/**
* Main method to process current row returned by getNextRow() method.
* You may throw an exception if something goes wrong. It will be logged but won't break the import process
* @param mixed $row Depending on your data format, can be DOMNode, SimpleXMLIterator, SimpleXMLElement, CSV row...
*/
public function process($row)
{
$contentOptions = new SQLIContentOptions(array('class_identifier' => 'user', 'remote_id' => (string) $row->login));
$content = SQLIContent::create($contentOptions);
$content->fields->first_name = (string) $row->firstName;
$content->fields->last_name = (string) $row->lastName;
$userParts = array((string) $row->login, (string) $row->email);
//password management : if empty, generate it, use custom default or fixed default
$password = $row->password;
if (!$password) {
if (isset($this->options->generate_password) && $this->options->generate_password) {
$password = eZUser::createPassword(6);
} elseif (isset($this->options->default_password) && $this->options->default_password) {
$password = $this->options->default_password;
} else {
$password = '******';
}
}
$userParts[] = $password;
$userParts[] = eZUser::createHash((string) $row->login, $password, eZUser::site(), eZUser::hashType());
$userParts[] = eZUser::hashType();
$content->fields->user_account = implode('|', $userParts);
// Now publish content
$content->addLocation(SQLILocation::fromNodeID($this->handlerConfArray['DefaultParentNodeID']));
$publisher = SQLIContentPublisher::getInstance();
$publisher->publish($content);
// Free some memory. Internal methods eZContentObject::clearCache() and eZContentObject::resetDataMap() will be called
// @see SQLIContent::__destruct()
unset($content);
$this->csv->rows->next();
}
static function authenticateHash($user, $password, $site, $type, $hash)
{
return eZUser::createHash($user, $password, $site, $type, $hash) === (string) $hash;
}
static function loginUser($login, $password, $authenticationMatch = false)
{
$http = eZHTTPTool::instance();
$db = eZDB::instance();
if ($authenticationMatch === false) {
$authenticationMatch = eZUser::authenticationMatch();
}
$loginEscaped = $db->escapeString($login);
$passwordEscaped = $db->escapeString($password);
$loginArray = array();
if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) {
$loginArray[] = "login='******'";
}
if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) {
$loginArray[] = "email='{$loginEscaped}'";
}
if (count($loginArray) == 0) {
$loginArray[] = "login='******'";
}
$loginText = implode(' OR ', $loginArray);
$contentObjectStatus = eZContentObject::STATUS_PUBLISHED;
$ini = eZINI::instance();
$textFileIni = eZINI::instance('textfile.ini');
$databaseName = $db->databaseName();
// if mysql
if ($databaseName === 'mysql') {
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )";
} else {
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ezcontentobject.id=contentobject_id";
}
$users = $db->arrayQuery($query);
$exists = false;
if (count($users) >= 1) {
foreach ($users as $userRow) {
$userID = $userRow['contentobject_id'];
$hashType = $userRow['password_hash_type'];
$hash = $userRow['password_hash'];
$exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash);
// If hash type is MySql
if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') {
$queryMysqlUser = "******";
$mysqlUsers = $db->arrayQuery($queryMysqlUser);
if (count($mysqlUsers) >= 1) {
$exists = true;
}
}
eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash");
eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash");
// If current user has been disabled after a few failed login attempts.
$canLogin = eZUser::isEnabledAfterFailedLogin($userID);
if ($exists) {
// We should store userID for warning message.
