public function authenticate($username, $password) { $this->username = $username; if (strlen($password) == 0) { // LDAP will succeed binding with no password on AD // (defaults to anon bind) return false; } $rs = ldap_connect($this->ldap_host, $this->ldap_port); if ($rs) { ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); ldap_set_option($rs, LDAP_OPT_REFERRALS, 0); $ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass; $ldap_bind_dn = $this->ldap_search_user; if (ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) { $filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8'); $result = ldap_search($rs, $this->base_dn, $filter_r); if ($result) { $result_user = ldap_get_entries($rs, $result); if ($result_user['count'] != 0) { $first_user = $result_user[0]; $ldap_user_dn = $first_user['dn']; // Bind with the dn of the user that matched our filter // (only one user should match sAMAccountName or uid etc..) if (ldap_bind($rs, $ldap_user_dn, $password)) { if ($this->userExists($username)) { // Update password if different $tmpUser = new CUser(); $tmpUser->load($this->userId($username)); $hash_pass = $this->hashPassword($password); if ($hash_pass != $tmpUser->user_password) { $tmpUser->user_password = $hash_pass; $tmpUser->store(); } return true; } else { $this->createsqluser($username, $password, $first_user); } return true; } } } } } if ($this->fallback == true) { $sqlAuth = new w2p_Authenticators_SQL(); return $sqlAuth->authenticate($username, $password); } return false; }
protected function hook_preUpdate() { $this->perm_func = 'updateLogin'; $tmpUser = new CUser(); $tmpUser->overrideDatabase($this->_query); $tmpUser->load($this->user_id); if ('' == trim($this->user_password)) { $this->user_password = $tmpUser->user_password; } elseif ($tmpUser->user_password != $this->authenticator->hashPassword($this->user_password)) { $this->user_password = $this->authenticator->hashPassword($this->user_password); } else { $this->user_password = $tmpUser->user_password; } parent::hook_preUpdate(); }
$contact->contact_private = 1; $contact->store(); } } } else { $AppUI->setMsg('failed to delete role', UI_MSG_ERROR); } } else { if ($user_role) { $public_contact = false; if (dPgetConfig('user_contact_activate') && !$perms->checkLogin($user_id)) { $public_contact = true; } if ($perms->insertUserRole($user_role, $user_id)) { $AppUI->setMsg('added', UI_MSG_OK, true); if ($public_contact) { // Mark contact as public $obj = new CUser(); $contact = new CContact(); $obj->load($user_id); if ($contact->load($obj->user_contact)) { $contact->contact_private = 0; $contact->store(); } } } else { $AppUI->setMsg('failed to add role', UI_MSG_ERROR); } } } $AppUI->redirect();
die('You should not access this file directly.'); } $del = isset($_REQUEST['del']) ? w2PgetParam($_REQUEST, 'del', false) : false; $notify_new_user = isset($_POST['notify_new_user']) ? $_POST['notify_new_user'] : 0; $perms =& $AppUI->acl(); if (!$perms->checkModule('admin', 'edit')) { $AppUI->redirect('m=public&a=access_denied'); } if (!$perms->checkModule('users', 'edit')) { $AppUI->redirect('m=public&a=access_denied'); } // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('Roles'); if ($_REQUEST['user_id']) { $user = new CUser(); $user->load($_REQUEST['user_id']); $contact = new CContact(); $contact->load($user->user_contact); } if ($del) { if ($perms->deleteUserRole(w2PgetParam($_REQUEST, 'role_id', 0), w2PgetParam($_REQUEST, 'user_id', 0))) { $AppUI->setMsg('deleted', UI_MSG_ALERT, true); $AppUI->redirect(); } else { $AppUI->setMsg('failed to delete role', UI_MSG_ERROR); $AppUI->redirect(); } return; } if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) { if ($perms->insertUserRole($_REQUEST['user_role'], $_REQUEST['user_id'])) {
