ryxeo-glpi-git / inc / auth.function.php @ b67d8923
Historique | Voir | Annoter | Télécharger (38,2 ko)
1 |
<?php
|
---|---|
2 |
|
3 |
|
4 |
/*
|
5 |
* @version $Id: auth.function.php 7882 2009-01-23 18:24:05Z moyo $
|
6 |
-------------------------------------------------------------------------
|
7 |
GLPI - Gestionnaire Libre de Parc Informatique
|
8 |
Copyright (C) 2003-2009 by the INDEPNET Development Team.
|
9 |
|
10 |
http://indepnet.net/ http://glpi-project.org
|
11 |
-------------------------------------------------------------------------
|
12 |
|
13 |
LICENSE
|
14 |
|
15 |
This file is part of GLPI.
|
16 |
|
17 |
GLPI is free software; you can redistribute it and/or modify
|
18 |
it under the terms of the GNU General Public License as published by
|
19 |
the Free Software Foundation; either version 2 of the License, or
|
20 |
(at your option) any later version.
|
21 |
|
22 |
GLPI is distributed in the hope that it will be useful,
|
23 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
24 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
25 |
GNU General Public License for more details.
|
26 |
|
27 |
You should have received a copy of the GNU General Public License
|
28 |
along with GLPI; if not, write to the Free Software
|
29 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
30 |
--------------------------------------------------------------------------
|
31 |
*/
|
32 |
|
33 |
// ----------------------------------------------------------------------
|
34 |
// Original Author of file:
|
35 |
// Purpose of file:
|
36 |
// ----------------------------------------------------------------------
|
37 |
|
38 |
if (!defined('GLPI_ROOT')) { |
39 |
die("Sorry. You can't access directly to this file"); |
40 |
} |
41 |
|
42 |
/**
|
43 |
* Have I the right $right to module $module (conpare to session variable)
|
44 |
*
|
45 |
* @param $module Module to check
|
46 |
* @param $right Right to check
|
47 |
*
|
48 |
* @return Boolean : session variable have more than the right specified for the module
|
49 |
**/
|
50 |
function haveRight($module, $right) { |
51 |
global $DB; |
52 |
|
53 |
//If GLPI is using the slave DB -> read only mode
|
54 |
if ($DB->isSlave() && $right == "w") |
55 |
return false; |
56 |
|
57 |
$matches = array ( |
58 |
"" => array ( |
59 |
"",
|
60 |
"r",
|
61 |
"w"
|
62 |
), // ne doit pas arriver normalement
|
63 |
"r" => array ( |
64 |
"r",
|
65 |
"w"
|
66 |
), |
67 |
"w" => array ( |
68 |
"w"
|
69 |
), |
70 |
"1" => array ( |
71 |
"1"
|
72 |
), |
73 |
"0" => array ( |
74 |
"0",
|
75 |
"1"
|
76 |
), // ne doit pas arriver non plus
|
77 |
); |
78 |
|
79 |
if (isset ($_SESSION["glpiactiveprofile"][$module]) && in_array($_SESSION["glpiactiveprofile"][$module], $matches[$right])) |
80 |
return true; |
81 |
else
|
82 |
return false; |
83 |
} |
84 |
|
85 |
/**
|
86 |
* Have I the right $right to module type $type (conpare to session variable)
|
87 |
*
|
88 |
* @param $right Right to check
|
89 |
* @param $type Type to check
|
90 |
*
|
91 |
* @return Boolean : session variable have more than the right specified for the module type
|
92 |
**/
|
93 |
function haveTypeRight($type, $right) { |
94 |
global $LANG,$PLUGIN_HOOKS; |
95 |
|
96 |
switch ($type) { |
97 |
case GENERAL_TYPE : |
98 |
return true; |
99 |
break;
|
100 |
case COMPUTER_TYPE : |
101 |
return haveRight("computer", $right); |
102 |
break;
|
103 |
case NETWORKING_TYPE : |
104 |
return haveRight("networking", $right); |
105 |
break;
|
106 |
case PRINTER_TYPE : |
107 |
return haveRight("printer", $right); |
108 |
break;
|
109 |
case MONITOR_TYPE : |
110 |
return haveRight("monitor", $right); |
111 |
break;
|
112 |
case PERIPHERAL_TYPE : |
113 |