$GLOBALS['eZFailedLoginAttemptUserID'] = $userID;
$userSetting = eZUserSetting::fetch($userID);
$isEnabled = $userSetting->attribute("is_enabled");
if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') {
$hashType = eZUser::hashType();
$hash = eZUser::createHash($login, $password, eZUser::site(), $hashType);
$db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'");
}
break;
}
}
}
if ($exists and $isEnabled and $canLogin) {
eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row');
$user = new eZUser($userRow);
eZDebugSetting::writeDebug('kernel-user', $user, 'user');
$userID = $user->attribute('contentobject_id');
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($user, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
return $user;
} else {
if ($textFileIni->variable('TextFileSettings', 'TextFileEnabled') == "true") {
$fileName = $textFileIni->variable('TextFileSettings', 'FileName');
$filePath = $textFileIni->variable('TextFileSettings', 'FilePath');
$defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement");
$separator = $textFileIni->variable("TextFileSettings", "FileFieldSeparator");
$loginColumnNr = $textFileIni->variable("TextFileSettings", "LoginAttribute");
$passwordColumnNr = $textFileIni->variable("TextFileSettings", "PasswordAttribute");
$emailColumnNr = $textFileIni->variable("TextFileSettings", "EmailAttribute");
$lastNameColumnNr = $textFileIni->variable("TextFileSettings", "LastNameAttribute");
$firstNameColumnNr = $textFileIni->variable("TextFileSettings", "FirstNameAttribute");
if ($textFileIni->hasVariable('TextFileSettings', 'DefaultUserGroupType')) {
$UserGroupType = $textFileIni->variable('TextFileSettings', 'DefaultUserGroupType');
$UserGroup = $textFileIni->variable('TextFileSettings', 'DefaultUserGroup');
}
if ($UserGroupType != null) {
if ($UserGroupType == "name") {
$groupName = $UserGroup;
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name='{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
}
} else {
if ($UserGroupType == "id") {
$groupID = $UserGroup;
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
}
}
}
}
if ($filePath != "root" and $filePath != null) {
$fileName = $filePath . "/" . $fileName;
}
if (file_exists($fileName)) {
$handle = fopen($fileName, "r");
} else {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
return false;
}
while (!feof($handle)) {
$line = trim(fgets($handle, 4096));
if ($line === '') {
continue;
}
if ($separator == "tab") {
$userArray = explode("\t", $line);
} else {
$userArray = explode($separator, $line);
}
$uid = $userArray[$loginColumnNr - 1];
$email = $userArray[$emailColumnNr - 1];
$pass = $userArray[$passwordColumnNr - 1];
$firstName = $userArray[$firstNameColumnNr - 1];
$lastName = $userArray[$lastNameColumnNr - 1];
if ($login == $uid) {
if (trim($pass) == $password) {
$createNewUser = true;
$existUser = eZUser::fetchByName($login);
if ($existUser != null) {
$createNewUser = false;
}
if ($createNewUser) {
$userClassID = $ini->variable("UserSettings", "UserClassID");
$userCreatorID = $ini->variable("UserSettings", "UserCreatorID");
$defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID");
$remoteID = "TextFile_" . $login;
$db->begin();
// The content object may already exist if this process has failed once before, before the eZUser object was created.
// Therefore we try to fetch the eZContentObject before instantiating it.
$contentObject = eZContentObject::fetchByRemoteID($remoteID);
if (!is_object($contentObject)) {
$class = eZContentClass::fetch($userClassID);
$contentObject = $class->instantiate($userCreatorID, $defaultSectionID);
}
$contentObject->setAttribute('remote_id', $remoteID);
$contentObject->store();
$contentObjectID = $contentObject->attribute('id');
$userID = $contentObjectID;
$nodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $defaultUserPlacement, 'is_main' => 1));
$nodeAssignment->store();
$version = $contentObject->version(1);
$version->setAttribute('modified', time());
$version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT);
$version->store();
$contentObjectID = $contentObject->attribute('id');
$contentObjectAttributes = $version->contentObjectAttributes();
$contentObjectAttributes[0]->setAttribute('data_text', $firstName);
$contentObjectAttributes[0]->store();
$contentObjectAttributes[1]->setAttribute('data_text', $lastName);
$contentObjectAttributes[1]->store();
$user = eZUser::create($userID);
$user->setAttribute('login', $login);
$user->setAttribute('email', $email);
$user->setAttribute('password_hash', "");
$user->setAttribute('password_hash_type', 0);
$user->store();
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($user, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1));
$db->commit();
return $user;
} else {
$db->begin();
// Update user information
$userID = $existUser->attribute('contentobject_id');
$contentObject = eZContentObject::fetch($userID);
$parentNodeID = $contentObject->attribute('main_parent_node_id');
$currentVersion = $contentObject->attribute('current_version');
$version = $contentObject->attribute('current');
$contentObjectAttributes = $version->contentObjectAttributes();
$contentObjectAttributes[0]->setAttribute('data_text', $firstName);
$contentObjectAttributes[0]->store();
$contentObjectAttributes[1]->setAttribute('data_text', $lastName);
$contentObjectAttributes[1]->store();
$existUser = eZUser::fetch($userID);
$existUser->setAttribute('email', $email);
$existUser->setAttribute('password_hash', "");
$existUser->setAttribute('password_hash_type', 0);
$existUser->store();
if ($defaultUserPlacement != $parentNodeID) {
$newVersion = $contentObject->createNewVersion();
$newVersion->assignToNode($defaultUserPlacement, 1);
$newVersion->removeAssignment($parentNodeID);
$newVersionNr = $newVersion->attribute('version');
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $userID, 'version' => $newVersionNr));
}
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($existUser, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
$db->commit();
return $existUser;
}
} else {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
return false;
}
}
}
fclose($handle);
}
}
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
return false;
}
/**
* Unit test for eZUser::createHash()
* @dataProvider hashDataProvider
*/
public function testCreateHash($user, $password, $site, $type, $hash, $expected)
{
$this->assertSame($expected, eZUser::createHash($user, $password, $site, $type, $hash));
}
/**
* Imports a value to an attribute adapting it to the proper type.
* Not written by me, downloaded from ez.no! Extended it only!
