From 1cf0b00e845ead8a514f6ebe10acdf5ff82ed9a7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 May 2011 11:50:51 +0000 Subject: [PATCH] Qual: Clean LDAP code --- htdocs/conf/conf.php.example | 2 +- htdocs/includes/login/functions_ldap.php | 8 +++- .../modules/import/import_csv.modules.php | 34 ++++++++------ htdocs/lib/ldap.class.php | 7 +-- htdocs/user/class/usergroup.class.php | 6 +-- htdocs/user/fiche.php | 33 +++++++++---- htdocs/user/group/fiche.php | 46 ++++--------------- 7 files changed, 66 insertions(+), 70 deletions(-) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 43ecd458a49..61c440483e2 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -179,7 +179,7 @@ $dolibarr_main_authentication='dolibarr'; # $dolibarr_main_auth_ldap_servertype='openldap'; # openldap, activedirectory or egroupware # $dolibarr_main_auth_ldap_login_attribute='loginfield'; # Ex: uid or samaccountname for active directory # $dolibarr_main_auth_ldap_dn='ou=users,dc=my-domain,dc=com'; # Ex: ou=users,dc=my-domain,dc=com -# $dolibarr_main_auth_ldap_filter = ''; # If defined, two previous parameters are not used to find a user into LDAP. Ex: &(uid=%1%)(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com). +# $dolibarr_main_auth_ldap_filter = ''; # If defined, two previous parameters are not used to find a user into LDAP. Ex: (uid=%1%) or &(uid=%1%)(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com). # $dolibarr_main_auth_ldap_admin_login=''; # Required only if anonymous bind disabled. Ex: cn=admin,dc=example,dc=com # $dolibarr_main_auth_ldap_admin_pass=''; # Required only if anonymous bind disabled. Ex: secret diff --git a/htdocs/includes/login/functions_ldap.php b/htdocs/includes/login/functions_ldap.php index d7d1a9d5118..e7f0359ced4 100644 --- a/htdocs/includes/login/functions_ldap.php +++ b/htdocs/includes/login/functions_ldap.php @@ -123,12 +123,16 @@ function check_user_password_ldap($usertotest,$passwordtotest) } // Forge LDAP user and password to test with them - $ldap->searchUser=$ldapuserattr."=".$usertotest.",".$ldapdn; // Default dn + // If LDAP need a dn with login like "uid=jbloggs,ou=People,dc=foo,dc=com", default dn may work even if previous code with + // admin login no exectued. + $ldap->searchUser=$ldapuserattr."=".$usertotest.",".$ldapdn; // Default dn (will work if LDAP accept a dn with login value inside) + // But if LDAP need a dn with name like "cn=Jhon Bloggs,ou=People,dc=foo,dc=com", previous part must have been executed to have + // dn detected into ldapUserDN. if ($resultFetchLdapUser) $ldap->searchUser = $ldap->ldapUserDN; $ldap->searchPassword=$passwordtotest; // Test with this->seachUser and this->searchPassword - //print $ldap->searchUser.'-'.$ldap->searchPassword;exit; + //print $resultFetchLdapUser."-".$ldap->ldapUserDN."-".$ldap->searchUser.'-'.$ldap->searchPassword;exit; $result=$ldap->connect_bind(); if ($result > 0) { diff --git a/htdocs/includes/modules/import/import_csv.modules.php b/htdocs/includes/modules/import/import_csv.modules.php index 7f78201f548..4dbd373529f 100644 --- a/htdocs/includes/modules/import/import_csv.modules.php +++ b/htdocs/includes/modules/import/import_csv.modules.php @@ -117,8 +117,8 @@ class ImportCsv extends ModeleImports /** - * \brief Output header of an example file for this format - * \param langs Output language + * Output header of an example file for this format + * @param outputlangs Output language */ function write_header_example($outputlangs) { @@ -126,30 +126,34 @@ class ImportCsv extends ModeleImports } /** - * \brief Output title line of an example file for this format - * \param langs Output language + * Output title line of an example file for this format + * @param outputlangs Output language */ function write_title_example($outputlangs,$headerlinefields) { - $s=''; - $s.=join($this->separator,$headerlinefields); + $func = function($value) { + return str_replace($this->separator,'/',$value); + }; + $s.=join($this->separator,array_map($headerlinefields)); return $s."\n"; } /** - * \brief Output record of an example file for this format - * \param langs Output language + * Output record of an example file for this format + * @param outputlangs Output language */ function write_record_example($outputlangs,$contentlinevalues) { - $s=''; - $s.=join($this->separator,$contentlinevalues); + $func = function($value) { + return str_replace($this->separator,'/',$value); + }; + $s=join($this->separator,array_map($contentlinevalues)); return $s."\n"; } /** - * \brief Output footer of an example file for this format - * \param langs Output language + * Output footer of an example file for this format + * @param outputlangs Output language */ function write_footer_example($outputlangs) { @@ -159,9 +163,9 @@ class ImportCsv extends ModeleImports /** - * \brief Open input file - * \param file Path of filename - * \return int <0 if KO, >=0 if OK + * Open input file + * @param file Path of filename + * @return int <0 if KO, >=0 if OK */ function import_open_file($file) { diff --git a/htdocs/lib/ldap.class.php b/htdocs/lib/ldap.class.php index 6858741a16f..d9facdb386b 100644 --- a/htdocs/lib/ldap.class.php +++ b/htdocs/lib/ldap.class.php @@ -1131,13 +1131,14 @@ class Ldap if ($this->result) { $result = @ldap_get_entries($this->connection, $this->result); - dol_syslog("Ldap::fetch search found"); + if ($result['count'] > 0) dol_syslog('Ldap::fetch search found '.