return haveRight("peripheral", $right); |
114 |
break;
|
115 |
case SOFTWARE_TYPE : |
116 |
return haveRight("software", $right); |
117 |
break;
|
118 |
case CONTACT_TYPE : |
119 |
return haveRight("contact_enterprise", $right); |
120 |
break;
|
121 |
case ENTERPRISE_TYPE : |
122 |
return haveRight("contact_enterprise", $right); |
123 |
break;
|
124 |
case INFOCOM_TYPE : |
125 |
return haveRight("contract_infocom", $right); |
126 |
break;
|
127 |
case CONTRACT_TYPE : |
128 |
return haveRight("contract_infocom", $right); |
129 |
break;
|
130 |
case CARTRIDGE_TYPE : |
131 |
return haveRight("cartridge", $right); |
132 |
break;
|
133 |
case TYPEDOC_TYPE : |
134 |
return haveRight("typedoc", $right); |
135 |
break;
|
136 |
case DOCUMENT_TYPE : |
137 |
return haveRight("document", $right); |
138 |
break;
|
139 |
case KNOWBASE_TYPE : |
140 |
return (haveRight("knowbase", $right)||haveRight("faq", $right)); |
141 |
break;
|
142 |
case USER_TYPE : |
143 |
return haveRight("user", $right); |
144 |
break;
|
145 |
case TRACKING_TYPE : |
146 |
if ($right=='r'){ |
147 |
return haveRight("show_all_ticket", 1); |
148 |
} else if ($right=='w'){ |
149 |
return haveRight("update_ticket", 1); |
150 |
} else {
|
151 |
return haveRight("show_all_ticket", $right); |
152 |
} |
153 |
break;
|
154 |
case CONSUMABLE_TYPE : |
155 |
return haveRight("consumable", $right); |
156 |
break;
|
157 |
case CARTRIDGE_ITEM_TYPE : |
158 |
return haveRight("cartridge", $right); |
159 |
break;
|
160 |
case CONSUMABLE_ITEM_TYPE : |
161 |
return haveRight("consumable", $right); |
162 |
break;
|
163 |
case LICENSE_TYPE : |
164 |
return haveRight("software", $right); |
165 |
break;
|
166 |
case LINK_TYPE : |
167 |
return haveRight("link", $right); |
168 |
break;
|
169 |
case PHONE_TYPE : |
170 |
return haveRight("phone", $right); |
171 |
break;
|
172 |
case REMINDER_TYPE : |
173 |
return haveRight("reminder_public", $right); |
174 |
break;
|
175 |
case GROUP_TYPE : |
176 |
return haveRight("group", $right); |
177 |
break;
|
178 |
case ENTITY_TYPE : |
179 |
return haveRight("entity", $right); |
180 |
break;
|
181 |
case AUTH_MAIL_TYPE : |
182 |
return haveRight("config",$right); |
183 |
break;
|
184 |
case AUTH_LDAP_TYPE : |
185 |
return haveRight("config",$right); |
186 |
break;
|
187 |
case OCSNG_TYPE : |
188 |
return haveRight("ocsng",$right); |
189 |
break;
|
190 |
case REGISTRY_TYPE : |
191 |
return haveRight("ocsng",$right); |
192 |
break;
|
193 |
case PROFILE_TYPE : |
194 |
return haveRight("profile",$right); |
195 |
break;
|
196 |
case MAILGATE_TYPE : |
197 |
return haveRight("config",$right); |
198 |
break;
|
199 |
case RULE_TYPE : |
200 |
return haveRight("rule_tracking",$right)||haveRight("rule_ocs",$right)||haveRight("rule_ldap",$right)||haveRight("rule_softwarecategories",$right); |
201 |
break;
|
202 |
case TRANSFER_TYPE : |
203 |
return haveRight("transfer",$right); |
204 |
break;
|
205 |
case BOOKMARK_TYPE : |
206 |
return haveRight("bookmark_public",$right); |
207 |
break;
|
208 |
default :
|
209 |
// Plugin case
|
210 |
if ($type>1000){ |
211 |
if (isset($PLUGIN_HOOKS['plugin_types'][$type])){ |
212 |
$function='plugin_'.$PLUGIN_HOOKS['plugin_types'][$type].'_haveTypeRight'; |
213 |
if (function_exists($function)){ |
214 |
return $function($type,$right); |
215 |
} |
216 |
} |
217 |
} |
218 |
|
219 |
break;
|
220 |
|
221 |
} |
222 |
return false; |
223 |
} |
224 |
|
225 |
/**
|
226 |
* Display common message for privileges errors
|
227 |
*
|
228 |
* @return Nothing
|
229 |
**/
|
230 |
function displayRightError() { |
231 |
global $LANG, $CFG_GLPI, $HEADER_LOADED; |
232 |
if (!$HEADER_LOADED) { |
233 |
if (!isset ($_SESSION["glpiactiveprofile"]["interface"])){ |