* @param data The value (string/int/float).
* @param contentObjectAttribute The attribute to modify.
*/
function importAttribute($data, &$contentObjectAttribute)
{
$contentClassAttribute = $contentObjectAttribute->attribute('contentclass_attribute');
$dataTypeString = $contentClassAttribute->attribute('data_type_string');
ezDebug::writeDebug("Converting " . $data . " to expected " . $dataTypeString);
switch ($dataTypeString) {
case 'ezfloat':
case 'ezprice':
$contentObjectAttribute->setAttribute('data_float', $data);
$contentObjectAttribute->store();
break;
case 'ezboolean':
case 'ezdate':
case 'ezdatetime':
case 'ezinteger':
case 'ezsubtreesubscription':
case 'eztime':
$contentObjectAttribute->setAttribute('data_int', $data);
$contentObjectAttribute->store();
break;
case 'ezobjectrelation':
// $data is contentobject_id to relate to
// $oldData = $contentObjectAttribute->attribute( 'data_int' );
$contentObjectAttribute->setAttribute('data_int', $data);
$contentObjectAttribute->store();
$object = $contentObjectAttribute->object();
$contentObjectVersion = $contentObjectAttribute->attribute('version');
$contentClassAttributeID = $contentObjectAttribute->attribute('contentclassattribute_id');
// Problem with translations if removing old relations ?!
// $object->removeContentObjectRelation( $oldData, $contentObjectVersion, $contentClassAttributeID, eZContentObject::RELATION_ATTRIBUTE );
$object->addContentObjectRelation($data, $contentObjectVersion, $contentClassAttributeID, RELATION_ATTRIBUTE);
break;
case 'ezurl':
$urlID = eZURL::registerURL($data);
$contentObjectAttribute->setAttribute('data_int', $urlID);
// Fall through to set data_text
// Fall through to set data_text
case 'ezemail':
case 'ezisbn':
case 'ezstring':
case 'eztext':
$contentObjectAttribute->setAttribute('data_text', $data);
$contentObjectAttribute->store();
break;
case 'ezxmltext':
/* $parser = new eZXMLInputParser();
$document = $parser->process( $data );
$data = eZXMLTextType::domString( $document );
$contentObjectAttribute->fromString( $data );*/
$contentObjectAttribute->setAttribute('data_text', $data);
$contentObjectAttribute->store();
break;
// case 'ezimage':
// $this->saveImage( $data, $contentObjectAttribute );
// break;
// case 'ezbinaryfile':
// $this->saveFile( $data, $contentObjectAttribute );
// break;
// case 'ezenum':
//removed enum - function can be found at ez.no
// break;
// case 'ezimage':
// $this->saveImage( $data, $contentObjectAttribute );
// break;
// case 'ezbinaryfile':
// $this->saveFile( $data, $contentObjectAttribute );
// break;
// case 'ezenum':
//removed enum - function can be found at ez.no
// break;
case 'ezuser':
// $data is assumed to be an associative array( login, password, email );
$user = new eZUser($contentObjectAttribute->attribute('contentobject_id'));
if (isset($data['login'])) {
$user->setAttribute('login', $data['login']);
}
if (isset($data['email'])) {
$user->setAttribute('email', $data['email']);
}
if (isset($data['password'])) {
$hashType = eZUser::hashType() . '';
$newHash = $user->createHash($data['login'], $data['password'], eZUser::site(), $hashType);
$user->setAttribute('password_hash_type', $hashType);
$user->setAttribute('password_hash', $newHash);
}
$user->store();
break;
default:
die('Can not store ' . $data . ' as datatype: ' . $dataTypeString);
}
}
static function loginUser($login, $password, $authenticationMatch = false)
{
$http = eZHTTPTool::instance();
$db = eZDB::instance();
if ($authenticationMatch === false) {
$authenticationMatch = eZUser::authenticationMatch();
}
$loginEscaped = $db->escapeString($login);
$passwordEscaped = $db->escapeString($password);
$loginLdapEscaped = self::ldap_escape($login);
$loginArray = array();
if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) {
$loginArray[] = "login='******'";
}
if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) {
$loginArray[] = "email='{$loginEscaped}'";
}
if (count($loginArray) == 0) {
$loginArray[] = "login='******'";
}
$loginText = implode(' OR ', $loginArray);
$contentObjectStatus = eZContentObject::STATUS_PUBLISHED;
$ini = eZINI::instance();
$LDAPIni = eZINI::instance('ldap.ini');
$databaseName = $db->databaseName();
// if mysql
if ($databaseName === 'mysql') {
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )";
} else {
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ezcontentobject.id=contentobject_id";
}
$users = $db->arrayQuery($query);
$exists = false;
if (count($users) >= 1) {
foreach ($users as $userRow) {
$userID = $userRow['contentobject_id'];
$hashType = $userRow['password_hash_type'];
$hash = $userRow['password_hash'];
$exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash);
// If hash type is MySql
if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') {
$queryMysqlUser = "******";
$mysqlUsers = $db->arrayQuery($queryMysqlUser);
if (count($mysqlUsers) >= 1) {
$exists = true;
}
}
eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash");
eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash");
// If current user has been disabled after a few failed login attempts.
