ryxeo-glpi-git / inc / auth.function.php @ b67d8923
Historique | Voir | Annoter | Télécharger (38,2 ko)
| 1 |
<?php
|
|---|---|
| 2 |
|
| 3 |
|
| 4 |
/*
|
| 5 |
* @version $Id: auth.function.php 7882 2009-01-23 18:24:05Z moyo $
|
| 6 |
-------------------------------------------------------------------------
|
| 7 |
GLPI - Gestionnaire Libre de Parc Informatique
|
| 8 |
Copyright (C) 2003-2009 by the INDEPNET Development Team.
|
| 9 |
|
| 10 |
http://indepnet.net/ http://glpi-project.org
|
| 11 |
-------------------------------------------------------------------------
|
| 12 |
|
| 13 |
LICENSE
|
| 14 |
|
| 15 |
This file is part of GLPI.
|
| 16 |
|
| 17 |
GLPI is free software; you can redistribute it and/or modify
|
| 18 |
it under the terms of the GNU General Public License as published by
|
| 19 |
the Free Software Foundation; either version 2 of the License, or
|
| 20 |
(at your option) any later version.
|
| 21 |
|
| 22 |
GLPI is distributed in the hope that it will be useful,
|
| 23 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 24 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 25 |
GNU General Public License for more details.
|
| 26 |
|
| 27 |
You should have received a copy of the GNU General Public License
|
| 28 |
along with GLPI; if not, write to the Free Software
|
| 29 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
| 30 |
--------------------------------------------------------------------------
|
| 31 |
*/
|
| 32 |
|
| 33 |
// ----------------------------------------------------------------------
|
| 34 |
// Original Author of file:
|
| 35 |
// Purpose of file:
|
| 36 |
// ----------------------------------------------------------------------
|
| 37 |
|
| 38 |
if (!defined('GLPI_ROOT')) { |
| 39 |
die("Sorry. You can't access directly to this file"); |
| 40 |
} |
| 41 |
|
| 42 |
/**
|
| 43 |
* Have I the right $right to module $module (conpare to session variable)
|
| 44 |
*
|
| 45 |
* @param $module Module to check
|
| 46 |
* @param $right Right to check
|
| 47 |
*
|
| 48 |
* @return Boolean : session variable have more than the right specified for the module
|
| 49 |
**/
|
| 50 |
function haveRight($module, $right) { |
| 51 |
global $DB; |
| 52 |
|
| 53 |
//If GLPI is using the slave DB -> read only mode
|
| 54 |
if ($DB->isSlave() && $right == "w") |
| 55 |
return false; |
| 56 |
|
| 57 |
$matches = array ( |
| 58 |
"" => array ( |
| 59 |
"",
|
| 60 |
"r",
|
| 61 |
"w"
|
| 62 |
), // ne doit pas arriver normalement
|
| 63 |
"r" => array ( |
| 64 |
"r",
|
| 65 |
"w"
|
| 66 |
), |
| 67 |
"w" => array ( |
| 68 |
"w"
|
| 69 |
), |
| 70 |
"1" => array ( |
| 71 |
"1"
|
| 72 |
), |
| 73 |
"0" => array ( |
| 74 |
"0",
|
| 75 |
"1"
|
| 76 |
), // ne doit pas arriver non plus
|
| 77 |
); |
| 78 |
|
| 79 |
if (isset ($_SESSION["glpiactiveprofile"][$module]) && in_array($_SESSION["glpiactiveprofile"][$module], $matches[$right])) |
| 80 |
return true; |
| 81 |
else
|
| 82 |
return false; |
| 83 |
} |
| 84 |
|
| 85 |
/**
|
| 86 |
* Have I the right $right to module type $type (conpare to session variable)
|
| 87 |
*
|
| 88 |
* @param $right Right to check
|
| 89 |
* @param $type Type to check
|
| 90 |
*
|
| 91 |
* @return Boolean : session variable have more than the right specified for the module type
|
| 92 |
**/
|
| 93 |
function haveTypeRight($type, $right) { |
| 94 |
global $LANG,$PLUGIN_HOOKS; |
| 95 |
|
| 96 |
switch ($type) { |
| 97 |
case GENERAL_TYPE : |
| 98 |
return true; |
| 99 |
break;
|
| 100 |
case COMPUTER_TYPE : |
| 101 |
return haveRight("computer", $right); |
| 102 |
break;
|
| 103 |
case NETWORKING_TYPE : |
| 104 |
return haveRight("networking", $right); |
| 105 |
break;
|
| 106 |
case PRINTER_TYPE : |
| 107 |
return haveRight("printer", $right); |
| 108 |
break;
|
| 109 |
case MONITOR_TYPE : |
| 110 |
return haveRight("monitor", $right); |
| 111 |
break;
|
| 112 |
case PERIPHERAL_TYPE : |
| 113 |
return haveRight("peripheral", $right); |
| 114 |
break;
|
| 115 |
case SOFTWARE_TYPE : |
| 116 |
return haveRight("software", $right); |
| 117 |
break;
|
| 118 |
case CONTACT_TYPE : |
| 119 |
return haveRight("contact_enterprise", $right); |
| 120 |
break;
|
| 121 |
case ENTERPRISE_TYPE : |
| 122 |
return haveRight("contact_enterprise", $right); |
| 123 |
break;
|
| 124 |
case INFOCOM_TYPE : |
| 125 |
return haveRight("contract_infocom", $right); |
| 126 |
break;
|
| 127 |
case CONTRACT_TYPE : |
| 128 |
return haveRight("contract_infocom", $right); |
| 129 |
break;
|
| 130 |
case CARTRIDGE_TYPE : |
| 131 |
return haveRight("cartridge", $right); |
| 132 |
break;
|
| 133 |
case TYPEDOC_TYPE : |
| 134 |
return haveRight("typedoc", $right); |
| 135 |
break;
|
| 136 |
case DOCUMENT_TYPE : |
| 137 |
return haveRight("document", $right); |
| 138 |
break;
|
| 139 |
case KNOWBASE_TYPE : |
| 140 |
return (haveRight("knowbase", $right)||haveRight("faq", $right)); |
| 141 |
break;
|
| 142 |
case USER_TYPE : |
| 143 |
return haveRight("user", $right); |
| 144 |
break;
|
| 145 |
case TRACKING_TYPE : |
| 146 |
if ($right=='r'){ |
| 147 |
return haveRight("show_all_ticket", 1); |
| 148 |
} else if ($right=='w'){ |
| 149 |
return haveRight("update_ticket", 1); |
| 150 |
} else {
|
| 151 |
return haveRight("show_all_ticket", $right); |
| 152 |
} |
| 153 |
break;
|
| 154 |
case CONSUMABLE_TYPE : |
| 155 |
return haveRight("consumable", $right); |
| 156 |
break;
|
| 157 |
case CARTRIDGE_ITEM_TYPE : |
| 158 |
return haveRight("cartridge", $right); |
| 159 |
break;
|
| 160 |
case CONSUMABLE_ITEM_TYPE : |
| 161 |
return haveRight("consumable", $right); |
| 162 |
break;
|
| 163 |
case LICENSE_TYPE : |
| 164 |
return haveRight("software", $right); |
| 165 |
break;
|
| 166 |
case LINK_TYPE : |
| 167 |
return haveRight("link", $right); |
| 168 |
break;
|
| 169 |
case PHONE_TYPE : |
| 170 |
return haveRight("phone", $right); |
| 171 |
break;
|
| 172 |
case REMINDER_TYPE : |
| 173 |
return haveRight("reminder_public", $right); |
| 174 |
break;
|
| 175 |
case GROUP_TYPE : |
| 176 |
return haveRight("group", $right); |
| 177 |
break;
|
| 178 |
case ENTITY_TYPE : |
| 179 |
return haveRight("entity", $right); |
| 180 |
break;
|
| 181 |
case AUTH_MAIL_TYPE : |
| 182 |
return haveRight("config",$right); |
| 183 |
break;
|
| 184 |
case AUTH_LDAP_TYPE : |
| 185 |
return haveRight("config",$right); |
| 186 |
break;
|
| 187 |
case OCSNG_TYPE : |
| 188 |
return haveRight("ocsng",$right); |
| 189 |
break;
|
| 190 |
case REGISTRY_TYPE : |
| 191 |
return haveRight("ocsng",$right); |
| 192 |
break;
|
| 193 |
case PROFILE_TYPE : |
| 194 |
return haveRight("profile",$right); |
| 195 |
break;
|
| 196 |
case MAILGATE_TYPE : |
| 197 |
return haveRight("config",$right); |
| 198 |
break;
|
| 199 |
case RULE_TYPE : |
| 200 |
return haveRight("rule_tracking",$right)||haveRight("rule_ocs",$right)||haveRight("rule_ldap",$right)||haveRight("rule_softwarecategories",$right); |
| 201 |
break;
|
| 202 |
case TRANSFER_TYPE : |
| 203 |