234 |
nullHeader($LANG["login"][5], $_SERVER['PHP_SELF']); |
235 |
} else {
|
236 |
if ($_SESSION["glpiactiveprofile"]["interface"] == "central"){ |
237 |
commonHeader($LANG["login"][5], $_SERVER['PHP_SELF']); |
238 |
} else {
|
239 |
if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk"){ |
240 |
helpHeader($LANG["login"][5], $_SERVER['PHP_SELF']); |
241 |
} |
242 |
} |
243 |
} |
244 |
} |
245 |
echo "<div class='center'><br><br><img src=\"" . $CFG_GLPI["root_doc"] . "/pics/warning.png\" alt=\"warning\"><br><br>"; |
246 |
echo "<strong>" . $LANG["login"][5] . "</strong></div>"; |
247 |
nullFooter(); |
248 |
exit ();
|
249 |
} |
250 |
|
251 |
/**
|
252 |
* Check if I have the right $right to module $module (conpare to session variable)
|
253 |
*
|
254 |
* @param $module Module to check
|
255 |
* @param $right Right to check
|
256 |
*
|
257 |
* @return Nothing : display error if not permit
|
258 |
**/
|
259 |
function checkRight($module, $right) { |
260 |
global $CFG_GLPI; |
261 |
|
262 |
if (!haveRight($module, $right)) { |
263 |
// Gestion timeout session
|
264 |
if (!isset ($_SESSION["glpiID"])) { |
265 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
266 |
exit ();
|
267 |
} |
268 |
|
269 |
displayRightError(); |
270 |
} |
271 |
} |
272 |
|
273 |
/**
|
274 |
* Check if I have one of the right specified
|
275 |
*
|
276 |
* @param $modules array of modules where keys are modules and value are right
|
277 |
*
|
278 |
* @return Nothing : display error if not permit
|
279 |
**/
|
280 |
function checkSeveralRightsOr($modules) { |
281 |
global $CFG_GLPI; |
282 |
|
283 |
$valid = false; |
284 |
if (count($modules)){ |
285 |
foreach ($modules as $mod => $right){ |
286 |
if (is_numeric($mod)){ |
287 |
if (haveTypeRight($mod, $right)){ |
288 |
$valid = true; |
289 |
} |
290 |
} else if (haveRight($mod, $right)){ |
291 |
$valid = true; |
292 |
} |
293 |
} |
294 |
} |
295 |
|
296 |
if (!$valid) { |
297 |
// Gestion timeout session
|
298 |
if (!isset ($_SESSION["glpiID"])) { |
299 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
300 |
exit ();
|
301 |
} |
302 |
|
303 |
displayRightError(); |
304 |
} |
305 |
} |
306 |
|
307 |
/**
|
308 |
* Check if I have all the rights specified
|
309 |
*
|
310 |
* @param $modules array of modules where keys are modules and value are right
|
311 |
*
|
312 |
* @return Nothing : display error if not permit
|
313 |
**/
|
314 |
function checkSeveralRightsAnd($modules) { |
315 |
global $CFG_GLPI; |
316 |
|
317 |
$valid = true; |
318 |
if (count($modules)){ |
319 |
foreach ($modules as $mod => $right){ |
320 |
if (is_numeric($mod)){ |
321 |
if (!haveTypeRight($mod, $right)){ |
322 |
$valid = false; |
323 |
} |
324 |
} else if (!haveRight($mod, $right)){ |
325 |
$valid = false; |
326 |
} |
327 |
} |
328 |
} |
329 |
|
330 |
if (!$valid) { |
331 |
// Gestion timeout session
|
332 |
if (!isset ($_SESSION["glpiID"])) { |
333 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
334 |
exit ();
|
335 |
} |
336 |
displayRightError(); |
337 |
} |
338 |
} |
339 |
/**
|
340 |
* Check if I have the right $right to module type $type (conpare to session variable)
|
341 |
*
|
342 |
* @param $type Module type to check
|
343 |
* @param $right Right to check
|
344 |
*
|
345 |
* @return Nothing : display error if not permit
|
346 |
**/
|
347 |
function checkTypeRight($type, $right) { |
348 |
global $CFG_GLPI; |
349 |
if (!haveTypeRight($type, $right)) { |
350 |
// Gestion timeout session
|
351 |
if (!isset ($_SESSION["glpiID"])) { |
352 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
353 |
exit ();
|
354 |
} |
355 |
displayRightError(); |
356 |
} |
357 |
} |
358 |
/**
|
359 |
* Check if I have access to the central interface
