPUserData($authtype, $userid); if (is_null($userData)) { return NULL; } $affilid = $authMechs[$authtype]['affiliationid']; $now = unixToDatetime(time()); // select desired data from db $qbase = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "af.shibonly, " . "u.emailnotices, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "af.id = {$affilid} AND "; if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) { $query = $qbase . "u.uid = {$userData['numericid']}"; } else { $query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}"; } $qh = doQuery($query, 255); $updateuid = 0; # check to see if there is a matching entry where uid is NULL but unityid and affiliationid match if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !mysql_num_rows($qh)) { $updateuid = 1; $query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}"; $qh = doQuery($query, 255); } // if get a row // update db // update results from select if ($user = mysql_fetch_assoc($qh)) { $user["unityid"] = $userid; $user["firstname"] = $userData['first']; $user["lastname"] = $userData["last"]; $user["email"] = $userData["email"]; $user["lastupdated"] = $now; $query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$userData['first']}', " . "lastname = '{$userData['last']}', " . "email = '{$userData['email']}', "; if ($updateuid) { $query .= "uid = {$userData['numericid']}, "; } $query .= "lastupdated = '{$now}' "; if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !$updateuid) { $query .= "WHERE uid = {$userData['numericid']}"; } else { $query .= "WHERE unityid = '{$esc_userid}' AND " . "affiliationid = {$affilid}"; } doQuery($query, 256, 'vcl', 1); } else { // call addLDAPUser $id = addLDAPUser($authtype, $userid); $query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups, " . "u.usepublickeys, " . "u.sshpublickeys, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}"; $qh = doQuery($query, 101); if (!($user = mysql_fetch_assoc($qh))) { return NULL; } $user['sshpublickeys'] = htmlspecialchars($user['sshpublickeys']); } // TODO handle generic updating of groups switch (getAffiliationName($affilid)) { case 'EXAMPLE1': updateEXAMPLE1Groups($user); break; default: //TODO possibly add to a default group } $user["groups"] = getUsersGroups($user["id"], 1); $user["groupperms"] = getUsersGroupPerms(array_keys($user['groups'])); $user["privileges"] = getOverallUserPrivs($user["id"]); $user['login'] = $user['unityid']; return $user; }
function updateITECSUser($userid) { global $ENABLE_ITECSAUTH; if (!$ENABLE_ITECSAUTH) { return NULL; } $query = "SELECT id AS uid, " . "first, " . "last, " . "email, " . "created " . "FROM user " . "WHERE email = '{$userid}'"; $qh = doQuery($query, 101, "accounts"); if (!($userData = mysql_fetch_assoc($qh))) { return NULL; } $now = unixToDatetime(time()); // select desired data from db $query = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.uid = {$userData['uid']}"; $qh = doQuery($query, 255); // if get a row // update db // update results from select $esc_userid = mysql_real_escape_string($userid); $first = mysql_real_escape_string($userData['first']); $last = mysql_real_escape_string($userData['last']); $email = mysql_real_escape_string($userData['email']); if ($user = mysql_fetch_assoc($qh)) { $user["unityid"] = $userid; $user["firstname"] = $userData['first']; $user["lastname"] = $userData["last"]; $user["email"] = $userData["email"]; $user["lastupdated"] = $now; $query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$first}', " . "lastname = '{$last}', " . "email = '{$email}', " . "lastupdated = '{$now}' " . "WHERE uid = {$userData['uid']}"; doQuery($query, 256, 'vcl', 1); } else { // call addITECSUser $id = addITECSUser($userid); $query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}"; $qh = doQuery($query, 101); $user = mysql_fetch_assoc($qh); # add account to demo group #$demoid = getUserGroupID('demo', getAffiliationID('ITECS')); #updateGroups(array($demoid), $user['id']); } $user["groups"] = getUsersGroups($user["id"], 1); $user["groupperms"] = getUsersGroupPerms(array_keys($user['groups'])); checkExpiredDemoUser($user['id'], $user['groups']); $user["privileges"] = getOverallUserPrivs($user["id"]); $tmparr = explode('@', $user['unityid']); $user['login'] = $tmparr[0]; return $user; }
function checkUserHasPerm($perm, $userid = 0) { global $user; if ($userid == 0) { if (is_array($user) && array_key_exists('groupperms', $user)) { $perms = $user['groupperms']; } else { return 0; } } else { $usersgroups = getUsersGroups($userid, 1); $perms = getUsersGroupPerms(array_keys($usersgroups)); } if (is_array($perms) && in_array($perm, $perms)) { return 1; } return 0; }
function AJsaveUserGroupPrivs() { global $user; $groups = getUserGroups(0, $user['affiliationid']); $groupid = processInputVar('groupid', ARG_NUMERIC); if (!array_key_exists($groupid, $groups)) { sendJSON(array('failed' => 'noaccess')); return; } $permids = processInputVar('permids', ARG_STRING); if (!preg_match('/^[0-9,]*$/', $permids)) { sendJSON(array('failed' => 'invalid input')); return; } $perms = explode(',', $permids); $query = "DELETE FROM usergrouppriv WHERE usergroupid = {$groupid}"; doQuery($query, 101); if (empty($perms[0])) { sendJSON(array('success' => 1)); return; } $values = array(); foreach ($perms as $permid) { $values[] = "({$groupid}, {$permid})"; } $allvals = implode(',', $values); $query = "INSERT INTO usergrouppriv " . "(usergroupid, " . "userprivtypeid) " . "VALUES {$allvals}"; doQuery($query, 101); sendJSON(array('success' => 1)); $_SESSION['user']["groupperms"] = getUsersGroupPerms(array_keys($user['groups'])); }