function suspend_submit(Pieform $form, $values)
{
global $SESSION;
suspend_user($values['id'], $values['reason']);
$SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
redirect('/user/view.php?id=' . $values['id']);
}
function suspend_submit(Pieform $form, $values)
{
global $users, $SESSION;
$suspended = 0;
db_begin();
foreach ($users as $user) {
if (!$user->suspendedcusr) {
suspend_user($user->id, $values['reason']);
$suspended++;
}
}
db_commit();
$SESSION->add_ok_msg(get_string('bulksuspenduserssuccess', 'admin', $suspended));
redirect('/admin/users/suspended.php');
}
function edituser_suspend_submit(Pieform $form, $values)
{
global $SESSION, $USER, $user;
if (!$USER->get('admin') && ($user->get('admin') || $user->get('staff'))) {
$SESSION->add_error_msg(get_string('errorwhilesuspending', 'admin'));
} else {
suspend_user($user->get('id'), $values['reason']);
$SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
}
redirect('/admin/users/edit.php?id=' . $user->get('id'));
}
/**
* Attemp to synchronize Users in Mahara with Users in the LDAP server
*
* @param boolean $dryrun dummy execution. Do not perform any database operations
* @return boolean
*/
public function sync_users($dryrun = false)
{
global $CFG;
require_once get_config('docroot') . 'lib/ddl.php';
require_once get_config('docroot') . 'lib/institution.php';
log_info('---------- started usersync for instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------');
// If they haven't activated the cron, return
if (!$this->get_config('syncuserscron')) {
log_info('not set to sync users, so exiting');
return true;
}
// Create a temp table to store the users, for better performance
$temptable = new XMLDBTable('auth_ldap_extusers_temp');
$temptable->addFieldInfo('extusername', XMLDB_TYPE_CHAR, 64, null, false);
$temptable->addFieldInfo('firstname', XMLDB_TYPE_TEXT);
$temptable->addFieldInfo('lastname', XMLDB_TYPE_TEXT);
$temptable->addFieldInfo('email', XMLDB_TYPE_CHAR, 255);
$temptable->addFieldInfo('studentid', XMLDB_TYPE_TEXT);
$temptable->addFieldInfo('preferredname', XMLDB_TYPE_TEXT);
$temptable->addKeyInfo('extusers', XMLDB_KEY_PRIMARY, array('extusername'));
$tablecreated = create_temp_table($temptable, false, true);
if (!$tablecreated) {
log_warn('Could not create temp table auth_ldap_extusers_temp', false);
return false;
}
$extrafilterattribute = $this->get_config('syncusersextrafilterattribute');
$doupdate = $this->get_config('syncusersupdate');
$docreate = $this->get_config('syncuserscreate');
$tousersgonefromldap = $this->get_config('syncusersgonefromldap');
$dodelete = false;
$dosuspend = false;
switch ($tousersgonefromldap) {
case 'delete':
$dodelete = true;
break;
case 'suspend':
$dosuspend = true;
break;
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("config. LDAP : ");
var_dump($this->config);
}
// fetch ldap users having the filter attribute on (caution maybe mutlivalued
// do it on a scalable version by keeping the LDAP users names in a temporary table
$nbldapusers = $this->ldap_get_users_scalable('auth_ldap_extusers_temp', 'extusername', $extrafilterattribute);
log_info('LDAP users found : ' . $nbldapusers);
try {
$nbupdated = $nbcreated = $nbsuspended = $nbdeleted = $nbignored = $nbpresents = $nbunsuspended = $nberrors = 0;
// Define ldap attributes in user update
$ldapattributes = $this->get_ldap_user_fields();
// Match database and ldap entries and update in database if required
$fieldstoimport = array_keys($ldapattributes);
// we fetch only Mahara users of this institution concerned by this authinstance (either cas or ldap)
// and get also their suspended status since we may have to unsuspend them
// this search cannot be done by a call to get_institutional_admin_search_results
// that does not support searching by auth instance id and do not return suspended status
// and is not suitable for a massive number of users
if (!$doupdate) {
log_info('user auto-update disabled');
} else {