return haveRight("transfer",$right); |
| 204 |
break;
|
| 205 |
case BOOKMARK_TYPE : |
| 206 |
return haveRight("bookmark_public",$right); |
| 207 |
break;
|
| 208 |
default :
|
| 209 |
// Plugin case
|
| 210 |
if ($type>1000){ |
| 211 |
if (isset($PLUGIN_HOOKS['plugin_types'][$type])){ |
| 212 |
$function='plugin_'.$PLUGIN_HOOKS['plugin_types'][$type].'_haveTypeRight'; |
| 213 |
if (function_exists($function)){ |
| 214 |
return $function($type,$right); |
| 215 |
} |
| 216 |
} |
| 217 |
} |
| 218 |
|
| 219 |
break;
|
| 220 |
|
| 221 |
} |
| 222 |
return false; |
| 223 |
} |
| 224 |
|
| 225 |
/**
|
| 226 |
* Display common message for privileges errors
|
| 227 |
*
|
| 228 |
* @return Nothing
|
| 229 |
**/
|
| 230 |
function displayRightError() { |
| 231 |
global $LANG, $CFG_GLPI, $HEADER_LOADED; |
| 232 |
if (!$HEADER_LOADED) { |
| 233 |
if (!isset ($_SESSION["glpiactiveprofile"]["interface"])){ |
| 234 |
nullHeader($LANG["login"][5], $_SERVER['PHP_SELF']); |
| 235 |
} else {
|
| 236 |
if ($_SESSION["glpiactiveprofile"]["interface"] == "central"){ |
| 237 |
commonHeader($LANG["login"][5], $_SERVER['PHP_SELF']); |
| 238 |
} else {
|
| 239 |
if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk"){ |
| 240 |
helpHeader($LANG["login"][5], $_SERVER['PHP_SELF']); |
| 241 |
} |
| 242 |
} |
| 243 |
} |
| 244 |
} |
| 245 |
echo "<div class='center'><br><br><img src=\"" . $CFG_GLPI["root_doc"] . "/pics/warning.png\" alt=\"warning\"><br><br>"; |
| 246 |
echo "<strong>" . $LANG["login"][5] . "</strong></div>"; |
| 247 |
nullFooter(); |
| 248 |
exit ();
|
| 249 |
} |
| 250 |
|
| 251 |
/**
|
| 252 |
* Check if I have the right $right to module $module (conpare to session variable)
|
| 253 |
*
|
| 254 |
* @param $module Module to check
|
| 255 |
* @param $right Right to check
|
| 256 |
*
|
| 257 |
* @return Nothing : display error if not permit
|
| 258 |
**/
|
| 259 |
function checkRight($module, $right) { |
| 260 |
global $CFG_GLPI; |
| 261 |
|
| 262 |
if (!haveRight($module, $right)) { |
| 263 |
// Gestion timeout session
|
| 264 |
if (!isset ($_SESSION["glpiID"])) { |
| 265 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 266 |
exit ();
|
| 267 |
} |
| 268 |
|
| 269 |
displayRightError(); |
| 270 |
} |
| 271 |
} |
| 272 |
|
| 273 |
/**
|
| 274 |
* Check if I have one of the right specified
|
| 275 |
*
|
| 276 |
* @param $modules array of modules where keys are modules and value are right
|
| 277 |
*
|
| 278 |
* @return Nothing : display error if not permit
|
| 279 |
**/
|
| 280 |
function checkSeveralRightsOr($modules) { |
| 281 |
global $CFG_GLPI; |
| 282 |
|
| 283 |
$valid = false; |
| 284 |
if (count($modules)){ |
| 285 |
foreach ($modules as $mod => $right){ |
| 286 |
if (is_numeric($mod)){ |
| 287 |
if (haveTypeRight($mod, $right)){ |
| 288 |
$valid = true; |
| 289 |
} |
| 290 |
} else if (haveRight($mod, $right)){ |
| 291 |
$valid = true; |
| 292 |
} |
| 293 |
} |
| 294 |
} |
| 295 |
|
| 296 |
if (!$valid) { |
| 297 |
// Gestion timeout session
|
| 298 |
if (!isset ($_SESSION["glpiID"])) { |
| 299 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 300 |
exit ();
|
| 301 |
} |
| 302 |
|
| 303 |
displayRightError(); |
| 304 |
} |
| 305 |
} |
| 306 |
|
| 307 |
/**
|
| 308 |
* Check if I have all the rights specified
|
| 309 |
*
|
| 310 |
* @param $modules array of modules where keys are modules and value are right
|
| 311 |
*
|
| 312 |
* @return Nothing : display error if not permit
|
| 313 |
**/
|
| 314 |
function checkSeveralRightsAnd($modules) { |
| 315 |
global $CFG_GLPI; |
| 316 |
|
| 317 |
$valid = true; |
| 318 |
if (count($modules)){ |
| 319 |
foreach ($modules as $mod => $right){ |
| 320 |
if (is_numeric($mod)){ |
| 321 |
if (!haveTypeRight($mod, $right)){ |
| 322 |
$valid = false; |
| 323 |
} |
| 324 |
} else if (!haveRight($mod, $right)){ |
| 325 |
$valid = false; |
| 326 |
} |
| 327 |
} |
| 328 |
} |
| 329 |
|
| 330 |
if (!$valid) { |
| 331 |
// Gestion timeout session
|
| 332 |
if (!isset ($_SESSION["glpiID"])) { |
| 333 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 334 |
exit ();
|
| 335 |
} |
| 336 |
displayRightError(); |
| 337 |
} |
| 338 |
} |
| 339 |
/**
|
| 340 |
* Check if I have the right $right to module type $type (conpare to session variable)
|
| 341 |
*
|
| 342 |
* @param $type Module type to check
|
| 343 |
* @param $right Right to check
|
| 344 |
*
|
| 345 |
* @return Nothing : display error if not permit
|
| 346 |
**/
|
| 347 |
function checkTypeRight($type, $right) { |
| 348 |
global $CFG_GLPI; |
| 349 |
if (!haveTypeRight($type, $right)) { |
| 350 |
// Gestion timeout session
|
| 351 |
if (!isset ($_SESSION["glpiID"])) { |
| 352 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 353 |
exit ();
|
| 354 |
} |
| 355 |
displayRightError(); |
| 356 |
} |
| 357 |
} |
| 358 |
/**
|
| 359 |
* Check if I have access to the central interface
|
| 360 |
*
|
| 361 |
* @return Nothing : display error if not permit
|
| 362 |
**/
|
| 363 |
function checkCentralAccess() { |
| 364 |
|
| 365 |
global $CFG_GLPI; |
| 366 |
|
| 367 |
if (!isset ($_SESSION["glpiactiveprofile"]) || $_SESSION["glpiactiveprofile"]["interface"] != "central") { |
| 368 |
// Gestion timeout session
|
| 369 |
if (!isset ($_SESSION["glpiID"])) { |
| 370 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 371 |
exit ();
|
| 372 |
} |
| 373 |
displayRightError(); |
| 374 |
} |
| 375 |
} |
| 376 |
/**
|
| 377 |
* Check if I have access to the helpdesk interface
|
| 378 |
*
|
| 379 |
* @return Nothing : display error if not permit
|
| 380 |
**/
|
| 381 |
function checkHelpdeskAccess() { |
| 382 |
|
| 383 |
global $CFG_GLPI; |
| 384 |
|
| 385 |
if (!isset ($_SESSION["glpiactiveprofile"]) || $_SESSION["glpiactiveprofile"]["interface"] != "helpdesk") { |
| 386 |
// Gestion timeout session
|
| 387 |
if (!isset ($_SESSION["glpiID"])) { |
| 388 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 389 |
exit ();
|
| 390 |
} |
| 391 |
displayRightError(); |
| 392 |
} |
| 393 |
} |
| 394 |
|
| 395 |
/**
|
| 396 |
* Check if I am logged in
|
| 397 |
*
|
| 398 |
* @return Nothing : display error if not permit
|
| 399 |
**/
|
| 400 |
function checkLoginUser() { |
| 401 |
|
| 402 |
global $CFG_GLPI; |
| 403 |
|
| 404 |
if (!isset ($_SESSION["glpiname"])) { |
| 405 |
// Gestion timeout session
|
| 406 |
if (!isset ($_SESSION["glpiID"])) { |
| 407 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
| 408 |
exit ();
|
| 409 |
} |
| 410 |
displayRightError(); |
| 411 |
} |
| 412 |
} |
| 413 |
|
| 414 |
/**
|
| 415 |
* Check if I have the right to access to the FAQ (profile or anonymous FAQ)
|
| 416 |
*
|
| 417 |
* @return Nothing : display error if not permit
|
| 418 |
**/
|
| 419 |
function checkFaqAccess() { |
| 420 |
global $CFG_GLPI; |
| 421 |
|
| 422 |
if ($CFG_GLPI["public_faq"] == 0 && !haveRight("faq", "r")) { |
| 423 |
displayRightError(); |
| 424 |
} |
| 425 |
|
| 426 |
} |
| 427 |
|
| 428 |
/**
|
| 429 |
* Include the good language dict.