$canLogin = eZUser::isEnabledAfterFailedLogin($userID);
if ($exists) {
// We should store userID for warning message.
$GLOBALS['eZFailedLoginAttemptUserID'] = $userID;
$userSetting = eZUserSetting::fetch($userID);
$isEnabled = $userSetting->attribute("is_enabled");
if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') {
$hashType = eZUser::hashType();
$hash = eZUser::createHash($login, $password, eZUser::site(), $hashType);
$db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'");
}
break;
}
}
}
if ($exists and $isEnabled and $canLogin) {
eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row');
$user = new eZUser($userRow);
eZDebugSetting::writeDebug('kernel-user', $user, 'user');
$userID = $user->attribute('contentobject_id');
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($user, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
return $user;
} else {
if ($LDAPIni->variable('LDAPSettings', 'LDAPEnabled') === 'true') {
// read LDAP ini settings
// and then try to bind to the ldap server
$LDAPDebugTrace = $LDAPIni->variable('LDAPSettings', 'LDAPDebugTrace') === 'enabled';
$LDAPVersion = $LDAPIni->variable('LDAPSettings', 'LDAPVersion');
$LDAPServer = $LDAPIni->variable('LDAPSettings', 'LDAPServer');
$LDAPPort = $LDAPIni->variable('LDAPSettings', 'LDAPPort');
$LDAPFollowReferrals = (int) $LDAPIni->variable('LDAPSettings', 'LDAPFollowReferrals');
$LDAPBaseDN = $LDAPIni->variable('LDAPSettings', 'LDAPBaseDn');
$LDAPBindUser = $LDAPIni->variable('LDAPSettings', 'LDAPBindUser');
$LDAPBindPassword = $LDAPIni->variable('LDAPSettings', 'LDAPBindPassword');
$LDAPSearchScope = $LDAPIni->variable('LDAPSettings', 'LDAPSearchScope');
$LDAPLoginAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPLoginAttribute'));
$LDAPFirstNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPFirstNameAttribute'));
$LDAPFirstNameIsCN = $LDAPIni->variable('LDAPSettings', 'LDAPFirstNameIsCommonName') === 'true';
$LDAPLastNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPLastNameAttribute'));
$LDAPEmailAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPEmailAttribute'));
$defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement");
$LDAPUserGroupAttributeType = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPUserGroupAttributeType'));
$LDAPUserGroupAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPUserGroupAttribute'));
if ($LDAPIni->hasVariable('LDAPSettings', 'Utf8Encoding')) {
$Utf8Encoding = $LDAPIni->variable('LDAPSettings', 'Utf8Encoding');
if ($Utf8Encoding == "true") {
$isUtf8Encoding = true;
} else {
$isUtf8Encoding = false;
}
} else {
$isUtf8Encoding = false;
}
if ($LDAPIni->hasVariable('LDAPSettings', 'LDAPSearchFilters')) {
$LDAPFilters = $LDAPIni->variable('LDAPSettings', 'LDAPSearchFilters');
}
if ($LDAPIni->hasVariable('LDAPSettings', 'LDAPUserGroupType') and $LDAPIni->hasVariable('LDAPSettings', 'LDAPUserGroup')) {
$LDAPUserGroupType = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroupType');
$LDAPUserGroup = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroup');
}
$LDAPFilter = "( &";
if (count($LDAPFilters) > 0) {
foreach (array_keys($LDAPFilters) as $key) {
$LDAPFilter .= "(" . $LDAPFilters[$key] . ")";
}
}
$LDAPEqualSign = trim($LDAPIni->variable('LDAPSettings', "LDAPEqualSign"));
$LDAPBaseDN = str_replace($LDAPEqualSign, "=", $LDAPBaseDN);
$LDAPFilter = str_replace($LDAPEqualSign, "=", $LDAPFilter);
$LDAPBindUser = str_replace($LDAPEqualSign, "=", $LDAPBindUser);
if ($LDAPDebugTrace) {
$debugArray = array('stage' => '1/5: Connecting and Binding to LDAP server', 'LDAPServer' => $LDAPServer, 'LDAPPort' => $LDAPPort, 'LDAPBindUser' => $LDAPBindUser, 'LDAPVersion' => $LDAPVersion);
// Set debug trace mode for ldap connections
if (function_exists('ldap_set_option')) {
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
}
eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
}
if (function_exists('ldap_connect')) {
$ds = ldap_connect($LDAPServer, $LDAPPort);
} else {
$ds = false;
}
if ($ds) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $LDAPVersion);
ldap_set_option($ds, LDAP_OPT_REFERRALS, $LDAPFollowReferrals);
if ($LDAPBindUser == '') {
$r = ldap_bind($ds);
} else {
$r = ldap_bind($ds, $LDAPBindUser, $LDAPBindPassword);
}
if (!$r) {
// Increase number of failed login attempts.