// users to update (known both in LDAP and Mahara usr table)
$sql = "\n select\n u.id as id,\n u.username as username,\n u.suspendedreason as suspendedreason,\n u.firstname as dbfirstname,\n u.lastname as dblastname,\n u.email as dbemail,\n u.studentid as dbstudentid,\n u.preferredname as dbpreferredname,\n e.firstname as ldapfirstname,\n e.lastname as ldaplastname,\n e.email as ldapemail,\n e.studentid as ldapstudentid,\n e.preferredname as ldappreferredname\n from\n {usr} u\n inner join {auth_ldap_extusers_temp} e\n on u.username = e.extusername\n where\n u.deleted = 0\n and u.authinstance = ?\n order by u.username\n ";
$rs = get_recordset_sql($sql, array($this->instanceid));
log_info($rs->RecordCount() . ' users known to Mahara ');
while ($record = $rs->FetchRow()) {
$nbpresents++;
$ldapusername = $record['username'];
$updated = false;
foreach ($fieldstoimport as $field) {
$ldapfield = "ldap{$field}";
$dbfield = "db{$field}";
$sanitizer = "sanitize_{$field}";
$record[$ldapfield] = $sanitizer($record[$ldapfield]);
if ($record[$ldapfield] != '' && $record[$dbfield] != $record[$ldapfield]) {
$updated = true;
if (!$dryrun) {
set_profile_field($record['id'], $field, $record[$ldapfield]);
}
}
}
if ($updated) {
log_debug('updating user ' . $ldapusername);
} else {
log_debug('no change for user ' . $ldapusername);
}
if (!$dryrun) {
if (!empty($record['ldapstudentid'])) {
// caution may be missing ?
set_field('usr_institution', 'studentid', $record['ldapstudentid'], 'usr', $record['id'], 'institution', $this->institution);
}
}
unset($ldapdetails);
$nbupdated++;
//unsuspend if was suspended by me at a previous run
if (!empty($record['suspendedreason']) && strstr($record['suspendedreason'], AUTH_LDAP_SUSPENDED_REASON) !== false) {
log_info('unsuspending user ' . $ldapusername);
if (!$dryrun) {
unsuspend_user($record['id']);
}
$nbunsuspended++;
}
}
}
if (!$dosuspend && !$dodelete) {
log_info('user auto-suspend/delete disabled');
} else {
//users to delete /suspend
$sql = "\n SELECT u.id, u.username, u.suspendedreason\n FROM\n {usr} u\n LEFT JOIN {auth_ldap_extusers_temp} e\n ON e.extusername = u.username\n WHERE\n u.authinstance = ?\n AND u.deleted = 0\n AND e.extusername IS NULL\n ORDER BY u.username ASC";
$rs = get_recordset_sql($sql, array($this->instanceid));
log_info($rs->RecordCount() . ' users no longer in LDAP ');
while ($record = $rs->FetchRow()) {
if ($dosuspend) {
if (!$record['suspendedreason']) {
//if not already suspended for any reason (me or some manual operation)
log_info('suspending user ' . $record['username']);
if (!$dryrun) {
suspend_user($record['id'], AUTH_LDAP_SUSPENDED_REASON . ' ' . time() . ' (' . format_date(time()) . ')');
}
$nbsuspended++;
} else {
log_debug('user ' . $record['username'] . ' already suspended by ' . $record['suspendedreason']);
}
} else {
if ($dodelete) {
log_info('deleting user ' . $record['username']);
if (!$dryrun) {
delete_user($record['id']);
}
$nbdeleted++;
} else {
// nothing to do
log_debug('ignoring user ' . $record['username']);
$nbignored++;
}
}
}
}
if (!$docreate) {
log_info('user auto-creation disabled');
} else {
// users to create
$sql = '
SELECT
e.extusername,
e.firstname,
e.lastname,
e.email,
e.studentid,
e.preferredname
FROM
{auth_ldap_extusers_temp} e
LEFT JOIN {usr} u
ON e.extusername = u.username
WHERE u.id IS NULL
ORDER BY e.extusername';
$rs = get_recordset_sql($sql);
log_info($rs->RecordCount() . ' LDAP users unknown to Mahara ');
while ($record = $rs->FetchRow()) {
$ldapusername = $record['extusername'];
log_info('creating user ' . $ldapusername);
// Retrieve information of user from LDAP
$todb = new stdClass();
$todb->username = $ldapusername;
//not returned by LDAP
$todb->authinstance = $this->instanceid;
$todb->password = '';
foreach ($fieldstoimport as $field) {
$todb->{$field} = $record[$field];
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("creation de ");
var_dump($todb);
}
//check for used email