|
| 430 |
*
|
| 431 |
* Get the default language from current user in $_SESSION["glpilanguage"].
|
| 432 |
* And load the dict that correspond.
|
| 433 |
* @param $forcelang Force to load a specific lang
|
| 434 |
*
|
| 435 |
* @return nothing (make an include)
|
| 436 |
*
|
| 437 |
**/
|
| 438 |
function loadLanguage($forcelang='') { |
| 439 |
|
| 440 |
global $LANG, $CFG_GLPI; |
| 441 |
$file = ""; |
| 442 |
|
| 443 |
if (!isset($_SESSION["glpilanguage"])){ |
| 444 |
$_SESSION["glpilanguage"]=$CFG_GLPI["default_language"]; |
| 445 |
} |
| 446 |
|
| 447 |
$trytoload=$_SESSION["glpilanguage"]; |
| 448 |
// Force to load a specific lang
|
| 449 |
if (!empty($forcelang)){ |
| 450 |
$trytoload=$forcelang; |
| 451 |
} |
| 452 |
// If not set try default lang file
|
| 453 |
if (empty($trytoload)){ |
| 454 |
$trytoload=$CFG_GLPI["default_language"]; |
| 455 |
} |
| 456 |
|
| 457 |
if (isset ($CFG_GLPI["languages"][$trytoload][1])) { |
| 458 |
$file = "/locales/" . $CFG_GLPI["languages"][$trytoload][1]; |
| 459 |
} |
| 460 |
|
| 461 |
if (empty ($file) || !is_file(GLPI_ROOT . $file)) { |
| 462 |
$trytoload='en_GB'; |
| 463 |
$file = "/locales/en_GB.php"; |
| 464 |
} |
| 465 |
$options = array ( |
| 466 |
'cacheDir' => GLPI_CACHE_DIR, |
| 467 |
'lifeTime' => DEFAULT_CACHE_LIFETIME, |
| 468 |
'automaticSerialization' => true, |
| 469 |
'caching' => $CFG_GLPI["use_cache"], |
| 470 |
'hashedDirectoryLevel' => 2, |
| 471 |
'masterFile' => GLPI_ROOT . $file, |
| 472 |
'fileLocking' => CACHE_FILELOCKINGCONTROL, |
| 473 |
'writeControl' => CACHE_WRITECONTROL, |
| 474 |
'readControl' => CACHE_READCONTROL, |
| 475 |
); |
| 476 |
$cache = new Cache_Lite_File($options); |
| 477 |
|
| 478 |
// Set a id for this cache : $file
|
| 479 |
if (!($LANG = $cache->get($file, "GLPI_LANG"))) { |
| 480 |
// Cache miss !
|
| 481 |
// Put in $LANG datas to put in cache
|
| 482 |
include (GLPI_ROOT . $file); |
| 483 |
$cache->save($LANG, $file, "GLPI_LANG"); |
| 484 |
} |
| 485 |
|
| 486 |
// Debug display lang element with item
|
| 487 |
if ($CFG_GLPI["debug"] && $CFG_GLPI["debug_lang"]) { |
| 488 |
foreach ($LANG as $module => $tab) { |
| 489 |
foreach ($tab as $num => $val) { |
| 490 |
$LANG[$module][$num] .= "<span style='font-size:12px; color:red;'>$module/$num</span>"; |
| 491 |
} |
| 492 |
} |
| 493 |
} |
| 494 |
return $trytoload; |
| 495 |
} |
| 496 |
|
| 497 |
/**
|
| 498 |
* Set the entities session variable. Load all entities from DB
|
| 499 |
*
|
| 500 |
* @param $userID : ID of the user
|
| 501 |
* @return Nothing
|
| 502 |
**/
|
| 503 |
function initEntityProfiles($userID) { |
| 504 |
global $DB; |
| 505 |
|
| 506 |
$profile = new Profile; |
| 507 |
|
| 508 |
$query = "SELECT DISTINCT glpi_profiles.* FROM glpi_users_profiles INNER JOIN glpi_profiles ON (glpi_users_profiles.FK_profiles = glpi_profiles.ID) |
| 509 |
WHERE glpi_users_profiles.FK_users='$userID'
|
| 510 |
ORDER BY glpi_profiles.name";
|
| 511 |
$result = $DB->query($query); |
| 512 |
$_SESSION['glpiprofiles'] = array (); |
| 513 |
if ($DB->numrows($result)) { |
| 514 |
while ($data = $DB->fetch_assoc($result)) { |
| 515 |
$profile->fields = array (); |
| 516 |
$profile->getFromDB($data['ID']); |
| 517 |
$profile->cleanProfile();
|
| 518 |
$_SESSION['glpiprofiles'][$data['ID']] = $profile->fields; |
| 519 |
} |
| 520 |
|
| 521 |
foreach ($_SESSION['glpiprofiles'] as $key => $tab) { |
| 522 |
$query2 = "SELECT glpi_users_profiles.FK_entities as eID, glpi_users_profiles.ID as kID, glpi_users_profiles.recursive as recursive, glpi_entities.* FROM glpi_users_profiles LEFT JOIN glpi_entities ON (glpi_users_profiles.FK_entities = glpi_entities.ID) |
| 523 |
WHERE glpi_users_profiles.FK_profiles='$key' AND glpi_users_profiles.FK_users='$userID'
|
| 524 |
ORDER BY glpi_entities.completename";
|
| 525 |
$result2 = $DB->query($query2); |
| 526 |
if ($DB->numrows($result2)) { |
| 527 |
while ($data = $DB->fetch_array($result2)) { |
| 528 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['ID'] = $data['eID']; |
| 529 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['name'] = $data['name']; |
| 530 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['completename'] = $data['completename']; |
| 531 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['recursive'] = $data['recursive']; |
| 532 |
} |
| 533 |
} |
| 534 |
} |
| 535 |
} |
| 536 |
} |
| 537 |
|
| 538 |
/**
|
| 539 |
* Change active profile to the $ID one. Update glpiactiveprofile session variable.