eZDebug::writeError('Cannot bind to LDAP server, might be something wronge with connetion or bind user!', __METHOD__);
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
$user = false;
return $user;
}
$LDAPFilter .= "({$LDAPLoginAttribute}={$loginLdapEscaped})";
$LDAPFilter .= ")";
ldap_set_option($ds, LDAP_OPT_SIZELIMIT, 0);
ldap_set_option($ds, LDAP_OPT_TIMELIMIT, 0);
$retrieveAttributes = array($LDAPLoginAttribute, $LDAPFirstNameAttribute, $LDAPLastNameAttribute, $LDAPEmailAttribute);
if ($LDAPUserGroupAttributeType) {
$retrieveAttributes[] = $LDAPUserGroupAttribute;
}
if ($LDAPDebugTrace) {
$debugArray = array('stage' => '2/5: finding user', 'LDAPFilter' => $LDAPFilter, 'retrieveAttributes' => $retrieveAttributes, 'LDAPSearchScope' => $LDAPSearchScope, 'LDAPBaseDN' => $LDAPBaseDN);
eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
}
if ($LDAPSearchScope == "one") {
$sr = ldap_list($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes);
} else {
if ($LDAPSearchScope == "base") {
$sr = ldap_read($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes);
} else {
$sr = ldap_search($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes);
}
}
$info = ldap_get_entries($ds, $sr);
if ($info['count'] > 1) {
// More than one user with same uid, not allow login.
eZDebug::writeWarning('More then one user with same uid, not allowed to login!', __METHOD__);
$user = false;
return $user;
} else {
if ($info['count'] < 1) {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
// user DN was not found
eZDebug::writeWarning('User DN was not found!', __METHOD__);
$user = false;
return $user;
} else {
if ($LDAPDebugTrace) {
$debugArray = array('stage' => '3/5: real authentication of user', 'info' => $info);
eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
}
}
}
if (!$password) {
$password = crypt(microtime());
}
// is it real authenticated LDAP user?
if (!@ldap_bind($ds, $info[0]['dn'], $password)) {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
eZDebug::writeWarning("User {$userID} failed to login!", __METHOD__);
$user = false;
return $user;
}
$extraNodeAssignments = array();
$userGroupClassID = $ini->variable("UserSettings", "UserGroupClassID");
// default user group assigning
if ($LDAPUserGroupType != null) {
if ($LDAPUserGroupType == "name") {
if (is_array($LDAPUserGroup)) {
foreach (array_keys($LDAPUserGroup) as $key) {
$groupName = $db->escapeString($LDAPUserGroup[$key]);
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name like '{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0 and $key == 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
} else {
if (count($groupObject) > 0) {
$extraNodeAssignments[] = $groupObject[0]['node_id'];
}
}
}
} else {
$groupName = $db->escapeString($LDAPUserGroup);
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name like '{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
}
}
} else {
if ($LDAPUserGroupType == "id") {
if (is_array($LDAPUserGroup)) {
foreach (array_keys($LDAPUserGroup) as $key) {
$groupID = $LDAPUserGroup[$key];
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0 and $key == 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
} else {
if (count($groupObject) > 0) {
$extraNodeAssignments[] = $groupObject[0]['node_id'];
}
}
}
} else {
$groupID = $LDAPUserGroup;
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
}
}
}
}
}
// read group mapping LDAP settings
$LDAPGroupMappingType = $LDAPIni->variable('LDAPSettings', 'LDAPGroupMappingType');
$LDAPUserGroupMap = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroupMap');
if (!is_array($LDAPUserGroupMap)) {
$LDAPUserGroupMap = array();
}
// group mapping constants
$ByMemberAttribute = 'SimpleMapping';
// by group's member attributes (with mapping)
$ByMemberAttributeHierarhicaly = 'GetGroupsTree';
// by group's member attributes hierarhically
$ByGroupAttribute = 'UseGroupAttribute';
// by user's group attribute (old style)
