mirror of
https://github.com/YunoHost-Apps/dotclear2_ynh.git
synced 2024-09-03 18:26:29 +02:00
4 spaces indentation for class.auth.ldap.php
This commit is contained in:
parent
29e67a6cbb
commit
4cbf6f735b
1 changed files with 109 additions and 109 deletions
|
@ -1,127 +1,127 @@
|
|||
<?php
|
||||
class ldapDcAuth extends dcAuth
|
||||
{
|
||||
# The user can't change his password
|
||||
protected $allow_pass_change = false;
|
||||
# The user can't change his password
|
||||
protected $allow_pass_change = false;
|
||||
|
||||
# LDAP parameter
|
||||
private $server = "localhost";
|
||||
private $port = "389";
|
||||
private $base = "dc=yunohost,dc=org";
|
||||
# LDAP parameter
|
||||
private $server = "localhost";
|
||||
private $port = "389";
|
||||
private $base = "dc=yunohost,dc=org";
|
||||
|
||||
public function checkUser(string $user_id, ?string $pwd = NULL, ?string $user_key = NULL, bool $check_blog = true): bool
|
||||
public function checkUser(string $user_id, ?string $pwd = NULL, ?string $user_key = NULL, bool $check_blog = true): bool
|
||||
{
|
||||
if ($pwd == '') {
|
||||
return parent::checkUser($user_id, null, $user_key, $check_blog);
|
||||
}
|
||||
|
||||
# LDAP connection
|
||||
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
|
||||
if ($ds)
|
||||
{
|
||||
if ($pwd == '') {
|
||||
return parent::checkUser($user_id, null, $user_key, $check_blog);
|
||||
}
|
||||
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd))
|
||||
{
|
||||
# search the user in ldap, and get infos
|
||||
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
|
||||
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||
$info = ldap_get_entries($ds, $sr);
|
||||
|
||||
# LDAP connection
|
||||
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
|
||||
if ($ds)
|
||||
if ($info["count"] == 1)
|
||||
{
|
||||
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd))
|
||||
{
|
||||
# search the user in ldap, and get infos
|
||||
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
|
||||
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||
$info = ldap_get_entries($ds, $sr);
|
||||
# To be case sensitive
|
||||
if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) {
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
|
||||
if ($info["count"] == 1)
|
||||
{
|
||||
# To be case sensitive
|
||||
if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) {
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
$this->con->begin();
|
||||
$cur = $this->con->openCursor($this->user_table);
|
||||
# Store the password
|
||||
$cur->user_pwd = $pwd;
|
||||
try
|
||||
{
|
||||
$this->con->begin();
|
||||
$cur = $this->con->openCursor($this->user_table);
|
||||
# Store the password
|
||||
$cur->user_pwd = $pwd;
|
||||
|
||||
# Store informations about the user
|
||||
$cur->user_id = $user_id;
|
||||
$cur->user_email = $info[0]['mail'][0];
|
||||
$cur->user_name = $info[0]['sn'][0];
|
||||
$cur->user_firstname = $info[0]['givenname'][0];
|
||||
$cur->user_displayname = $info[0]['cn'][0];
|
||||
$super_user = "__ADMIN__";
|
||||
if ($super_user == $user_id) {
|
||||
$cur->user_super = 1;
|
||||
}
|
||||
else {
|
||||
$cur->user_super = 0;
|
||||
}
|
||||
|
||||
# If the user exist, then we just update his password.
|
||||
if (dcCore::app()->userExists($user_id))
|
||||
{
|
||||
$this->sudo(array(dcCore::app(), 'updUser'), $user_id, $cur);