public function authenticate($username, $password) { global $w2Pconfig; $this->username = $username; if (strlen($password) == 0) { return false; // LDAP will succeed binding with no password on AD (defaults to anon bind) } if ($rs = ldap_connect($this->ldap_host, $this->ldap_port)) { ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); ldap_set_option($rs, LDAP_OPT_REFERRALS, 0); if ('' == $this->ldap_complete_string) { /* * This should be compliant with the old/previous LDAP settings * that we've used all along. */ if (strpos($this->ldap_search_user, 'CN=') === false) { $ldap_bind_dn = 'CN=' . $this->ldap_search_user . ',OU=Users,' . $this->base_dn; } else { $ldap_bind_dn = $this->ldap_search_user . ',' . $this->base_dn; } } else { /* * In case the LDAP configuration is different than expected, * we can configure a completely custom one. */ $ldap_bind_dn = $this->ldap_complete_string; } $ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass; if ($bindok = ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) { $filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8'); $result = ldap_search($rs, $this->base_dn, $filter_r); if ($result) { $result_user = ldap_get_entries($rs, $result); if ($result_user['count'] != 0) { $first_user = $result_user[0]; $ldap_user_dn = $first_user['dn']; // Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..) if ($bind_user = ldap_bind($rs, $ldap_user_dn, $password)) { if ($this->userExists($username)) { // Update password if different $tmpUser = new CUser(); $tmpUser->load($this->userId($username)); $hash_pass = MD5($password); if ($hash_pass != $tmpUser->user_password) { $tmpUser->user_password = $hash_pass; $tmpUser->store(); } return true; } else { $this->createsqluser($username, $password, $first_user); } return true; } } } } } if ($this->fallback == true) { return parent::authenticate($username, $password); } return false; }
<?php /** * $Id: ajax_vw_user_authentications.php 25142 2014-10-07 12:16:51Z phenxdesign $ * * @category Admin * @package Mediboard * @author SARL OpenXtrem <*****@*****.**> * @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html * @version $Revision: 25142 $ * @link http://www.mediboard.org */ CCanDo::checkEdit(); // Récuperation de l'utilisateur sélectionné $user_id = CValue::get("user_id"); $start = CValue::get("start"); $user = new CUser(); $user->load($user_id); $user->countConnections(); $user_authentication = new CUserAuthentication(); $ds = $user_authentication->getDS(); $where = array("user_id" => $ds->prepare("= ?", $user_id)); $limit = intval($start) . ", 30"; $list = $user_authentication->loadList($where, "datetime_login DESC", $limit); $smarty = new CSmartyDP(); $smarty->assign("list", $list); $smarty->assign("user", $user); $smarty->display("inc_vw_user_authentications.tpl");
/** * Search and map a user inside the LDAP * * @param CUser $user * @param CSourceLDAP $source_ldap * @param resource $ldapconn * @param string $person [optional] * @param string $filter [optional] * @param boolean $force_create [optional] * * @return CUser */ static function searchAndMap(CUser $user, CSourceLDAP $source_ldap, $ldapconn, $person = null, $filter = null, $force_create = false) { if (!$person) { $person = $user->user_username; } $person = utf8_encode($person); if (!$filter) { $filter = "(samaccountname={$person})"; } $results = $source_ldap->ldap_search($ldapconn, $filter); if (!$results || $results["count"] == 0) { $user->_bound = false; $user->_count_ldap = 0; return $user; } if ($results["count"] > 1) { throw new CMbException("CSourceLDAP_too-many-results"); } $results = $results[0]; $idex = new CIdSante400(); $idex->tag = CAppUI::conf("admin LDAP ldap_tag"); $idex->object_class = "CUser"; $idex->id400 = self::getObjectGUID($results); $idex->loadMatchingObject(); // On sauvegarde le password renseigné $user_password = $user->user_password; $_user_password = $user->_user_password; // objectguid retrouvé on charge le user if ($idex->_id) { $user = new CUser(); $user->load($idex->object_id); } else { // objectguid non retrouvé on associe à l'user courant l'objectguid // Si on est pas en mode création on le recherche if (!