$groupMappingTypes = array($ByMemberAttribute, $ByMemberAttributeHierarhicaly, $ByGroupAttribute);
$userData =& $info[0];
// default mapping using old style
if (!in_array($LDAPGroupMappingType, $groupMappingTypes)) {
$LDAPGroupMappingType = $ByGroupAttribute;
}
if ($LDAPDebugTrace) {
$debugArray = array('stage' => '4/5: group mapping init', 'LDAPUserGroupType' => $LDAPUserGroupType, 'LDAPGroupMappingType' => $LDAPGroupMappingType, 'LDAPUserGroup' => $LDAPUserGroup, 'defaultUserPlacement' => $defaultUserPlacement, 'extraNodeAssignments' => $extraNodeAssignments);
eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
}
if ($LDAPGroupMappingType == $ByMemberAttribute or $LDAPGroupMappingType == $ByMemberAttributeHierarhicaly) {
$LDAPGroupBaseDN = $LDAPIni->variable('LDAPSettings', 'LDAPGroupBaseDN');
$LDAPGroupBaseDN = str_replace($LDAPEqualSign, '=', $LDAPGroupBaseDN);
$LDAPGroupClass = $LDAPIni->variable('LDAPSettings', 'LDAPGroupClass');
$LDAPGroupNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupNameAttribute'));
$LDAPGroupMemberAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupMemberAttribute'));
$LDAPGroupDescriptionAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupDescriptionAttribute'));
$groupSearchingDepth = $LDAPGroupMappingType == '1' ? 1 : 1000;
// now, get all parents for currently ldap authenticated user
$requiredParams = array();
$requiredParams['LDAPLoginAttribute'] = $LDAPLoginAttribute;
$requiredParams['LDAPGroupBaseDN'] = $LDAPGroupBaseDN;
$requiredParams['LDAPGroupClass'] = $LDAPGroupClass;
$requiredParams['LDAPGroupNameAttribute'] = $LDAPGroupNameAttribute;
$requiredParams['LDAPGroupMemberAttribute'] = $LDAPGroupMemberAttribute;
$requiredParams['LDAPGroupDescriptionAttribute'] = $LDAPGroupDescriptionAttribute;
$requiredParams['ds'] =& $ds;
if ($LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId') !== '') {
$requiredParams['TopUserGroupNodeID'] = $LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId');
} else {
$requiredParams['TopUserGroupNodeID'] = 5;
}
$groupsTree = array();
$stack = array();
$newfilter = '(&(objectClass=' . $LDAPGroupClass . ')(' . $LDAPGroupMemberAttribute . '=' . $userData['dn'] . '))';
$groupsTree[$userData['dn']] = array('data' => &$userData, 'parents' => array(), 'children' => array());
eZLDAPUser::getUserGroupsTree($requiredParams, $newfilter, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth);
$userRecord =& $groupsTree[$userData['dn']];
if ($LDAPGroupMappingType == $ByMemberAttribute) {
if (count($userRecord['parents']) > 0) {
$remappedGroupNames = array();
foreach (array_keys($userRecord['parents']) as $key) {
$parentGroup =& $userRecord['parents'][$key];
if (isset($parentGroup['data'][$LDAPGroupNameAttribute])) {
$ldapGroupName = $parentGroup['data'][$LDAPGroupNameAttribute];
if (is_array($ldapGroupName)) {
$ldapGroupName = $ldapGroupName['count'] > 0 ? $ldapGroupName[0] : '';
}
// remap group name and check that group exists
if (array_key_exists($ldapGroupName, $LDAPUserGroupMap)) {
$remmapedGroupName = $db->escapeString($LDAPUserGroupMap[$ldapGroupName]);
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name like '{$remmapedGroupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}";
$groupRow = $db->arrayQuery($groupQuery);
if (count($groupRow) > 0) {
$userRecord['new_parents'][] = $groupRow[0]['node_id'];
}
}
}
}
}
} else {
if ($LDAPGroupMappingType == $ByMemberAttributeHierarhicaly) {
$stack = array();
self::goAndPublishGroups($requiredParams, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth, true);
}
}
if (isset($userRecord['new_parents']) and count($userRecord['new_parents']) > 0) {
$defaultUserPlacement = $userRecord['new_parents'][0];
$extraNodeAssignments = array_merge($extraNodeAssignments, $userRecord['new_parents']);
}
} else {
if ($LDAPGroupMappingType == $ByGroupAttribute) {
if ($LDAPUserGroupAttributeType) {
// Should we create user groups that are specified in LDAP, but not found in eZ Publish?