|
| 540 |
*
|
| 541 |
* @param $ID : ID of the new profile
|
| 542 |
* @return Nothing
|
| 543 |
**/
|
| 544 |
function changeProfile($ID) { |
| 545 |
global $CFG_GLPI,$LANG; |
| 546 |
if (isset ($_SESSION['glpiprofiles'][$ID]) && count($_SESSION['glpiprofiles'][$ID]['entities'])) { |
| 547 |
// glpiactiveprofile -> active profile
|
| 548 |
$_SESSION['glpiactiveprofile'] = $_SESSION['glpiprofiles'][$ID]; |
| 549 |
$_SESSION['glpi_entities_tree']=array(); |
| 550 |
$_SESSION['glpiactiveentities'] = array (); |
| 551 |
// Init ancestors if needed
|
| 552 |
if (!isset($_SESSION['glpi_entities_ancestors'])){ |
| 553 |
$_SESSION['glpi_entities_ancestors']=array(); |
| 554 |
} |
| 555 |
// glpiactiveentities -> active entities
|
| 556 |
foreach ($_SESSION['glpiactiveprofile']['entities'] as $key => $val) { |
| 557 |
if (!$val['recursive']) { |
| 558 |
if (!array_search($val["ID"], $_SESSION['glpiactiveentities'])) { |
| 559 |
$_SESSION['glpiactiveentities'][$val['ID']] = $val['ID']; |
| 560 |
$entity=array(); |
| 561 |
$entity[$val['ID']]['tree']=array(); |
| 562 |
|
| 563 |
if ($val['ID']==0){ |
| 564 |
$entity[$val['ID']]['name'] = $LANG["entity"][2]; |
| 565 |
} else {
|
| 566 |
$entity[$val['ID']]['name'] = $val['name']; |
| 567 |
} |
| 568 |
$_SESSION['glpi_entities_tree'][] = $entity; |
| 569 |
} |
| 570 |
} else {
|
| 571 |
$entitytree = getTreeForItem("glpi_entities", $val['ID']); |
| 572 |
$_SESSION['glpi_entities_tree'][]=$entitytree; |
| 573 |
$entities = contructListFromTree($entitytree); |
| 574 |
|
| 575 |
if (count($entities)) { |
| 576 |
foreach ($entities as $key2 => $val2) { |
| 577 |
$_SESSION['glpiactiveentities'][$key2] = $key2; |
| 578 |
} |
| 579 |
} |
| 580 |
} |
| 581 |
} |
| 582 |
if (isset($_SESSION['glpiactiveentities'][$_SESSION["glpidefault_entity"]])){ |
| 583 |
changeActiveEntities($_SESSION["glpidefault_entity"],true); |
| 584 |
} else {
|
| 585 |
changeActiveEntities("all");
|
| 586 |
} |
| 587 |
|
| 588 |
|
| 589 |
doHook("change_profile");
|
| 590 |
} |
| 591 |
cleanCache("GLPI_HEADER_".$_SESSION["glpiID"]); |
| 592 |
// Clean specific datas
|
| 593 |
if (isset($_SESSION['glpi_faqcategories'])){ |
| 594 |
unset($_SESSION['glpi_faqcategories']); |
| 595 |
} |
| 596 |
} |
| 597 |
|
| 598 |
|
| 599 |
/**
|
| 600 |
* Change active entity to the $ID one. Update glpiactiveentities session variable.
|
| 601 |
* Reload groups related to this entity.
|
| 602 |
*
|
| 603 |
* @param $ID : ID of the new active entity ("all"=>load all possible entities)
|
| 604 |
* @param $recursive : also display sub entities of the active entity ?
|
| 605 |
* @return Nothing
|
| 606 |
**/
|
| 607 |
function changeActiveEntities($ID="all",$recursive=false) { |
| 608 |
global $LANG; |
| 609 |
$newentities=array(); |
| 610 |
if ($ID=="all"){ |
| 611 |
foreach ($_SESSION['glpi_entities_tree'] as $key => $tree){ |
| 612 |
$entities = contructListFromTree($tree); |
| 613 |
if (count($entities)) { |
| 614 |
foreach ($entities as $key2 => $val2) { |
| 615 |
$newentities[$key2] = $key2; |
| 616 |
} |
| 617 |
} |
| 618 |
} |
| 619 |
} else {
|
| 620 |
$newentities[$ID] = $ID; |
| 621 |
if ($recursive){ |
| 622 |
foreach ($_SESSION['glpi_entities_tree'] as $key => $tree){ |
| 623 |
$entities = contructListFromTree($tree); |
| 624 |
$tofind=array($ID); |
| 625 |
while (count($tofind)){ |
| 626 |
$founded=array(); |
| 627 |
foreach ($entities as $key2 => $val2){ |
| 628 |
if (in_array($val2,$tofind)){ |
| 629 |
$newentities[$key2] = $key2; |
| 630 |
$founded[]=$key2; |
| 631 |
unset($entities[$key2]); |
| 632 |
} |
| 633 |
} |
| 634 |
$tofind=$founded; |
| 635 |
} |
| 636 |
} |
| 637 |
} |
| 638 |
} |
| 639 |
if (count($newentities)>0){ |
| 640 |
$_SESSION['glpiactiveentities']=$newentities; |
| 641 |
// Active entity loading
|
| 642 |
$active=key($_SESSION['glpiactiveentities']); |
| 643 |
$_SESSION["glpiactive_entity"] = $active; |
| 644 |
$_SESSION["glpiactive_entity_name"] = getDropdownName("glpi_entities",$active); |
| 645 |
$_SESSION["glpiactive_entity_shortname"] = getTreeLeafValueName("glpi_entities",$active); |
| 646 |
if ($recursive){ |
| 647 |
$_SESSION["glpiactive_entity_name"] .= " (".$LANG["entity"][7].")"; |
| 648 |
$_SESSION["glpiactive_entity_shortname"] .= " (".$LANG["entity"][7].")"; |
| 649 |
} |
| 650 |
if ($ID=="all"){ |
| 651 |
$_SESSION["glpiactive_entity_name"] .= " (".$LANG["buttons"][40].")"; |
| 652 |
$_SESSION["glpiactive_entity_shortname"] .= " (".$LANG["buttons"][40].")"; |
| 653 |
} |
| 654 |
if (countElementsInTable('glpi_entities')<count($_SESSION['glpiactiveentities'])){ |
| 655 |
$_SESSION['glpishowallentities']=1; |
| 656 |
} else {
|
| 657 |
$_SESSION['glpishowallentities']=0; |
| 658 |
} |
| 659 |
|
| 660 |
// Clean session variable to search system
|
| 661 |
if (isset($_SESSION['glpisearch'])&&count($_SESSION['glpisearch'])){ |
| 662 |
foreach ($_SESSION['glpisearch'] as $type => $tab){ |
| 663 |
if (isset($tab['start'])&&$tab['start']>0){ |
| 664 |
$_SESSION['glpisearch'][$type]['start']=0; |
| 665 |
} |
| 666 |
} |
| 667 |
} |
| 668 |
|
| 669 |
loadGroups(); |
| 670 |
doHook("change_entity");
|
| 671 |
cleanCache("GLPI_HEADER_".$_SESSION["glpiID"]); |
| 672 |
} |
| 673 |
} |
| 674 |
|
| 675 |
/**
|
| 676 |
* Load groups where I am in the active entity.