$force_create) { // Suppression du password pour le loadMatchingObject $user->user_password = null; $user->_user_password = null; $user->loadMatchingObject(); if (!$user->_id) { throw new CMbException("Auth-failed-user-unknown"); } } } $user->_bound = true; $user = self::mapTo($user, $results); // Save Mediuser variables $actif = $user->_user_actif; $deb_activite = $user->_user_deb_activite; $fin_activite = $user->_user_fin_activite; // Restore User password variables $user->user_password = $user_password; $user->_user_password = $_user_password; if (!$user->user_type) { $user->user_type = 0; } // Pas de profil $user->template = 0; $user->user_login_errors = 0; $user->repair(); $msg = $user->store(); if ($msg) { throw new CMbException($msg); } if (!$force_create && !$user->_ref_mediuser->actif || $force_create && !$actif) { throw new CMbException("Auth-failed-user-deactivated"); } // Restore Mediuser variables $user->_user_actif = $actif; $user->_user_deb_activite = $deb_activite; $user->_user_fin_activite = $fin_activite; $user->_count_ldap = 1; if (!$idex->_id) { $idex->object_id = $user->_id; $idex->last_update = CMbDT::dateTime(); if ($msg = $idex->store()) { throw new CMbException($msg); } } return $user; }
<?php /** * $Id$ * * @category Admin * @package Mediboard * @author SARL OpenXtrem <*****@*****.**> * @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html * @version $Revision$ * @link http://www.mediboard.org */ $forceChange = CView::request("forceChange", "bool"); $lifeDuration = CView::request("lifeDuration", "bool"); CView::checkin(); $user = new CUser(); $user->load(CAppUI::$user->_id); $user->updateSpecs(); $user->isLDAPLinked(); $password_info = CAppUI::$user->_specs['_user_password']->minLength > 4 ? "Le mot de passe doit être composé d'au moins 6 caractères, comprenant des lettres et au moins un chiffre." : "Le mot de passe doit être composé d'au moins 4 caractères."; // Création du template $smarty = new CSmartyDP(); $smarty->assign("user", $user); $smarty->assign("forceChange", $forceChange); $smarty->assign("lifeDuration", $lifeDuration); $smarty->assign("lifetime", CAppUI::conf("admin CUser password_life_duration")); $smarty->assign("pwd_info", $password_info); $smarty->display("change_password.tpl");
/** * @see parent::check() */ function check() { $msg = null; $this->completeField("chir_id", "plageop_id", "sejour_id"); if (!$this->_id && !$this->chir_id) { $msg .= "Praticien non valide "; } // Bornes du séjour $sejour = $this->loadRefSejour(); $this->loadRefPlageOp(); if ($this->_check_bounds && !$this->_forwardRefMerging) { if ($this->plageop_id !== null && !$sejour->entree_reelle) { $date = CMbDT::date($this->_datetime); $entree = CMbDT::date($sejour->entree_prevue); $sortie = CMbDT::date($sejour->sortie_prevue); if (!CMbRange::in($date, $entree, $sortie)) { $msg .= "Intervention du {$date} en dehors du séjour du {$entree} au {$sortie}"; } } } // Vérification de la signature de l'anesthésiste pour la visite de pré-anesthésie if ($this->fieldModified("prat_visite_anesth_id") && $this->prat_visite_anesth_id !== null && $this->prat_visite_anesth_id != CAppUI::$user->_id) { $anesth = new CUser(); $anesth->load($this->prat_visite_anesth_id); if (!CUser::checkPassword($anesth->user_username, $this->_password_visite_anesth)) { $msg .= "Mot de passe incorrect"; } } return $msg . parent::check(); }