|
360 |
*
|
361 |
* @return Nothing : display error if not permit
|
362 |
**/
|
363 |
function checkCentralAccess() { |
364 |
|
365 |
global $CFG_GLPI; |
366 |
|
367 |
if (!isset ($_SESSION["glpiactiveprofile"]) || $_SESSION["glpiactiveprofile"]["interface"] != "central") { |
368 |
// Gestion timeout session
|
369 |
if (!isset ($_SESSION["glpiID"])) { |
370 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
371 |
exit ();
|
372 |
} |
373 |
displayRightError(); |
374 |
} |
375 |
} |
376 |
/**
|
377 |
* Check if I have access to the helpdesk interface
|
378 |
*
|
379 |
* @return Nothing : display error if not permit
|
380 |
**/
|
381 |
function checkHelpdeskAccess() { |
382 |
|
383 |
global $CFG_GLPI; |
384 |
|
385 |
if (!isset ($_SESSION["glpiactiveprofile"]) || $_SESSION["glpiactiveprofile"]["interface"] != "helpdesk") { |
386 |
// Gestion timeout session
|
387 |
if (!isset ($_SESSION["glpiID"])) { |
388 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
389 |
exit ();
|
390 |
} |
391 |
displayRightError(); |
392 |
} |
393 |
} |
394 |
|
395 |
/**
|
396 |
* Check if I am logged in
|
397 |
*
|
398 |
* @return Nothing : display error if not permit
|
399 |
**/
|
400 |
function checkLoginUser() { |
401 |
|
402 |
global $CFG_GLPI; |
403 |
|
404 |
if (!isset ($_SESSION["glpiname"])) { |
405 |
// Gestion timeout session
|
406 |
if (!isset ($_SESSION["glpiID"])) { |
407 |
glpi_header($CFG_GLPI["root_doc"] . "/index.php"); |
408 |
exit ();
|
409 |
} |
410 |
displayRightError(); |
411 |
} |
412 |
} |
413 |
|
414 |
/**
|
415 |
* Check if I have the right to access to the FAQ (profile or anonymous FAQ)
|
416 |
*
|
417 |
* @return Nothing : display error if not permit
|
418 |
**/
|
419 |
function checkFaqAccess() { |
420 |
global $CFG_GLPI; |
421 |
|
422 |
if ($CFG_GLPI["public_faq"] == 0 && !haveRight("faq", "r")) { |
423 |
displayRightError(); |
424 |
} |
425 |
|
426 |
} |
427 |
|
428 |
/**
|
429 |
* Include the good language dict.
|
430 |
*
|
431 |
* Get the default language from current user in $_SESSION["glpilanguage"].
|
432 |
* And load the dict that correspond.
|
433 |
* @param $forcelang Force to load a specific lang
|
434 |
*
|
435 |
* @return nothing (make an include)
|
436 |
*
|
437 |
**/
|
438 |
function loadLanguage($forcelang='') { |
439 |
|
440 |
global $LANG, $CFG_GLPI; |
441 |
$file = ""; |
442 |
|
443 |
if (!isset($_SESSION["glpilanguage"])){ |
444 |
$_SESSION["glpilanguage"]=$CFG_GLPI["default_language"]; |
445 |
} |
446 |
|
447 |
$trytoload=$_SESSION["glpilanguage"]; |
448 |
// Force to load a specific lang
|
449 |
if (!empty($forcelang)){ |
450 |
$trytoload=$forcelang; |
451 |
} |
452 |
// If not set try default lang file
|
453 |
if (empty($trytoload)){ |
454 |
$trytoload=$CFG_GLPI["default_language"]; |
455 |
} |
456 |
|
457 |
if (isset ($CFG_GLPI["languages"][$trytoload][1])) { |
458 |
$file = "/locales/" . $CFG_GLPI["languages"][$trytoload][1]; |
459 |
} |
460 |
|
461 |
if (empty ($file) || !is_file(GLPI_ROOT . $file)) { |
462 |
$trytoload='en_GB'; |
463 |
$file = "/locales/en_GB.php"; |
464 |
} |
465 |
$options = array ( |
466 |
'cacheDir' => GLPI_CACHE_DIR, |
467 |
'lifeTime' => DEFAULT_CACHE_LIFETIME, |
468 |
'automaticSerialization' => true, |
469 |
'caching' => $CFG_GLPI["use_cache"], |
470 |
'hashedDirectoryLevel' => 2, |
471 |
'masterFile' => GLPI_ROOT . $file, |
472 |
'fileLocking' => CACHE_FILELOCKINGCONTROL, |
473 |
'writeControl' => CACHE_WRITECONTROL, |
474 |
'readControl' => CACHE_READCONTROL, |
475 |
); |
476 |
$cache = new Cache_Lite_File($options); |
477 |
|
478 |
// Set a id for this cache : $file
|
479 |
if (!($LANG = $cache->get($file, "GLPI_LANG"))) { |
480 |
// Cache miss !