|
| 677 |
* @return Nothing
|
| 678 |
**/
|
| 679 |
function loadGroups() { |
| 680 |
global $DB; |
| 681 |
|
| 682 |
$_SESSION["glpigroups"] = array (); |
| 683 |
|
| 684 |
|
| 685 |
$first=true; |
| 686 |
$entities=""; |
| 687 |
foreach ($_SESSION['glpiactiveentities'] as $val){ |
| 688 |
if (!$first) $entities.=","; |
| 689 |
else $first=false; |
| 690 |
$entities.="'".$val."'"; |
| 691 |
} |
| 692 |
|
| 693 |
|
| 694 |
$query_gp = "SELECT FK_groups FROM glpi_users_groups LEFT JOIN glpi_groups ON (glpi_users_groups.FK_groups = glpi_groups.ID) WHERE glpi_users_groups.FK_users='" . $_SESSION['glpiID'] . "' AND glpi_groups.FK_entities IN ($entities)"; |
| 695 |
|
| 696 |
$result_gp = $DB->query($query_gp); |
| 697 |
if ($DB->numrows($result_gp)) { |
| 698 |
while ($data = $DB->fetch_array($result_gp)) { |
| 699 |
$_SESSION["glpigroups"][] = $data["FK_groups"]; |
| 700 |
} |
| 701 |
} |
| 702 |
} |
| 703 |
|
| 704 |
/**
|
| 705 |
* Check if you could create recursive object in the entity of id = $ID
|
| 706 |
*
|
| 707 |
* @param $ID : ID of the entity
|
| 708 |
* @return Boolean :
|
| 709 |
**/
|
| 710 |
function haveRecursiveAccessToEntity($ID) { |
| 711 |
|
| 712 |
// Right by profile
|
| 713 |
foreach ($_SESSION['glpiactiveprofile']['entities'] as $key => $val) { |
| 714 |
if ($val['ID']==$ID) { |
| 715 |
return $val['recursive']; |
| 716 |
} |
| 717 |
} |
| 718 |
|
| 719 |
// Right is from a recursive profile
|
| 720 |
if (isset ($_SESSION['glpiactiveentities'])) { |
| 721 |
return in_array($ID, $_SESSION['glpiactiveentities']); |
| 722 |
} |
| 723 |
|
| 724 |
return false; |
| 725 |
} |
| 726 |
|
| 727 |
/**
|
| 728 |
* Check if you could access (read) to the entity of id = $ID
|
| 729 |
*
|
| 730 |
* @param $ID : ID of the entity
|
| 731 |
* @param $recursive : boolean if resursive item
|
| 732 |
*
|
| 733 |
* @return Boolean : read access to entity
|
| 734 |
**/
|
| 735 |
function haveAccessToEntity($ID, $recursive=0) { |
| 736 |
if (!isset ($_SESSION['glpiactiveentities'])) { |
| 737 |
return false; |
| 738 |
} |
| 739 |
|
| 740 |
if (!$recursive) { |
| 741 |
return in_array($ID, $_SESSION['glpiactiveentities']); |
| 742 |
} |
| 743 |
|
| 744 |
if (in_array($ID, $_SESSION['glpiactiveentities'])) { |
| 745 |
return true; |
| 746 |
} |
| 747 |
|
| 748 |
// Recursive object
|
| 749 |
foreach ($_SESSION['glpiactiveentities'] as $ent) { |
| 750 |
if (in_array($ID, getEntityAncestors($ent))) { |
| 751 |
return true; |
| 752 |
} |
| 753 |
} |
| 754 |
|
| 755 |
return false; |
| 756 |
} |
| 757 |
|
| 758 |
/**
|
| 759 |
* Check if you could access to one entity of an list
|
| 760 |
*
|
| 761 |
* @param $tab : list ID of entities
|
| 762 |
* @return Boolean :
|
| 763 |
**/
|
| 764 |
function haveAccessToOneOfEntities($tab) { |
| 765 |
$access=false; |
| 766 |
if (is_array($tab)&&count($tab)){ |
| 767 |
foreach ($tab as $val){ |
| 768 |
if (haveAccessToEntity($val)){ |
| 769 |
return true; |
| 770 |
} |
| 771 |
} |
| 772 |
} |
| 773 |
return $access; |
| 774 |
} |
| 775 |
|
| 776 |
/**
|
| 777 |
* Get SQL request to restrict to current entities of the user
|
| 778 |
*
|
| 779 |
* @param $separator : separator in the begin of the request
|
| 780 |
* @param $table : table where apply the limit (if needed, multiple tables queries)
|
| 781 |
* @param $field : field where apply the limit (id != FK_entities)
|
| 782 |
* @param $value : entity to restrict (if not set use $_SESSION['glpiactiveentities']). single item or array
|
| 783 |
* @param $recursive : need to use recursive process to find item (field need to be named recursive)
|
| 784 |
* @return String : the WHERE clause to restrict
|
| 785 |
**/
|
| 786 |
function getEntitiesRestrictRequest($separator = "AND", $table = "", $field = "",$value='',$recursive=false) { |
| 787 |
|
| 788 |
$query = $separator ." ( "; |
| 789 |
|
| 790 |
// !='0' needed because consider as empty
|
| 791 |
if ($value!='0'&&empty($value)&&isset($_SESSION['glpishowallentities'])&&$_SESSION['glpishowallentities']){ |
| 792 |
// Not ADD "AND 1" if not needed
|
| 793 |
if (trim($separator)=="AND"){ |
| 794 |
return ""; |
| 795 |
} else {
|
| 796 |
return $query." 1 ) "; |
| 797 |
} |
| 798 |
} |
| 799 |
|
| 800 |
if (!is_array($value)&&strlen($value)==0){ |
| 801 |
$value=$_SESSION['glpiactiveentities']; |
| 802 |
} |
| 803 |
|
| 804 |
|
| 805 |
if (!empty ($table)) { |
| 806 |
$query .= $table . "."; |
| 807 |
} |
| 808 |
if (empty($field)){ |
| 809 |
if ($table=='glpi_entities') { |
| 810 |
$field="ID"; |
| 811 |
} else {
|
| 812 |
$field="FK_entities"; |
| 813 |
} |
| 814 |
} |
| 815 |
|
| 816 |
$query.=$field; |
| 817 |
|
| 818 |
if (is_array($value)){ |
| 819 |
$query.=" IN ("; |
| 820 |
$first=true; |
| 821 |
|
| 822 |
foreach ($value as $val){ |
| 823 |
if (!$first){ |
| 824 |
$query.=","; |
| 825 |
} else {
|
| 826 |
$first=false; |
| 827 |
} |
| 828 |
$query.=$val; |
| 829 |
} |
| 830 |
$query.=") "; |
| 831 |
} else {
|
| 832 |
$query.= " = '$value' "; |
| 833 |
} |
| 834 |
|
| 835 |
if ($recursive){ |
| 836 |
$ancestors=array(); |
| 837 |
if (is_array($value)){ |
| 838 |
foreach ($value as $val){ |
| 839 |
$ancestors=array_unique(array_merge(getEntityAncestors($val),$ancestors)); |
| 840 |
} |
| 841 |
$ancestors=array_diff($ancestors,$value); |
| 842 |
} else {
|
| 843 |
$ancestors=getEntityAncestors($value); |
| 844 |
} |
| 845 |
|
| 846 |
if (count($ancestors)){ |
| 847 |
$query.=" OR ( $table.recursive='1' AND $table.$field IN ("; |
| 848 |
$first=true; |
| 849 |
foreach ($ancestors as $val){ |
| 850 |
if (!$first){ |
| 851 |
$query.=","; |
| 852 |
} else {
|
| 853 |
$first=false; |
| 854 |
} |
| 855 |
$query.=$val; |
| 856 |
} |
| 857 |
$query.="))"; |
| 858 |
} |
| 859 |
} |
| 860 |
|
| 861 |
$query.=" ) "; |
| 862 |
|
| 863 |
return $query; |
| 864 |
} |
| 865 |
|
| 866 |
/**
|
| 867 |
* Connect to a LDAP serveur
|
| 868 |
*
|
| 869 |
* @param $host : LDAP host to connect
|
| 870 |
* @param $port : port to use
|
| 871 |
* @param $login : login to use
|
| 872 |
* @param $password : password to use
|
| 873 |
* @param $use_tls : use a tls connection ?
|
| 874 |
* @param $deref_options Deref options used
|
| 875 |
* @return link to the LDAP server : false if connection failed
|
| 876 |
**/
|
| 877 |
function connect_ldap($host, $port, $login = "", $password = "", $use_tls = false,$deref_options) { |
| 878 |
global $CFG_GLPI; |
| 879 |
|
| 880 |
|
| 881 |
$ds = @ldap_connect($host, intval($port)); |
| 882 |
if ($ds) { |
| 883 |
|
| 884 |
@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); |
| 885 |
@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); |
| 886 |
@ldap_set_option($ds, LDAP_OPT_DEREF, $deref_options); |
| 887 |
if ($use_tls) { |
| 888 |
if (!@ldap_start_tls($ds)) { |
| 889 |
return false; |
| 890 |
} |
| 891 |
} |
| 892 |
// Auth bind
|
| 893 |
if ($login != '') { |
| 894 |
$b = @ldap_bind($ds, $login, $password); |
| 895 |
} else { // Anonymous bind |
| 896 |
$b = @ldap_bind($ds); |
| 897 |
} |
| 898 |
if ($b) { |
| 899 |
return $ds; |
| 900 |
} else {
|
| 901 |
return false; |
| 902 |
} |
| 903 |
} else {
|
| 904 |
return false; |
| 905 |
} |
| 906 |
} |
| 907 |
|
| 908 |
|
| 909 |
/**
|
| 910 |
* Try to connect to a ldap server
|
| 911 |
*
|
| 912 |
* @param $id ID of the LDAP config (use to find replicate)
|
| 913 |
* @param $host : LDAP host to connect
|
| 914 |
* @param $port : port to use
|
| 915 |
* @param $rdn : rootdn to use
|
| 916 |
* @param $rpass : rootdn password to use
|
| 917 |
* @param $use_tls : use a tls connection ?