/** * @return string error message when necessary, null otherwise */ function copyPermissionsFrom($user_id, $delExistingPerms = false) { if (!$user_id) { return null; } // Copy user type $profile = new CUser(); $profile->load($user_id); $this->user_type = $profile->user_type; if ($msg = $this->store()) { return $msg; } // Delete existing permissions if ($delExistingPerms) { $this->removePerms(); } // Get other user's permissions // Module permissions $perms = new CPermModule(); $perms = $perms->loadList("user_id = '{$user_id}'"); // Copy them foreach ($perms as $perm) { $perm->perm_module_id = null; $perm->user_id = $this->user_id; $perm->store(); } //Object permissions $perms = new CPermObject(); $perms = $perms->loadList("user_id = '{$user_id}'"); // Copy them foreach ($perms as $perm) { $perm->perm_object_id = null; $perm->user_id = $this->user_id; $perm->store(); } return null; }
public function getTaskEmailLog(CTask $task, CTask_Log $log) { $project = new CProject(); $projname = $project->load($task->task_project)->project_name; $contact = new CContact(); $creatorname = $contact->findContactByUserid($log->task_log_creator)->contact_display_name; $body = $this->_AppUI->_('Project', UI_OUTPUT_RAW) . ': ' . $projname . "\n"; if ($task->task_parent != $task->task_id) { $tmpTask = new CTask(); $taskname = $tmpTask->load($task->task_parent)->task_name; $body .= $this->_AppUI->_('Parent Task', UI_OUTPUT_RAW) . ': ' . $taskname . "\n"; } $body .= $this->_AppUI->_('Task', UI_OUTPUT_RAW) . ': ' . $task->task_name . "\n"; $task_types = w2PgetSysVal('TaskType'); $body .= $this->_AppUI->_('Task Type', UI_OUTPUT_RAW) . ':' . $task_types[$task->task_type] . "\n"; $body .= $this->_AppUI->_('URL', UI_OUTPUT_RAW) . ': ' . W2P_BASE_URL . '/index.php?m=tasks&a=view&task_id=' . $task->task_id . "\n\n"; $body .= "------------------------\n\n"; $body .= $this->_AppUI->_('User', UI_OUTPUT_RAW) . ': ' . $creatorname . "\n"; $body .= $this->_AppUI->_('Hours', UI_OUTPUT_RAW) . ': ' . $log->task_log_hours . "\n"; $body .= $this->_AppUI->_('Summary', UI_OUTPUT_RAW) . ': ' . $log->task_log_name . "\n\n"; $body .= $log->task_log_description; $user = new CUser(); $body .= "\n--\n" . $user->load($this->_AppUI->user_id)->user_signature; return $body; }
public function store(CAppUI $AppUI = null) { global $AppUI; $perms = $AppUI->acl(); $stored = false; $this->_error = $this->check(); if (count($this->_error)) { return false; } if ($this->user_id && $perms->checkModuleItem('users', 'edit', $this->user_id)) { $perm_func = 'updateLogin'; $tmpUser = new CUser(); $tmpUser->load($this->user_id); if ('' == trim($this->user_password)) { $this->user_password = $tmpUser->user_password; } elseif ($tmpUser->user_password != md5($this->user_password)) { $this->user_password = md5($this->user_password); } else { $this->user_password = $tmpUser->user_password; } if ($msg = parent::store()) { $this->_error = $msg; return false; } $stored = true; } if (0 == $this->user_id && $perms->checkModuleItem('users', 'add')) { $perm_func = 'addLogin'; $this->user_password = md5($this->user_password); if ($msg = parent::store()) { $this->_error = $msg; return false; } $stored = true; } if ($stored) { $perms->{$perm_func}($this->user_id, $this->user_username); $q = $this->_query; //Lets check if the user has allready default users preferences set, if not insert the default ones $q->addTable('user_preferences', 'upr'); $q->addWhere('upr.pref_user = '******'user_preferences', 'dup'); $q->addWhere('dup.pref_user = 0'); $w2prefs = $q->loadList(); $q->clear(); foreach ($w2prefs as $w2prefskey => $w2prefsvalue) { $q->addTable('user_preferences', 'up'); $q->addInsert('pref_user', $this->user_id); $q->addInsert('pref_name', $w2prefsvalue['pref_name']); $q->addInsert('pref_value', $w2prefsvalue['pref_value']); $q->exec(); $q->clear(); } } return $stored; } return $stored; }
