packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/users.php
author Dan Fuhry <dan@fuhry.us>
Tue, 08 Jan 2013 23:21:25 -0500
changeset 2 700d61d93b1b
parent 0 3906ca745819
child 4 2212b2ded8bf
permissions -rw-r--r--
Fix accidentally hardcoded ldap basedn

<?php

require('includes/starthere.php');

// POSTed actions
if ( !empty($_SERVER['PATH_INFO']) )
{
	$pi = explode('/', trim($_SERVER['PATH_INFO'], '/'));
	switch($pi[0])
	{
		case 'disable':
			if ( !isset($pi[1]) )
				break;
			
			$user =& $pi[1];
			$userinfo = ldap_get_user($user);
			if ( !$userinfo )
				break;
			
			disable_user($user);
			
			queue_message(E_NOTICE, "{$userinfo['cn']}'s account was disabled.");
			break;
		case 'enable':
			if ( !isset($pi[1]) )
				break;
			
			$user =& $pi[1];
			$userinfo = ldap_get_user($user);
			if ( !$userinfo )
				break;
			
			enable_user($user);
			
			queue_message(E_NOTICE, "{$userinfo['cn']}'s account was enabled.");
			break;
		case 'delete':
			if ( !isset($pi[1]) )
				break;
			
			$user =& $pi[1];
			$userinfo = ldap_get_user($user);
			if ( !$userinfo )
				break;
			
			delete_user($user);
			
			queue_message(E_NOTICE, "{$userinfo['cn']}'s account was deleted.");
			break;
		case 'create':
			
			if ( empty($_POST) )
			{
				queue_message(E_ERROR, "Bad request");
				break;
			}
			
			// basic re-validation
			if ( $_POST['password'] !== $_POST['password_confirm'] )
			{
				queue_message(E_ERROR, "Passwords do not match");
				break;
			}
			
			if ( empty($_POST['cn']) )
				$_POST['cn'] = "{$_POST['givenName']} {$_POST['surname']}";
			
			if ( empty($_POST['uid']) )
				$_POST['uid'] = sprintf("%s%s", strtolower($_POST['givenName']{0}), strtolower(preg_replace('/[^A-Za-z0-9]/', '', $_POST['surname'])));
			
			if ( create_user($_POST['uid'], $_POST['password'], $_POST['givenName'], $_POST['surname'], $_POST['cn'], $_POST['title']) )
				queue_message(E_NOTICE, "{$_POST['cn']}'s account has been created!");
			else
				queue_message(E_ERROR, "Failed to create account");
			
			break;
		case 'resetpw':
			
			if ( empty($_POST) )
			{
				queue_message(E_ERROR, "Bad request");
				break;
			}
			
			// basic re-validation
			if ( $_POST['password'] !== $_POST['password_confirm'] || empty($_POST['uid']) )
			{
				queue_message(E_ERROR, "Passwords do not match");
				break;
			}
			
			$userinfo = ldap_get_user($_POST['uid']);
			if ( !$userinfo )
				break;
			
			if ( reset_password($_POST['uid'], $_POST['password']) )
				queue_message(E_NOTICE, "{$userinfo['cn']}'s password has been reset.");
			else
				queue_message(E_ERROR, "Failed to reset password");
			
			break;
			
		case 'edit':
			if ( !isset($pi[1]) )
				break;
			
			$user =& $pi[1];
			$userinfo = ldap_get_user($user);
			if ( !$userinfo )
				break;
			
			if ( !empty($_POST) )
			{
				if ( ldap_update_user($user, $_POST['entry']) )
				{
					queue_message(E_NOTICE, "Updated user \"{$_POST['entry']['cn'][0]}\".");
					redirect('/users');
				}
			}
			
			display_template('useredit', array(
					'this_user' => $userinfo
					, 'readonly' => $ldap_readonly_attrs
					, 'field_names' => $ldap_field_names
					, 'dn' => ldap_make_user_dn($user)
				));
			
			exit;
			break;
	}
}

// list users, and fill with enabled status for the UI
$users = ldap_list_users();
foreach ( $users as $username => &$u )
{
	$u['enabled'] = is_user_enabled($username);
}
unset($u);

// Present the UI
display_template('users', array(
		'users' => $users
	));