|
| 918 |
* @param $login : user login
|
| 919 |
* @param $password : user password
|
| 920 |
* @param $deref_options Deref options used
|
| 921 |
* @return link to the LDAP server : false if connection failed
|
| 922 |
**/
|
| 923 |
function try_connect_ldap($host, $port, $rdn, $rpass, $use_tls,$login, $password,$deref_options,$id){ |
| 924 |
// TODO try to pass array of connection config to minimise parameters
|
| 925 |
|
| 926 |
$ds = connect_ldap($host, $port, $rdn, $rpass, $use_tls,$deref_options); |
| 927 |
// Test with login and password of the user if exists
|
| 928 |
if (!$ds && !empty($login)) { |
| 929 |
$ds = connect_ldap($host, $port, $login, $password, $use_tls,$deref_options); |
| 930 |
} |
| 931 |
|
| 932 |
//If connection is not successfull on this directory, try replicates (if replicates exists)
|
| 933 |
if (!$ds && $id>0){ |
| 934 |
foreach (getAllReplicateForAMaster($id) as $replicate){ |
| 935 |
$ds = connect_ldap($replicate["ldap_host"], $replicate["ldap_port"], $rdn, $rpass, $use_tls,$deref_options); |
| 936 |
// Test with login and password of the user
|
| 937 |
if (!$ds && !empty($login)) { |
| 938 |
$ds = connect_ldap($replicate["ldap_host"], $replicate["ldap_port"], $login, $password, $use_tls,$deref_options); |
| 939 |
} |
| 940 |
if ($ds){ |
| 941 |
return $ds; |
| 942 |
} |
| 943 |
} |
| 944 |
} |
| 945 |
|
| 946 |
return $ds; |
| 947 |
} |
| 948 |
|
| 949 |
/**
|
| 950 |
* Get infos for groups
|
| 951 |
*
|
| 952 |
* @param $ds : LDAP link
|
| 953 |
* @param $basedn : base dn used to search
|
| 954 |
* @param $group_dn : dn of the group
|
| 955 |
* @param $condition : ldap condition used
|
| 956 |
* @return group infos if found, else false
|
| 957 |
**/
|
| 958 |
function ldap_search_group_by_dn($ds, $basedn, $group_dn,$condition) { |
| 959 |
if($result = @ ldap_read($ds, $group_dn, "objectClass=*", array("cn"))){ |
| 960 |
$info = ldap_get_entries($ds, $result); |
| 961 |
if (is_array($info) AND $info['count'] == 1) |
| 962 |
return $info[0]; |
| 963 |
else
|
| 964 |
return false; |
| 965 |
} |
| 966 |
return false; |
| 967 |
} |
| 968 |
|
| 969 |
/**
|
| 970 |
* Get dn for a user
|
| 971 |
*
|
| 972 |
* @param $ds : LDAP link
|
| 973 |
* @param $basedn : base dn used to search
|
| 974 |
* @param $login_attr : attribute to store login
|
| 975 |
* @param $login : user login
|
| 976 |
* @param $condition : ldap condition used
|
| 977 |
* @return dn of the user, else false
|
| 978 |
**/
|
| 979 |
function ldap_search_user_dn($ds, $basedn, $login_attr, $login, $condition) { |
| 980 |
|
| 981 |
// Tenter une recherche pour essayer de retrouver le DN
|
| 982 |
$filter = "($login_attr=$login)"; |
| 983 |
|
| 984 |
if (!empty ($condition)){ |
| 985 |
$filter = "(& $filter $condition)"; |
| 986 |
} |
| 987 |
if ($result = ldap_search($ds, $basedn, $filter, |
| 988 |
array ("dn", $login_attr),0,0) |
| 989 |
){
|
| 990 |
|
| 991 |
$info = ldap_get_entries($ds, $result); |
| 992 |
if (is_array($info) AND $info['count'] == 1) { |
| 993 |
return $info[0]['dn']; |
| 994 |
} else { // Si echec, essayer de deviner le DN / Flat LDAP |
| 995 |
$dn = "$login_attr=$login, " . $basedn; |
| 996 |
return $dn; |
| 997 |
} |
| 998 |
} else {
|
| 999 |
return false; |
| 1000 |
} |
| 1001 |
} |
| 1002 |
|
| 1003 |
/**
|
| 1004 |
* Try to authentify a user by checking all the directories
|
| 1005 |
* @param $identificat : identification object
|
| 1006 |
* @param $login : user login
|
| 1007 |
* @param $password : user password
|
| 1008 |
* @param $id_auth : id_auth already used for the user
|
| 1009 |
* @return identification object
|
| 1010 |
**/
|
| 1011 |
function try_ldap_auth($identificat,$login,$password, $id_auth = -1) { |
| 1012 |
|
| 1013 |
//If no specific source is given, test all ldap directories
|
| 1014 |
if ($id_auth == -1) { |
| 1015 |
foreach ($identificat->auth_methods["ldap"] as $ldap_method) { |
| 1016 |
if (!$identificat->auth_succeded) { |
| 1017 |
$identificat = ldap_auth($identificat, $login,$password,$ldap_method); |
| 1018 |
} else {
|
| 1019 |
break;
|
| 1020 |
} |
| 1021 |
} |
| 1022 |
//Check if the ldap server indicated as the last good one still exists !
|
| 1023 |
} else if(array_key_exists($id_auth,$identificat->auth_methods["ldap"])){ |
| 1024 |
|
| 1025 |
//A specific ldap directory is given, test it and only this one !
|
| 1026 |
$identificat = ldap_auth($identificat, $login,$password,$identificat->auth_methods["ldap"][$id_auth]); |
| 1027 |
} |
| 1028 |
return $identificat; |
| 1029 |
} |
| 1030 |
|
| 1031 |
/**
|
| 1032 |
* Authentify a user by checking a specific directory
|
| 1033 |
* @param $identificat : identification object
|
| 1034 |
* @param $login : user login
|
| 1035 |
* @param $password : user password
|
| 1036 |
* @param $ldap_method : ldap_method array to use
|
| 1037 |
* @return identification object
|
| 1038 |
**/
|
| 1039 |
function ldap_auth($identificat,$login,$password, $ldap_method) { |
| 1040 |
|
| 1041 |
$user_dn = $identificat->connection_ldap($ldap_method["ID"],$ldap_method["ldap_host"], $ldap_method["ldap_port"], $ldap_method["ldap_basedn"], $ldap_method["ldap_rootdn"], $ldap_method["ldap_pass"], $ldap_method["ldap_login"],$login, $password, $ldap_method["ldap_condition"], $ldap_method["ldap_use_tls"],$ldap_method["ldap_opt_deref"]); |
| 1042 |
if ($user_dn) { |
| 1043 |
$identificat->auth_succeded = true; |
| 1044 |
$identificat->extauth = 1; |
| 1045 |
$identificat->user_present = $identificat->user->getFromDBbyName(addslashes($login)); |
| 1046 |
//$identificat->user->getFromLDAP($ldap_method, $user_dn, utf8_decode($login), utf8_decode($password));
|
| 1047 |
$identificat->user->getFromLDAP($identificat->ldap_connection,$ldap_method, $user_dn, $login, $password); |
| 1048 |
$identificat->auth_parameters = $ldap_method; |
| 1049 |
$identificat->user->fields["auth_method"] = AUTH_LDAP; |
| 1050 |
$identificat->user->fields["id_auth"] = $ldap_method["ID"]; |
| 1051 |
} |
| 1052 |
return $identificat; |
| 1053 |
} |
| 1054 |
|
| 1055 |
/**
|
| 1056 |
* Try to authentify a user by checking all the mail server
|
| 1057 |
* @param $identificat : identification object
|
| 1058 |
* @param $login : user login
|
| 1059 |
* @param $password : user password
|
| 1060 |
* @param $id_auth : id_auth already used for the user
|
| 1061 |
* @return identification object
|
| 1062 |
**/
|
| 1063 |
function try_mail_auth($identificat, $login,$password,$id_auth = -1) { |
| 1064 |
if ($id_auth == -1) { |
| 1065 |
foreach ($identificat->auth_methods["mail"] as $mail_method) { |
| 1066 |
if (!$identificat->auth_succeded) { |
| 1067 |
$identificat = mail_auth($identificat, $login,$password,$mail_method); |
| 1068 |
} |
| 1069 |
else {
|
| 1070 |
break;
|
| 1071 |
} |
| 1072 |
} |
| 1073 |
} else if(array_key_exists($id_auth,$identificat->auth_methods["mail"])){ //Check if the mail server indicated as the last good one still exists ! |
| 1074 |
$identificat = mail_auth($identificat, $login,$password,$identificat->auth_methods["mail"][$id_auth]); |
| 1075 |
} |
| 1076 |
return $identificat; |
| 1077 |
} |
| 1078 |
|
| 1079 |
/**
|
| 1080 |
* Authentify a user by checking a specific mail server
|
| 1081 |
* @param $identificat : identification object
|
| 1082 |
* @param $login : user login
|
| 1083 |
* @param $password : user password
|
| 1084 |
* @param $mail_method : mail_method array to use
|
| 1085 |
* @return identification object
|
| 1086 |
**/
|
| 1087 |
function mail_auth($identificat, $login,$password,$mail_method) { |
| 1088 |
|
| 1089 |
if (isset($mail_method["imap_auth_server"])&&!empty ($mail_method["imap_auth_server"])) { |
| 1090 |
$identificat->auth_succeded = $identificat->connection_imap($mail_method["imap_auth_server"], utf8_decode($login), utf8_decode($password)); |
| 1091 |
if ($identificat->auth_succeded) { |
| 1092 |
$identificat->extauth = 1; |
| 1093 |
$identificat->user_present = $identificat->user->getFromDBbyName(addslashes($login)); |
| 1094 |
$identificat->auth_parameters = $mail_method; |
| 1095 |
|
| 1096 |
$identificat->user->getFromIMAP($mail_method, utf8_decode($login)); |
| 1097 |
|
| 1098 |
//Update the authentication method for the current user
|
| 1099 |
$identificat->user->fields["auth_method"] = AUTH_MAIL; |
| 1100 |
$identificat->user->fields["id_auth"] = $mail_method["ID"]; |
| 1101 |
} |
| 1102 |
} |
| 1103 |
return $identificat; |
| 1104 |
} |
| 1105 |
|
| 1106 |
/**
|
| 1107 |
* Test a connexion to the IMAP/POP server
|
| 1108 |
* @param $imap_auth_server : mail server
|
| 1109 |
* @param $login : user login
|
| 1110 |
* @param $password : user password
|
| 1111 |
* @return authentification succeeded ?