|
481 |
// Put in $LANG datas to put in cache
|
482 |
include (GLPI_ROOT . $file); |
483 |
$cache->save($LANG, $file, "GLPI_LANG"); |
484 |
} |
485 |
|
486 |
// Debug display lang element with item
|
487 |
if ($CFG_GLPI["debug"] && $CFG_GLPI["debug_lang"]) { |
488 |
foreach ($LANG as $module => $tab) { |
489 |
foreach ($tab as $num => $val) { |
490 |
$LANG[$module][$num] .= "<span style='font-size:12px; color:red;'>$module/$num</span>"; |
491 |
} |
492 |
} |
493 |
} |
494 |
return $trytoload; |
495 |
} |
496 |
|
497 |
/**
|
498 |
* Set the entities session variable. Load all entities from DB
|
499 |
*
|
500 |
* @param $userID : ID of the user
|
501 |
* @return Nothing
|
502 |
**/
|
503 |
function initEntityProfiles($userID) { |
504 |
global $DB; |
505 |
|
506 |
$profile = new Profile; |
507 |
|
508 |
$query = "SELECT DISTINCT glpi_profiles.* FROM glpi_users_profiles INNER JOIN glpi_profiles ON (glpi_users_profiles.FK_profiles = glpi_profiles.ID) |
509 |
WHERE glpi_users_profiles.FK_users='$userID'
|
510 |
ORDER BY glpi_profiles.name";
|
511 |
$result = $DB->query($query); |
512 |
$_SESSION['glpiprofiles'] = array (); |
513 |
if ($DB->numrows($result)) { |
514 |
while ($data = $DB->fetch_assoc($result)) { |
515 |
$profile->fields = array (); |
516 |
$profile->getFromDB($data['ID']); |
517 |
$profile->cleanProfile();
|
518 |
$_SESSION['glpiprofiles'][$data['ID']] = $profile->fields; |
519 |
} |
520 |
|
521 |
foreach ($_SESSION['glpiprofiles'] as $key => $tab) { |
522 |
$query2 = "SELECT glpi_users_profiles.FK_entities as eID, glpi_users_profiles.ID as kID, glpi_users_profiles.recursive as recursive, glpi_entities.* FROM glpi_users_profiles LEFT JOIN glpi_entities ON (glpi_users_profiles.FK_entities = glpi_entities.ID) |
523 |
WHERE glpi_users_profiles.FK_profiles='$key' AND glpi_users_profiles.FK_users='$userID'
|
524 |
ORDER BY glpi_entities.completename";
|
525 |
$result2 = $DB->query($query2); |
526 |
if ($DB->numrows($result2)) { |
527 |
while ($data = $DB->fetch_array($result2)) { |
528 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['ID'] = $data['eID']; |
529 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['name'] = $data['name']; |
530 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['completename'] = $data['completename']; |
531 |
$_SESSION['glpiprofiles'][$key]['entities'][$data['kID']]['recursive'] = $data['recursive']; |
532 |
} |
533 |
} |
534 |
} |
535 |
} |
536 |
} |
537 |
|
538 |
/**
|
539 |
* Change active profile to the $ID one. Update glpiactiveprofile session variable.
|
540 |
*
|
541 |
* @param $ID : ID of the new profile
|
542 |
* @return Nothing
|
543 |
**/
|
544 |
function changeProfile($ID) { |
545 |
global $CFG_GLPI,$LANG; |
546 |
if (isset ($_SESSION['glpiprofiles'][$ID]) && count($_SESSION['glpiprofiles'][$ID]['entities'])) { |
547 |
// glpiactiveprofile -> active profile
|
548 |
$_SESSION['glpiactiveprofile'] = $_SESSION['glpiprofiles'][$ID]; |
549 |
$_SESSION['glpi_entities_tree']=array(); |
550 |
$_SESSION['glpiactiveentities'] = array (); |
551 |
// Init ancestors if needed
|
552 |
if (!isset($_SESSION['glpi_entities_ancestors'])){ |
553 |
$_SESSION['glpi_entities_ancestors']=array(); |
554 |
} |
555 |
// glpiactiveentities -> active entities
|
556 |
foreach ($_SESSION['glpiactiveprofile']['entities'] as $key => $val) { |
557 |
if (!$val['recursive']) { |
558 |
if (!array_search($val["ID"], $_SESSION['glpiactiveentities'])) { |
559 |
$_SESSION['glpiactiveentities'][$val['ID']] = $val['ID']; |
560 |
$entity=array(); |
561 |
$entity[$val['ID']]['tree']=array(); |
562 |
|
563 |
if ($val['ID']==0){ |
564 |
$entity[$val['ID']]['name'] = $LANG["entity"][2]; |
565 |
} else {
|
566 |
$entity[$val['ID']]['name'] = $val['name']; |
567 |
} |
568 |
$_SESSION['glpi_entities_tree'][] = $entity; |
569 |
} |
570 |
} else {
|
571 |
$entitytree = getTreeForItem("glpi_entities", $val['ID']); |
572 |
$_SESSION['glpi_entities_tree'][]=$entitytree; |
573 |
$entities = contructListFromTree($entitytree); |
574 |
|
575 |
if (count($entities)) { |
576 |
foreach ($entities as $key2 => $val2) { |
577 |
$_SESSION['glpiactiveentities'][$key2] = $key2; |
578 |
} |
579 |
} |
580 |
} |
581 |
} |
582 |
if (isset($_SESSION['glpiactiveentities'][$_SESSION["glpidefault_entity"]])){ |
583 |
changeActiveEntities($_SESSION["glpidefault_entity"],true); |
584 |
} else {
|
585 |
changeActiveEntities("all");
|
586 |
} |
587 |
|
588 |
|
589 |
doHook("change_profile");
|
590 |
} |
591 |
cleanCache("GLPI_HEADER_".$_SESSION["glpiID"]); |
592 |
// Clean specific datas
|
593 |
if (isset($_SESSION['glpi_faqcategories'])){ |
594 |
unset($_SESSION['glpi_faqcategories']); |
595 |
} |
596 |
} |
597 |
|
598 |
|
599 |
/**
|
600 |
* Change active entity to the $ID one. Update glpiactiveentities session variable.