|
||||
}
|
||||
# If not, we create him.
|
||||
# In order for him to connect,
|
||||
# it is necessary to give him at least
|
||||
# a permission "usage" on the blog "default".
|
||||
else
|
||||
{
|
||||
$cur->user_lang = 'fr'; # Can change this, PR are welcome
|
||||
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
|
||||
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
|
||||
$this->sudo(array(dcCore::app(),'addUser'), $cur);
|
||||
# Possible roles:
|
||||
# admin "administrator"
|
||||
# contentadmin "manage all entries and comments"
|
||||
# usage "manage their own entries and comments"
|
||||
# publish "publish entries and comments"
|
||||
# delete "delete entries and comments"
|
||||
# categories "manage categories"
|
||||
# media_admin "manage all media items"
|
||||
# media "manage their own media items"
|
||||
# pages "manage pages"
|
||||
# blogroll "manage blogroll"
|
||||
$permissions = array(
|
||||
'admin' => "__BLOG_ADMIN__",
|
||||
'contentadmin' => "__BLOG_CONTENTADMIN__",
|
||||
'usage' => "__BLOG_USAGE__",
|
||||
'publish' => "__BLOG_PUBLISH__",
|
||||
'delete' => "__BLOG_DELETE__",
|
||||
'categories' => "__BLOG_CATEGORIES__",
|
||||
'media_admin' => "__BLOG_MEDIA_ADMIN__",
|
||||
'media' => "__BLOG_MEDIA__",
|
||||
'pages' => "__BLOG_PAGES__",
|
||||
'blogroll' => "__BLOG_BLOGROLL__",
|
||||
);
|
||||
$set_perms = [];
|
||||
|
||||
foreach ($permissions as $perm_id => $v) {
|
||||
if (is_string($v) && $v == "true") {
|
||||
$set_perms[$perm_id] = true;
|
||||
}
|
||||
}
|
||||
$this->sudo(array(dcCore::app(), 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true);
|
||||
}
|
||||
|
||||
$this->con->commit();
|
||||
}
|
||||
catch (Exception $e)
|
||||
{
|
||||
# In case of error we cancel and return "false"
|
||||
$this->con->rollback();
|
||||
return false;
|
||||
}
|
||||
# The previous operations proceeded without error,
|
||||
# we can now call the parent method
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
# Store informations about the user
|
||||
$cur->user_id = $user_id;
|
||||
$cur->user_email = $info[0]['mail'][0];
|
||||
$cur->user_name = $info[0]['sn'][0];
|
||||
$cur->user_firstname = $info[0]['givenname'][0];
|
||||
$cur->user_displayname = $info[0]['cn'][0];
|
||||
$super_user = "__ADMIN__";
|
||||
if ($super_user == $user_id) {
|
||||
$cur->user_super = 1;
|
||||
}
|
||||
else {
|
||||
$cur->user_super = 0;
|
||||
}
|
||||
|
||||
# If the user exist, then we just update his password.
|
||||
if (dcCore::app()->userExists($user_id))
|
||||
{
|
||||
$this->sudo(array(dcCore::app(), 'updUser'), $user_id, $cur);
|
||||
}
|
||||
# If not, we create him.
|
||||
# In order for him to connect,
|
||||
# it is necessary to give him at least
|
||||
# a permission "usage" on the blog "default".
|
||||
else
|
||||
{
|
||||
error_log("Failed to connect with the user ".$user_id);
|
||||
$cur->user_lang = 'fr'; # Can change this, PR are welcome
|
||||
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
|
||||
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
|
||||
$this->sudo(array(dcCore::app(),'addUser'), $cur);
|
||||
# Possible roles:
|
||||
# admin "administrator"
|
||||
# contentadmin "manage all entries and comments"
|
||||
# usage "manage their own entries and comments"
|
||||
# publish "publish entries and comments"
|
||||
# delete "delete entries and comments"
|
||||
# categories "manage categories"
|
||||
# media_admin "manage all media items"
|
||||
# media "manage their own media items"
|
||||
# pages "manage pages"
|
||||
# blogroll "manage blogroll"
|
||||
$permissions = array(
|
||||
'admin' => "__BLOG_ADMIN__",
|
||||
'contentadmin' => "__BLOG_CONTENTADMIN__",
|
||||
'usage' => "__BLOG_USAGE__",
|
||||
'publish' => "__BLOG_PUBLISH__",
|
||||
'delete' => "__BLOG_DELETE__",
|
||||
'categories' => "__BLOG_CATEGORIES__",
|
||||
'media_admin' => "__BLOG_MEDIA_ADMIN__",
|
||||
'media' => "__BLOG_MEDIA__",
|
||||
'pages' => "__BLOG_PAGES__",
|
||||
'blogroll' => "__BLOG_BLOGROLL__",
|
||||
);
|
||||
$set_perms = [];
|
||||
|
||||
foreach ($permissions as $perm_id => $v) {
|
||||
if (is_string($v) && $v == "true") {
|
||||
$set_perms[$perm_id] = true;
|
||||
}
|
||||
}
|
||||
$this->sudo(array(dcCore::app(), 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true);
|
||||
}
|
||||
|
||||
$this->con->commit();
|
||||
}
|
||||
catch (Exception $e)
|
||||
{
|
||||
# In case of error we cancel and return "false"
|
||||
$this->con->rollback();
|
||||
return false;
|
||||
}
|
||||
# The previous operations proceeded without error,
|
||||
# we can now call the parent method
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
else
|
||||
{
|
||||
error_log("Failed to connect with the user ".$user_id);
|
||||
}
|
||||
}
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in a new issue