if (($d1 = get_record('usr', 'email', $todb->email)) || ($d2 = record_exists('artefact_internal_profile_email', 'email', $todb->email))) {
if (empty($d1)) {
$d1 = get_record('usr', 'id', $d2->owner);
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("collision email ");
var_dump($d1);
}
log_warn(get_string('emailalreadytaken', 'auth.internal') . ' ' . $d1->username . ' ' . $todb->email);
$nberrors++;
} else {
if (!$dryrun) {
create_user($todb, array(), $this->institution);
}
$nbcreated++;
}
unset($todb);
}
}
} catch (Exception $e) {
log_info("LDAP (users:{$nbpresents}) (updated:{$nbupdated}) (unsuspended:{$nbunsuspended}) (created:{$nbcreated}) (suspended:{$nbsuspended}) (deleted:{$nbdeleted}) (ignored:{$nbignored}) (errors:{$nberrors})");
throw $e;
}
log_info("LDAP (users:{$nbpresents}) (updated:{$nbupdated}) (unsuspended:{$nbunsuspended}) (created:{$nbcreated}) (suspended:{$nbsuspended}) (deleted:{$nbdeleted}) (ignored:{$nbignored}) (errors:{$nberrors})");
log_info('---------- ended at ' . date('r', time()) . ' ----------');
return true;
}
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
define('JSON', 1);
require dirname(dirname(dirname(__FILE__))) . '/init.php';
$action = param_variable('action');
if ($action == 'suspend') {
$id = param_integer('id');
$reason = param_variable('reason');
try {
suspend_user($id, $reason);
} catch (MaharaException $e) {
json_reply('local', get_string('suspendfailed', 'admin') . ': ' . $e->getMessage());
}
json_reply(false, get_string('usersuspended', 'admin'));
}
if ($action == 'search') {
require_once 'searchlib.php';
$params = new StdClass();
$params->query = trim(param_variable('query', ''));
$params->institution = param_alphanum('institution', null);
$params->f = param_alpha('f', null);
$params->l = param_alpha('l', null);
$params->institution_requested = param_alphanum('institution_requested', null);
$offset = param_integer('offset', 0);
$limit = param_integer('limit', 10);
<div class="container">
<div class="row">
<?php
if (isset($_GET['mod'])) {
$message = suspend_user($_GET['mod']);
echo '<div style="border:1px solid #000; padding: 5px; background-color:orange">' . $message . '</div>';
}
?>
<section class="content">
<h2>Users</h2>
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-body">
<div class="table-container">
<table class="table table-filter">
<tbody>
<?php
$users = show_usrs();
foreach ($users as $key => $value) {
echo '<tr><td>User: <b>' . $value[1] . '</b></td><td>Name: <b>' . $value[3] . ' ' . $value[4] . '</b></td><td>Visits: <b>' . $value[5] . '</b></td>';
if ($value[12] == 1) {
echo '<td><a href="controller.php?mode=users&mod=' . $value[0] . '" class = "btn-suspend">Suspend</a>';
} else {
echo '<td><a href="controller.php?mode=users&mod=' . $value[0] . '" class = "btn-unsuspend">Un-suspend</a>';
}
echo '</td></tr>';
}
?>
</tbody>
</table>
</div>
unsuspend_user($record['id']);
}
$nbunsuspended++;
}
}
//users to delete /suspend
$sql = " SELECT {$fieldstofetch} FROM usr U LEFT JOIN extusers E ON E.extusername = U.username\nWHERE U.authinstance =? AND deleted =0 AND E.extusername IS NULL\nORDER BY U.username ASC ";
$rs = get_recordset_sql($sql, array($auth->id));
$cli->cli_print($rs->RecordCount() . ' users no anymore in LDAP ');
while ($record = $rs->FetchRow()) {
if ($dosuspend) {
if (!$record['suspendedreason']) {
//if not already suspended for any reason ( me or some manual operation)
$cli->cli_print('suspending user ' . $record['username']);
if (!$dryrun) {
suspend_user($record['id'], SUSPENDED_REASON . ' ' . time() . ' (' . format_date(time()) . ')');
}
$nbsuspended++;
} else {
$cli->cli_print('user ' . $record['username'] . ' already suspended by ' . $record['suspendedreason']);
}
} else {
if ($dodelete) {
$cli->cli_print('deleting user ' . $record['username']);
if (!$dryrun) {
delete_user($record['id']);
}
$nbdeleted++;
} else {
// nothing to do
$cli->cli_print('ignoring user ' . $record['username']);