|
| 1112 |
**/
|
| 1113 |
function test_auth_mail($imap_auth_server,$login,$password){ |
| 1114 |
$identificat = new Identification(); |
| 1115 |
return $identificat->connection_imap($imap_auth_server, utf8_decode($login), utf8_decode($password)); |
| 1116 |
} |
| 1117 |
|
| 1118 |
/**
|
| 1119 |
* Import a user from ldap
|
| 1120 |
* Check all the directories. When the user is found, then import it
|
| 1121 |
* @param $login : user login
|
| 1122 |
**/
|
| 1123 |
function import_user_from_ldap_servers($login){ |
| 1124 |
global $LANG; |
| 1125 |
|
| 1126 |
$identificat = new Identification; |
| 1127 |
$identificat->user_present = $identificat->userExists($login); |
| 1128 |
|
| 1129 |
//If the user does not exists
|
| 1130 |
if ($identificat->user_present == 0){ |
| 1131 |
$identificat->getAuthMethods();
|
| 1132 |
$ldap_methods = $identificat->auth_methods["ldap"]; |
| 1133 |
$userid = -1; |
| 1134 |
|
| 1135 |
foreach ($ldap_methods as $ldap_method){ |
| 1136 |
$result=ldapImportUserByServerId($login, 0,$ldap_method["ID"]); |
| 1137 |
if ($result != false){ |
| 1138 |
return $result; |
| 1139 |
} |
| 1140 |
} |
| 1141 |
addMessageAfterRedirect($LANG["login"][15]); |
| 1142 |
} else {
|
| 1143 |
addMessageAfterRedirect($LANG["setup"][606]); |
| 1144 |
} |
| 1145 |
return false; |
| 1146 |
|
| 1147 |
} |
| 1148 |
|
| 1149 |
/**
|
| 1150 |
* Is the Mail authentication used ?
|
| 1151 |
*
|
| 1152 |
* @return boolean
|
| 1153 |
**/
|
| 1154 |
function useAuthMail(){ |
| 1155 |
global $DB; |
| 1156 |
|
| 1157 |
//Get all the pop/imap servers
|
| 1158 |
$sql = "SELECT count(*) FROM glpi_auth_mail"; |
| 1159 |
$result = $DB->query($sql); |
| 1160 |
if ($DB->result($result,0,0) > 0) { |
| 1161 |
return true; |
| 1162 |
} |
| 1163 |
return false; |
| 1164 |
} |
| 1165 |
|
| 1166 |
/**
|
| 1167 |
* Is the LDAP authentication used ?
|
| 1168 |
*
|
| 1169 |
* @return boolean
|
| 1170 |
**/
|
| 1171 |
function useAuthLdap(){ |
| 1172 |
global $DB; |
| 1173 |
|
| 1174 |
//Get all the ldap directories
|
| 1175 |
$sql = "SELECT count(*) FROM glpi_auth_ldap"; |
| 1176 |
$result = $DB->query($sql); |
| 1177 |
if ($DB->result($result,0,0) > 0) { |
| 1178 |
return true; |
| 1179 |
} |
| 1180 |
return false; |
| 1181 |
} |
| 1182 |
|
| 1183 |
|
| 1184 |
/**
|
| 1185 |
* Is an external authentication used ?
|
| 1186 |
*
|
| 1187 |
* @return boolean
|
| 1188 |
**/
|
| 1189 |
function useAuthExt(){ |
| 1190 |
global $DB; |
| 1191 |
|
| 1192 |
//Get all the ldap directories
|
| 1193 |
if (useAuthLdap()){
|
| 1194 |
return true; |
| 1195 |
} |
| 1196 |
|
| 1197 |
if (useAuthMail()){
|
| 1198 |
return true; |
| 1199 |
} |
| 1200 |
return false; |
| 1201 |
} |
| 1202 |
|
| 1203 |
|
| 1204 |
/**
|
| 1205 |
* Show replicate list for a ldap server
|
| 1206 |
*
|
| 1207 |
* @param $target : target page for add new replicate
|
| 1208 |
* @param $master_id : master ldap server ID
|
| 1209 |
**/
|
| 1210 |
function showReplicatesList($target,$master_id){ |
| 1211 |
global $DB,$LANG,$CFG_GLPI; |
| 1212 |
|
| 1213 |
addNewReplicateForm($target, $master_id); |
| 1214 |
|
| 1215 |
$sql = "SELECT * FROM glpi_auth_ldap_replicate WHERE server_id='".$master_id."' ORDER BY name"; |
| 1216 |
$result = $DB->query($sql); |
| 1217 |
if ($DB->numrows($result)>0){ |
| 1218 |
echo "<br>"; |
| 1219 |
$canedit = haveRight("config", "w"); |
| 1220 |
|
| 1221 |
echo "<form action=\"$target\" method=\"post\" name=\"ldap_replicates_form\" id=\"ldap_replicates_form\">"; |
| 1222 |
echo"<input type=\"hidden\" name=\"ID\" value=\"" . $master_id . "\" ></td>"; |
| 1223 |
echo "<div class='center'>"; |
| 1224 |
echo "<table class='tab_cadre_fixe'>"; |
| 1225 |
|
| 1226 |
echo "<tr><th colspan='4'><div class='relative'><span><strong>" . $LANG["ldap"][18] . "</strong></span></th></tr>"; |
| 1227 |
echo "<tr class='tab_bg_1'><td class='center'></td><td class='center'>".$LANG["common"][16]."</td><td class='center'>".$LANG["ldap"][18]."</td><td class='center'></td>"; |
| 1228 |
while ($ldap_replicate = $DB->fetch_array($result)){ |
| 1229 |
echo "<tr class='tab_bg_2'><td class='center'>"; |
| 1230 |
|
| 1231 |
if (isset ($_GET["select"]) && $_GET["select"] == "all"){ |
| 1232 |
$sel = "checked"; |
| 1233 |
} else {
|
| 1234 |
$sel=""; |
| 1235 |
} |
| 1236 |
echo "<input type='checkbox' name='item[" . $ldap_replicate["ID"] . "]' value='1' $sel>"; |
| 1237 |
echo "</td>"; |
| 1238 |
echo "<td class='center'>" . $ldap_replicate["name"] . "</td>"; |
| 1239 |
echo "<td class='center'>".$ldap_replicate["ldap_host"]." : ".$ldap_replicate["ldap_port"] . "</td>"; |
| 1240 |
echo "<td align='center' colspan=4>"; |
| 1241 |
echo"<input type=\"submit\" name=\"test_ldap_replicate[".$ldap_replicate["ID"]."]\" class=\"submit\" value=\"" . $LANG["buttons"][50] . "\" ></td>"; |
| 1242 |
echo"</tr>"; |
| 1243 |
|
| 1244 |
} |
| 1245 |
|
| 1246 |
echo "<div class='center'>"; |
| 1247 |
echo "<table width='950px'>"; |
| 1248 |
|
| 1249 |
echo "<tr><td><img src=\"" . $CFG_GLPI["root_doc"] . "/pics/arrow-left.png\" alt=''></td><td class='center'><a onclick= \"if ( markAllRows('ldap_replicates_form') ) return false;\" href='" . $_SERVER['PHP_SELF'] . "?next=extauth_ldap&ID=$master_id&select=all'>" . $LANG["buttons"][18] . "</a></td>"; |
| 1250 |
echo "<td>/</td><td class='center'><a onclick= \"if ( unMarkAllRows('ldap_replicates_form') ) return false;\" href='" . $_SERVER['PHP_SELF'] . "?next=extauth_ldap&ID=$master_id&select=none'>" . $LANG["buttons"][19] . "</a>"; |
| 1251 |
echo "</td><td align='left' width='80%'>"; |
| 1252 |