$createMissingGroups = $LDAPIni->variable('LDAPSettings', 'LDAPCreateMissingGroups') === 'enabled';
if ($LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId') !== '') {
$parentNodeID = $LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId');
} else {
$parentNodeID = 5;
}
$groupAttributeCount = $info[0][$LDAPUserGroupAttribute]['count'];
if ($LDAPUserGroupAttributeType == "name") {
for ($i = 0; $i < $groupAttributeCount; $i++) {
if ($isUtf8Encoding) {
$groupName = utf8_decode($info[0][$LDAPUserGroupAttribute][$i]);
} else {
$groupName = $info[0][$LDAPUserGroupAttribute][$i];
}
// Save group node id to either defaultUserPlacement or extraNodeAssignments
self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID);
}
} else {
if ($LDAPUserGroupAttributeType == "id") {
for ($i = 0; $i < $groupAttributeCount; $i++) {
if ($isUtf8Encoding) {
$groupID = utf8_decode($info[0][$LDAPUserGroupAttribute][$i]);
} else {
$groupID = $info[0][$LDAPUserGroupAttribute][$i];
}
$groupName = "LDAP {$groupID}";
// Save group node id to either defaultUserPlacement or extraNodeAssignments
self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID);
}
} else {
if ($LDAPUserGroupAttributeType == "dn") {
for ($i = 0; $i < $groupAttributeCount; $i++) {
$groupDN = $info[0][$LDAPUserGroupAttribute][$i];
$groupName = self::getGroupNameByDN($ds, $groupDN);
if ($groupName) {
// Save group node id to either defaultUserPlacement or extraNodeAssignments
self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID);
}
}
} else {
eZDebug::writeError("Bad LDAPUserGroupAttributeType '{$LDAPUserGroupAttributeType}'. It must be either 'name', 'id' or 'dn'.", __METHOD__);
$user = false;
return $user;
}
}
}
}
}
}
// remove ' last_name' from first_name if cn is used for first name
if ($LDAPFirstNameIsCN && isset($userData[$LDAPFirstNameAttribute]) && isset($userData[$LDAPLastNameAttribute])) {
$userData[$LDAPFirstNameAttribute][0] = str_replace(' ' . $userData[$LDAPLastNameAttribute][0], '', $userData[$LDAPFirstNameAttribute][0]);
}
if (isset($userData[$LDAPEmailAttribute])) {
$LDAPuserEmail = $userData[$LDAPEmailAttribute][0];
} else {
if (trim($LDAPIni->variable('LDAPSettings', 'LDAPEmailEmptyAttributeSuffix'))) {
$LDAPuserEmail = $login . $LDAPIni->variable('LDAPSettings', 'LDAPEmailEmptyAttributeSuffix');
} else {
$LDAPuserEmail = false;
}
}
$userAttributes = array('login' => $login, 'first_name' => isset($userData[$LDAPFirstNameAttribute]) ? $userData[$LDAPFirstNameAttribute][0] : false, 'last_name' => isset($userData[$LDAPLastNameAttribute]) ? $userData[$LDAPLastNameAttribute][0] : false, 'email' => $LDAPuserEmail);
if ($LDAPDebugTrace) {
$debugArray = array('stage' => '5/5: storing user', 'userAttributes' => $userAttributes, 'isUtf8Encoding' => $isUtf8Encoding, 'defaultUserPlacement' => $defaultUserPlacement, 'extraNodeAssignments' => $extraNodeAssignments);
eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
}
$oldUser = clone eZUser::currentUser();
$existingUser = eZLDAPUser::publishUpdateUser($extraNodeAssignments, $defaultUserPlacement, $userAttributes, $isUtf8Encoding);
if (is_object($existingUser)) {
eZUser::setCurrentlyLoggedInUser($existingUser, $existingUser->attribute('contentobject_id'));
} else {
eZUser::setCurrentlyLoggedInUser($oldUser, $oldUser->attribute('contentobject_id'));
}
ldap_close($ds);
return $existingUser;
} else {
eZDebug::writeError('Cannot initialize connection for LDAP server', __METHOD__);
$user = false;
return $user;
}
} else {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
eZDebug::writeWarning('User does not exist or LDAP is not enabled in php', __METHOD__);
$user = false;
return $user;
}
}
}
/**
* Helper method that creates a new user.
* Currently only creates in users/guest_accounts.