$result['count'].' records'); + else dol_syslog('Ldap::fetch search returns but found no records'); //var_dump($result);exit; } else { $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection); - dol_syslog("Ldap::fetch search not found"); + dol_syslog("Ldap::fetch search fails"); return -1; } @@ -1186,7 +1187,7 @@ class Ldap $this->domainFQDN = $domain; // Set ldapUserDn (each user can have a different dn) - //var_dump($result[0]['dn']);exit; + //var_dump($result[0]);exit; $this->ldapUserDN=$result[0]['dn']; ldap_free_result($this->result); diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index a5e7bca3b03..a53dae05dbd 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -525,9 +525,9 @@ class UserGroup extends CommonObject /** - * \brief Update group into database - * \param notrigger 0=trigers enabled, 1=trigers disabled - * \return int <0 if KO, >=0 if OK + * Update group into database + * @param notrigger 0=triggers enabled, 1=triggers disabled + * @return int <0 if KO, >=0 if OK */ function update($notrigger=0) { diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 4f97f468243..b3b0b5d8565 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -1,7 +1,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo - * Copyright (C) 2004-2010 Laurent Destailleur + * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2004 Eric Seigne * Copyright (C) 2005-2011 Regis Houssin * Copyright (C) 2005 Lionel Cousteix @@ -23,7 +23,7 @@ /** * \file htdocs/user/fiche.php - * \brief Onglet user et permissions de la fiche utilisateur + * \brief Tab of user card * \version $Id$ */ @@ -59,6 +59,7 @@ if ($_GET["id"]) } $action=GETPOST("action"); +$group=GETPOST("group","int",3); $confirm=GETPOST("confirm"); // Security check @@ -222,16 +223,30 @@ if ($_POST["action"] == 'add' && $canadduser) } // Action ajout groupe utilisateur -if ($_POST["action"] == 'addgroup' && $caneditfield) +if (($action == 'addgroup' || $action == 'removegroup') && $caneditfield) { - if ($_POST["group"]) + if ($group) { - $edituser = new User($db); - $edituser->fetch($_GET["id"]); - $edituser->SetInGroup($_POST["group"]); + $editgroup = new UserGroup($db); + $editgroup->fetch($group); + $editgroup->oldcopy=dol_clone($editgroup); - Header("Location: fiche.php?id=".$_GET["id"]); - exit; + $edituser = new User($db); + $edituser->fetch($_GET["id"]); + if ($action == 'addgroup') $edituser->SetInGroup($group); + if ($action == 'removegroup') $edituser->RemoveFromGroup($group); + + // We reload members (list has changed) + $editgroup->members=$editgroup->listUsersForGroup(); + + // We update group to force triggers that update groups content + $result=$editgroup->update(); + + if ($result > 0) + { + header("Location: fiche.php?id=".$_GET["id"]); + exit; + } } } diff --git a/htdocs/user/group/fiche.php b/htdocs/user/group/fiche.php index 30412abdb0c..3a7b9cdbb4b 100644 --- a/htdocs/user/group/fiche.php +++ b/htdocs/user/group/fiche.php @@ -48,6 +48,7 @@ $result = restrictedArea($user, 'user', $_GET["id"], 'usergroup', 'user'); $action=GETPOST("action"); $confirm=GETPOST("confirm"); +$userid=GETPOST("user","int"); /** @@ -61,6 +62,7 @@ if ($action == 'confirm_delete' && $confirm == "yes") $editgroup->fetch($_GET["id"]); $editgroup->delete(); Header("Location: index.php"); + exit; } else { @@ -114,20 +116,21 @@ if ($_POST["action"] == 'add') } } -// Add user into group -if ($_POST["action"] == 'adduser') +// Add/Remove user into group +if ($action == 'adduser' || $action =='removeuser') { - if($caneditperms) + if ($caneditperms) { - if ($_POST["user"]) + if ($userid) { $editgroup = new UserGroup($db); $editgroup->fetch($_GET["id"]); $editgroup->oldcopy=dol_clone($editgroup); $edituser = new User($db); - $edituser->fetch($_POST["user"]); - $result=$edituser->SetInGroup($_GET["id"]); + $edituser->fetch($userid); + if ($action == 'adduser') $result=$edituser->SetInGroup($_GET["id"]); + if ($action == 'removeuser') $result=$edituser->RemoveFromGroup($_GET["id"]); // We reload members (list has changed) $editgroup->members=$editgroup->listUsersForGroup(); @@ -146,37 +149,6 @@ if ($_POST["action"] == 'adduser') } } -// Remove user from group -if ($_GET["action"] == 'removeuser') -{ - if($caneditperms) - { - if ($_GET["user"]) - { - $editgroup = new UserGroup($db); - $editgroup->fetch($_GET["id"]); - $editgroup->oldcopy=dol_clone($editgroup); - - $edituser = new User($db); - $edituser->fetch($_GET["user"]); - $edituser->RemoveFromGroup($_GET["id"]); - - // We reload members (list has changed) - $editgroup->members=$editgroup->listUsersForGroup(); - - // We update group to force triggers that update groups content - $result=$editgroup->update(); - - if ($result > 0) - { - header("Location: fiche.php?id=".$_GET["id"]); - exit; - } - } - }else{ - $message = '
'.$langs->trans('ErrorForbidden').'
'; - } -} if ($_POST["action"] == 'update') {