echo "<input type='submit' name='delete_replicate' value=\"" . $LANG["buttons"][6] . "\" class='submit'></td>"; |
| 1253 |
echo "</tr>"; |
| 1254 |
|
| 1255 |
echo "</table>"; |
| 1256 |
echo "</div>"; |
| 1257 |
echo "</form>"; |
| 1258 |
} |
| 1259 |
} |
| 1260 |
|
| 1261 |
/**
|
| 1262 |
* Form to add a replicate to a ldap server
|
| 1263 |
*
|
| 1264 |
* @param $target : target page for add new replicate
|
| 1265 |
* @param $master_id : master ldap server ID
|
| 1266 |
**/
|
| 1267 |
function addNewReplicateForm($target, $master_id){ |
| 1268 |
global $LANG; |
| 1269 |
|
| 1270 |
echo "<form action=\"$target\" method=\"post\" name=\"add_replicate_form\" id=\"add_replicate_form\">"; |
| 1271 |
echo "<div class='center'>"; |
| 1272 |
echo "<table class='tab_cadre_fixe'>"; |
| 1273 |
|
| 1274 |
echo "<tr><th colspan='4'><div class='relative'><span><strong>" .$LANG["ldap"][20] . "</strong></span></th></tr>"; |
| 1275 |
echo "<tr class='tab_bg_1'><td class='center'>".$LANG["common"][16]."</td><td class='center'>".$LANG["common"][52]."</td><td class='center'>".$LANG["setup"][175]."</td><td></td></tr>"; |
| 1276 |
echo "<tr class='tab_bg_1'>"; |
| 1277 |
echo "<td class='center'><input type='text' name='name'></td>"; |
| 1278 |
echo "<td class='center'><input type='text' name='ldap_host'></td>"; |
| 1279 |
echo "<td class='center'><input type='text' name='ldap_port'></td>"; |
| 1280 |
echo "<input type='hidden' name='next' value=\"extauth_ldap\"></td>"; |
| 1281 |
echo "<input type='hidden' name='server_id' value=\"".$master_id."\">"; |
| 1282 |
echo "<td class='center'><input type='submit' name='add_replicate' value=\"" . $LANG["buttons"][2] . "\" class='submit'></td></tr>"; |
| 1283 |
echo "</table>"; |
| 1284 |
echo "</div>"; |
| 1285 |
echo "</form>"; |
| 1286 |
|
| 1287 |
} |
| 1288 |
|
| 1289 |
/**
|
| 1290 |
* Get all replicate servers for a master one
|
| 1291 |
*
|
| 1292 |
* @param $master_id : master ldap server ID
|
| 1293 |
* @return array of the replicate servers
|
| 1294 |
**/
|
| 1295 |
function getAllReplicateForAMaster($master_id){ |
| 1296 |
global $DB; |
| 1297 |
|
| 1298 |
$replicates = array(); |
| 1299 |
$result = $DB->query("SELECT ID, ldap_host,ldap_port FROM glpi_auth_ldap_replicate WHERE server_id='".$master_id."'"); |
| 1300 |
if ($DB->numrows($result)>0){ |
| 1301 |
while ($replicate = $DB->fetch_array($result)){ |
| 1302 |
$replicates[] = array("ID"=>$replicate["ID"], "ldap_host"=>$replicate["ldap_host"], "ldap_port"=>$replicate["ldap_port"]); |
| 1303 |
} |
| 1304 |
} |
| 1305 |
return $replicates; |
| 1306 |
} |
| 1307 |
|
| 1308 |
/**
|
| 1309 |
* Get all replicate name servers for a master one
|
| 1310 |
*
|
| 1311 |
* @param $master_id : master ldap server ID
|
| 1312 |
* @return string containing names of the replicate servers
|
| 1313 |
**/
|
| 1314 |
function getAllReplicatesNamesForAMaster($master_id){ |
| 1315 |
$replicates = getAllReplicateForAMaster($master_id); |
| 1316 |
$str = ""; |
| 1317 |
foreach ($replicates as $replicate){ |
| 1318 |
$str.= ($str!=''?',':'')." ".$replicate["ldap_host"].":".$replicate["ldap_port"]; |
| 1319 |
} |
| 1320 |
return $str; |
| 1321 |
} |
| 1322 |
|
| 1323 |
/**
|
| 1324 |
* Check alternate authentication systems
|
| 1325 |
*
|
| 1326 |
* @param $redirect : need to redirect (true) or get type of Auth system which match
|
| 1327 |
* @param $redirect_string : redirect string if exists
|
| 1328 |
* @return nothing if redirect is true, else Auth system ID
|
| 1329 |
**/
|
| 1330 |
function checkAlternateAuthSystems($redirect=false,$redirect_string=''){ |
| 1331 |
global $CFG_GLPI; |
| 1332 |
if (isset($_GET["noAUTO"])||isset($_POST["noAUTO"])){ |
| 1333 |
return false; |
| 1334 |
} |
| 1335 |
|
| 1336 |
$redir_string=""; |
| 1337 |
if (!empty($redirect_string)){ |
| 1338 |
$redir_string="?redirect=".$redirect_string; |
| 1339 |
} |
| 1340 |
|
| 1341 |
// Using x509 server
|
| 1342 |
if (!empty($CFG_GLPI["x509_email_field"]) |
| 1343 |
&&isset($_SERVER['SSL_CLIENT_S_DN'])&&ereg($CFG_GLPI["x509_email_field"],$_SERVER['SSL_CLIENT_S_DN'])) { |
| 1344 |
if ($redirect){ |
| 1345 |
glpi_header("login.php".$redir_string); |
| 1346 |
} else {
|
| 1347 |
return AUTH_X509; |
| 1348 |
} |
| 1349 |
} |
| 1350 |
|
| 1351 |
// Existing auth method
|
| 1352 |
if (!empty($CFG_GLPI["existing_auth_server_field"]) |
| 1353 |
&&isset($_SERVER[$CFG_GLPI["existing_auth_server_field"]])&&!empty($_SERVER[$CFG_GLPI["existing_auth_server_field"]])) { |
| 1354 |
if ($redirect){ |
| 1355 |
glpi_header("login.php".$redir_string); |
| 1356 |
} else {
|
| 1357 |
return AUTH_EXTERNAL; |
| 1358 |
} |
| 1359 |
} |
| 1360 |
|
| 1361 |
// Using CAS server
|
| 1362 |
if (!empty($CFG_GLPI["cas_host"])) { |
| 1363 |
if ($redirect){ |
| 1364 |
glpi_header("login.php".$redir_string); |
| 1365 |
} else {
|
| 1366 |
return AUTH_CAS; |
| 1367 |
} |
| 1368 |
} |
| 1369 |
|
| 1370 |
return false; |
| 1371 |
} |
| 1372 |
|
| 1373 |
/**
|
| 1374 |
* Is an alternate auth ?
|
| 1375 |
*
|
| 1376 |
* @param $id_auth auth type
|
| 1377 |
* @return boolean
|
| 1378 |
**/
|
| 1379 |
function isAlternateAuth($id_auth){ |
| 1380 |
return in_array($id_auth,array(AUTH_X509,AUTH_CAS,AUTH_EXTERNAL)); |
| 1381 |
} |
| 1382 |
|
| 1383 |
/**
|
| 1384 |
* Is an alternate auth wich used LDAP extra server?
|
| 1385 |
*
|
| 1386 |
* @param $id_auth auth type
|
| 1387 |
* @return boolean
|
| 1388 |
**/
|
| 1389 |
function isAlternateAuthWithLdap($id_auth){ |
| 1390 |
global $CFG_GLPI; |
| 1391 |
return (isAlternateAuth($id_auth) && $CFG_GLPI["extra_ldap_server"] > 0); |
| 1392 |
} |
| 1393 |
?>
|