|
601 |
* Reload groups related to this entity.
|
602 |
*
|
603 |
* @param $ID : ID of the new active entity ("all"=>load all possible entities)
|
604 |
* @param $recursive : also display sub entities of the active entity ?
|
605 |
* @return Nothing
|
606 |
**/
|
607 |
function changeActiveEntities($ID="all",$recursive=false) { |
608 |
global $LANG; |
609 |
$newentities=array(); |
610 |
if ($ID=="all"){ |
611 |
foreach ($_SESSION['glpi_entities_tree'] as $key => $tree){ |
612 |
$entities = contructListFromTree($tree); |
613 |
if (count($entities)) { |
614 |
foreach ($entities as $key2 => $val2) { |
615 |
$newentities[$key2] = $key2; |
616 |
} |
617 |
} |
618 |
} |
619 |
} else {
|
620 |
$newentities[$ID] = $ID; |
621 |
if ($recursive){ |
622 |
foreach ($_SESSION['glpi_entities_tree'] as $key => $tree){ |
623 |
$entities = contructListFromTree($tree); |
624 |
$tofind=array($ID); |
625 |
while (count($tofind)){ |
626 |
$founded=array(); |
627 |
foreach ($entities as $key2 => $val2){ |
628 |
if (in_array($val2,$tofind)){ |
629 |
$newentities[$key2] = $key2; |
630 |
$founded[]=$key2; |
631 |
unset($entities[$key2]); |
632 |
} |
633 |
} |
634 |
$tofind=$founded; |
635 |
} |
636 |
} |
637 |
} |
638 |
} |
639 |
if (count($newentities)>0){ |
640 |
$_SESSION['glpiactiveentities']=$newentities; |
641 |
// Active entity loading
|
642 |
$active=key($_SESSION['glpiactiveentities']); |
643 |
$_SESSION["glpiactive_entity"] = $active; |
644 |
$_SESSION["glpiactive_entity_name"] = getDropdownName("glpi_entities",$active); |
645 |
$_SESSION["glpiactive_entity_shortname"] = getTreeLeafValueName("glpi_entities",$active); |
646 |
if ($recursive){ |
647 |
$_SESSION["glpiactive_entity_name"] .= " (".$LANG["entity"][7].")"; |
648 |
$_SESSION["glpiactive_entity_shortname"] .= " (".$LANG["entity"][7].")"; |
649 |
} |
650 |
if ($ID=="all"){ |
651 |
$_SESSION["glpiactive_entity_name"] .= " (".$LANG["buttons"][40].")"; |
652 |
$_SESSION["glpiactive_entity_shortname"] .= " (".$LANG["buttons"][40].")"; |
653 |
} |
654 |
if (countElementsInTable('glpi_entities')<count($_SESSION['glpiactiveentities'])){ |
655 |
$_SESSION['glpishowallentities']=1; |
656 |
} else {
|
657 |
$_SESSION['glpishowallentities']=0; |
658 |
} |
659 |
|
660 |
// Clean session variable to search system
|
661 |
if (isset($_SESSION['glpisearch'])&&count($_SESSION['glpisearch'])){ |
662 |
foreach ($_SESSION['glpisearch'] as $type => $tab){ |
663 |
if (isset($tab['start'])&&$tab['start']>0){ |
664 |
$_SESSION['glpisearch'][$type]['start']=0; |
665 |
} |
666 |
} |
667 |
} |
668 |
|
669 |
loadGroups(); |
670 |
doHook("change_entity");
|
671 |
cleanCache("GLPI_HEADER_".$_SESSION["glpiID"]); |
672 |
} |
673 |
} |
674 |
|
675 |
/**
|
676 |
* Load groups where I am in the active entity.