* First and last name will be a splitup of username
*
* @param string $username
* @param string $password If not provided, uses the username as password
* @param string $email If not provided, uses '<username><at>test.ez.no'
*
* @return eZContentObject
*/
protected static function createUser($username, $password = false, $email = false)
{
$firstname = substr($username, 0, floor(strlen($username) / 2));
$lastname = substr($username, ceil(strlen($username) / 2));
if ($email === false) {
$email = "{$username}@test.ez.no";
}
if ($password === false) {
$password = $username;
}
$user = new ezpObject('user', eZContentObjectTreeNode::fetchByPath('users/guest_accounts'));
$user->first_name = $firstname;
$user->last_name = $lastname;
$user->user_account = $account = sprintf('%s|%s|%s|%d', $username, $email, eZUser::createHash($username, $password, eZUser::site(), eZUser::PASSWORD_HASH_MD5_USER), eZUser::PASSWORD_HASH_MD5_USER);
$user->publish();
$user->refresh();
return $user->object;
}
$validationResult = ngConnectUserActivation::validateUserInput($http);
if ($validationResult['status'] == 'success') {
$user = ngConnectFunctions::createUser($authResult);
if ($user instanceof eZUser) {
$login = trim($http->postVariable('data_user_login'));
$email = trim($http->postVariable('data_user_email'));
$password = trim($http->postVariable('data_user_password'));
if (empty($password) && $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true') {
$password = $user->createPassword($siteINI->variable('UserSettings', 'GeneratePasswordLength'));
}
// we created the new account, but still need to set things up so users can login using a regular login form
$db = eZDB::instance();
$db->begin();
$user->setAttribute('login', $login);
$user->setAttribute('email', $email);
$user->setAttribute('password_hash', eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType()));
$user->setAttribute('password_hash_type', eZUser::hashType());
$user->store();
ngConnectFunctions::connectUser($user->ContentObjectID, $authResult['login_method'], $authResult['id']);
$db->commit();
$http->removeSessionVariable('NGConnectStartedRegistration');
$http->removeSessionVariable('NGConnectAuthResult');
$http->removeSessionVariable('NGConnectForceRedirect');
$verifyUserType = $siteINI->variable('UserSettings', 'VerifyUserType');
if ($verifyUserType === 'email' && $siteINI->hasVariable('UserSettings', 'VerifyUserEmail') && $siteINI->variable('UserSettings', 'VerifyUserEmail') !== 'enabled') {
$verifyUserType = false;
}
if ($authResult['email'] == '' || $email != $authResult['email'] && $verifyUserType) {
// we only validate the account if no email was provided by social network or entered email is not the same
// as the one from social network and if email verification is active of course
ngConnectUserActivation::processUserActivation($user, $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true' ? $password : false);
protected function getUserAccountString($login, $email)
{
$password = eZUser::createPassword(8);
$passwordHash = eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType());
return $login . '|' . $email . '|' . $passwordHash . '|' . eZUser::passwordHashTypeName(eZUser::hashType());
}
/**
* Validates the input from the object edit form concerning this attribute.
*
* @param mixed $http Class eZHTTPTool.
* @param string $base Seems to be always 'ContentObjectAttribute'.
* @param mixed $contentObjectAttribute Class eZContentObjectAttribute.
*
* @return int eZInputValidator::STATE_INVALID/STATE_ACCEPTED
*/
public function validateObjectAttributeHTTPInput($http, $base, $contentObjectAttribute)
{
if ($http->hasPostVariable($base . '_ymcmschapv2_data_text_' . $contentObjectAttribute->attribute('id'))) {
$data = $http->postVariable($base . '_ymcmschapv2_data_text_' . $contentObjectAttribute->attribute('id'));
$classAttribute = $contentObjectAttribute->contentClassAttribute();
if ($data == "") {
if ($contentObjectAttribute->validateIsRequired()) {
$contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'Input required.'));
return eZInputValidator::STATE_INVALID;
}
} else {
$maxLen = $classAttribute->attribute(self::MAX_LEN_FIELD);
$textCodec = eZTextCodec::instance(false);
if ($textCodec->strlen($data) > $maxLen and $maxLen > 0) {
$contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'The input text is too long. The maximum number of characters allowed is %1.'), $maxLen);
return eZInputValidator::STATE_INVALID;
}
$minLen = $classAttribute->attribute(self::MIN_LEN_FIELD);
if ($textCodec->strlen($data) < $minLen and $minLen > 0) {
$contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'The input text is too short. The minimum number of characters is %1.'), $minLen);
return eZInputValidator::STATE_INVALID;
}
//Make the user input asomething different from his normal password //start
//ToDo: Do not return valid if the user has changed his pwassword but the new password is not in the "_POST-Array...
$found_login = false;
$found_password = false;
//ToDO: Don't walk through the $_POST-array...
foreach ($_POST as $key => $content) {
if (strpos($key, '_data_user_login_') != false and $content != '') {
$found_login = $content;
} else {
if (strpos($key, '_data_user_password_') != false and $content != '') {
$found_password = $content;
}
}
}
if ($found_password !== false and $found_password == $data) {
$contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'This has to be different from your new user account password.'));
return eZInputValidator::STATE_INVALID;
} else {
$objectID = $contentObjectAttribute->attribute('contentobject_id');
include_once "kernel/classes/datatypes/ezuser/ezuser.php";
$user = eZUser::fetch($objectID);
if (is_object($user)) {
if ($found_login === false) {
$found_login = $user->attribute('login');
}
$passHash = eZUser::createHash($found_login, $data, eZUser::site(), $user->attribute('password_hash_type'));
if ($passHash == $user->attribute('password_hash')) {
$contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'This has to be different from your current user account password.'));
return eZInputValidator::STATE_INVALID;
}
}
}
//Make the user input asomething different from his normal password //end
return eZInputValidator::STATE_ACCEPTED;
}
}
return eZInputValidator::STATE_ACCEPTED;
}