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $user_id = (int) w2PgetParam($_GET, 'user_id', 0); $tab = $AppUI->processIntState('UserVwTab', $_GET, 'tab', 0); $addPwT = $AppUI->processIntState('addProjWithTasks', $_POST, 'add_pwt', 0); $user = new CUser(); if (!$user->load($user_id)) { $AppUI->redirect(ACCESS_DENIED); } $canEdit = $user->canEdit(); $user->loadFull($user_id); global $addPwT, $company_id, $dept_ids, $department, $min_view, $m, $a; if ($user_id != $AppUI->user_id && (!$perms->checkModuleItem('users', 'view', $user_id) || !$perms->checkModuleItem('users', 'view', $user_id))) { $AppUI->redirect(ACCESS_DENIED); } $company_id = $AppUI->getState('UsrProjIdxCompany') !== null ? $AppUI->getState('UsrProjIdxCompany') : $AppUI->user_company; $company_prefix = 'company_'; if (isset($_POST['department'])) { $AppUI->setState('UsrProjIdxDepartment', $_POST['department']); //if department is set, ignore the company_id field unset($company_id); } $department = $AppUI->getState('UsrProjIdxDepartment') !== null ? $AppUI->getState('UsrProjIdxDepartment') : $company_prefix . $AppUI->user_company; //if $department contains the $company_prefix string that it's requesting a company and not a department. So, clear the // $department variable, and populate the $company_id variable. if (!(strpos($department, $company_prefix) === false)) { $company_id = substr($department, strlen($company_prefix)); $AppUI->setState('UsrProjIdxCompany', $company_id);
$module->mod_type = $setup->mod_type; $module->store(); if ($setup->mod_version == $module->mod_version) { CAppUI::setMsg("Installation de '%s' à la version %s", UI_MSG_OK, $module->mod_name, $setup->mod_version); } else { CAppUI::setMsg("Installation de '%s' à la version %s sur %s", UI_MSG_WARNING, $module->mod_name, $module->mod_version, $setup->mod_version); } } else { CAppUI::setMsg("Module '%s' non mis à jour", UI_MSG_WARNING, $module->mod_name); } CModule::loadModules(false); // To force dependency re-evaluation } if (isset($_SESSION["_pass_deferred"]) && CAppUI::$instance->user_id == 1) { $user = new CUser(); $user->load(1); $user->_user_password = $_SESSION["_pass_deferred"]; $user->store(); unset($_SESSION["_pass_deferred"]); } // In case the setup has added some user prefs CAppUI::buildPrefs(); error_reporting($old_er); CAppUI::redirect(); } $module = new CModule(); if ($mod_id) { $module->load($mod_id); $module->checkModuleFiles(); } else { $module->mod_version = "all";
public function createsqluser($username, $password, $ldap_attribs = array()) { $hash_pass = $this->hashPassword($password); $u = new CUser(); $u->user_username = $username; $u->user_password = $hash_pass; $u->user_type = 0; // Changed from 1 (administrator) to 0 (Default user) $u->user_contact = 0; $result = $u->store(null, true); $user_id = $u->user_id; $this->user_id = $user_id; $c = new CContact(); if (count($ldap_attribs)) { // Contact information based on the inetOrgPerson class schema $c->contact_first_name = $ldap_attribs['givenname'][0]; $c->contact_last_name = $ldap_attribs['sn'][0]; $c->contact_city = $ldap_attribs['l'][0]; $c->contact_country = $ldap_attribs['country'][0]; $c->contact_state = $ldap_attribs['st'][0]; $c->contact_zip = $ldap_attribs['postalcode'][0]; $c->contact_job = $ldap_attribs['title'][0]; $c->contact_email = $ldap_attribs['mail'][0]; $c->contact_phone = $ldap_attribs['telephonenumber'][0]; $c->contact_owner = $this->user_id; $result = $c->store(); $contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]); $c->setContactMethods($contactArray); } //we may be able to use the above user element for this but I didnt know how it would handle an update after the store command so I created a new object. $tmpUser = new CUser(); $tmpUser->load($user_id); $tmpUser->user_contact = $this->contactId($user_id); $tmpUser->store(); $acl =& $this->AppUI->acl(); $acl->insertUserRole($acl->get_group_id('normal'), $this->user_id); }