|
677 |
* @return Nothing
|
678 |
**/
|
679 |
function loadGroups() { |
680 |
global $DB; |
681 |
|
682 |
$_SESSION["glpigroups"] = array (); |
683 |
|
684 |
|
685 |
$first=true; |
686 |
$entities=""; |
687 |
foreach ($_SESSION['glpiactiveentities'] as $val){ |
688 |
if (!$first) $entities.=","; |
689 |
else $first=false; |
690 |
$entities.="'".$val."'"; |
691 |
} |
692 |
|
693 |
|
694 |
$query_gp = "SELECT FK_groups FROM glpi_users_groups LEFT JOIN glpi_groups ON (glpi_users_groups.FK_groups = glpi_groups.ID) WHERE glpi_users_groups.FK_users='" . $_SESSION['glpiID'] . "' AND glpi_groups.FK_entities IN ($entities)"; |
695 |
|
696 |
$result_gp = $DB->query($query_gp); |
697 |
if ($DB->numrows($result_gp)) { |
698 |
while ($data = $DB->fetch_array($result_gp)) { |
699 |
$_SESSION["glpigroups"][] = $data["FK_groups"]; |
700 |
} |
701 |
} |
702 |
} |
703 |
|
704 |
/**
|
705 |
* Check if you could create recursive object in the entity of id = $ID
|
706 |
*
|
707 |
* @param $ID : ID of the entity
|
708 |
* @return Boolean :
|
709 |
**/
|
710 |
function haveRecursiveAccessToEntity($ID) { |
711 |
|
712 |
// Right by profile
|
713 |
foreach ($_SESSION['glpiactiveprofile']['entities'] as $key => $val) { |
714 |
if ($val['ID']==$ID) { |
715 |
return $val['recursive']; |
716 |
} |
717 |
} |
718 |
|
719 |
// Right is from a recursive profile
|
720 |
if (isset ($_SESSION['glpiactiveentities'])) { |
721 |
return in_array($ID, $_SESSION['glpiactiveentities']); |
722 |
} |
723 |
|
724 |
return false; |
725 |
} |
726 |
|
727 |
/**
|
728 |
* Check if you could access (read) to the entity of id = $ID
|
729 |
*
|
730 |
* @param $ID : ID of the entity
|
731 |
* @param $recursive : boolean if resursive item
|
732 |
*
|
733 |
* @return Boolean : read access to entity
|
734 |
**/
|
735 |
function haveAccessToEntity($ID, $recursive=0) { |
736 |
if (!isset ($_SESSION['glpiactiveentities'])) { |
737 |
return false; |
738 |
} |
739 |
|
740 |
if (!$recursive) { |
741 |
return in_array($ID, $_SESSION['glpiactiveentities']); |
742 |
} |
743 |
|
744 |
if (in_array($ID, $_SESSION['glpiactiveentities'])) { |
745 |
return true; |
746 |
} |
747 |
|
748 |
// Recursive object
|
749 |
foreach ($_SESSION['glpiactiveentities'] as $ent) { |
750 |
if (in_array($ID, getEntityAncestors($ent))) { |
751 |
return true; |
752 |
} |
753 |
} |
754 |
|
755 |
return false; |
756 |
} |
757 |
|
758 |
/**
|
759 |
* Check if you could access to one entity of an list
|
760 |
*
|
761 |
* @param $tab : list ID of entities
|
762 |
* @return Boolean :
|
763 |
**/
|
764 |
function haveAccessToOneOfEntities($tab) { |
765 |
$access=false; |
766 |
if (is_array($tab)&&count($tab)){ |
767 |
foreach ($tab as $val){ |
768 |
if (haveAccessToEntity($val)){ |
769 |
return true; |
770 |
} |
771 |
} |
772 |
} |
773 |
return $access; |
774 |
} |
775 |
|
776 |
/**
|
777 |
* Get SQL request to restrict to current entities of the user
|
778 |
*
|
779 |
* @param $separator : separator in the begin of the request
|
780 |
* @param $table : table where apply the limit (if needed, multiple tables queries)
|
781 |
* @param $field : field where apply the limit (id != FK_entities)
|
782 |
* @param $value : entity to restrict (if not set use $_SESSION['glpiactiveentities']). single item or array
|
783 |
* @param $recursive : need to use recursive process to find item (field need to be named recursive)
|
784 |
* @return String : the WHERE clause to restrict
|
785 |
**/
|
786 |
function getEntitiesRestrictRequest($separator = "AND", $table = "", $field = "",$value='',$recursive=false) { |
787 |
|
788 |
$query = $separator ." ( "; |
789 |
|
790 |
// !='0' needed because consider as empty
|
791 |
if ($value!='0'&&empty($value)&&isset($_SESSION['glpishowallentities'])&&$_SESSION['glpishowallentities']){ |
792 |
// Not ADD "AND 1" if not needed
|
793 |
if (trim($separator)=="AND"){ |
794 |
return ""; |
795 |
} else {
|
796 |
return $query." 1 ) "; |
797 |
} |
798 |
} |
799 |
|
800 |
if (!is_array($value)&&strlen($value)==0){ |
801 |
$value=$_SESSION['glpiactiveentities']; |
802 |
} |
803 |
|
804 |
|
805 |
if (!empty ($table)) { |
806 |
$query .= $table . "."; |
807 |
} |
808 |
if (empty($field)){ |
809 |
if ($table=='glpi_entities') { |
810 |
$field="ID"; |
811 |
} else {
|
812 |
$field="FK_entities"; |
813 |
} |
814 |
} |
815 |
|
816 |
$query.=$field; |
817 |
|
818 |
if (is_array($value)){ |
819 |
$query.=" IN ("; |
820 |
$first=true; |
821 |
|
822 |
foreach ($value as $val){ |
823 |
if (!$first){ |
824 |
$query.=","; |
825 |
} else {
|
826 |
$first=false; |
827 |
} |
828 |
$query.=$val; |
829 |
} |
830 |
$query.=") "; |
831 |
} else {
|
832 |
$query.= " = '$value' "; |
833 |
} |
834 |
|
835 |
if ($recursive){ |
836 |
$ancestors=array(); |
837 |
if (is_array($value)){ |
838 |
foreach ($value as $val){ |
839 |
$ancestors=array_unique(array_merge(getEntityAncestors($val),$ancestors)); |
840 |
} |
841 |
$ancestors=array_diff($ancestors,$value); |
842 |
} else {
|
843 |
$ancestors=getEntityAncestors($value); |
844 |
} |
845 |
|
846 |
if (count($ancestors)){ |
847 |
$query.=" OR ( $table.recursive='1' AND $table.$field IN ("; |
848 |
$first=true; |
849 |
foreach ($ancestors as $val){ |
850 |
if (!$first){ |
851 |
$query.=","; |
852 |
} else {
|
853 |
$first=false; |
854 |
} |
855 |
$query.=$val; |
856 |
} |
857 |
$query.="))"; |
858 |
} |
859 |
} |
860 |
|
861 |
$query.=" ) "; |
862 |
|
863 |
return $query; |
864 |
} |
865 |
|
866 |
/**
|
867 |
* Connect to a LDAP serveur
|
868 |
*
|
869 |
* @param $host : LDAP host to connect
|
870 |
* @param $port : port to use
|
871 |
* @param $login : login to use
|
872 |
* @param $password : password to use
|
873 |
* @param $use_tls : use a tls connection ?
|
874 |
* @param $deref_options Deref options used
|
875 |
* @return link to the LDAP server : false if connection failed
|
876 |
**/
|
877 |
function connect_ldap($host, $port, $login = "", $password = "", $use_tls = false,$deref_options) { |
878 |
global $CFG_GLPI; |
879 |
|
880 |
|
881 |
$ds = @ldap_connect($host, intval($port)); |
882 |
if ($ds) { |
883 |
|
884 |
@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); |
885 |
@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); |
886 |
@ldap_set_option($ds, LDAP_OPT_DEREF, $deref_options); |
887 |
if ($use_tls) { |
888 |
if (!@ldap_start_tls($ds)) { |
889 |
return false; |
890 |
} |
891 |
} |
892 |
// Auth bind
|
893 |
if ($login != '') { |
894 |
$b = @ldap_bind($ds, $login, $password); |
895 |
} else { // Anonymous bind |
896 |
$b = @ldap_bind($ds); |
897 |
} |
898 |
if ($b) { |
899 |
return $ds; |
900 |
} else {
|
901 |
return false; |
902 |
} |
903 |
} else {
|
904 |
return false; |
905 |
} |
906 |
} |
907 |
|
908 |
|
909 |
/**
|
910 |
* Try to connect to a ldap server
|
911 |
*
|
912 |
* @param $id ID of the LDAP config (use to find replicate)
|
913 |
* @param $host : LDAP host to connect
|
914 |
* @param $port : port to use
|
915 |
* @param $rdn : rootdn to use
|
916 |
* @param $rpass : rootdn password to use
|
917 |
* @param $use_tls : use a tls connection ?
|
918 |
* @param $login : user login
|
919 |
* @param $password : user password
|
920 |
* @param $deref_options Deref options used
|
921 |
* @return link to the LDAP server : false if connection failed
|
922 |
**/
|
923 |
function try_connect_ldap($host, $port, $rdn, $rpass, $use_tls,$login, $password,$deref_options,$id){ |
924 |
// TODO try to pass array of connection config to minimise parameters
|
925 |
|
926 |
$ds = connect_ldap($host, $port, $rdn, $rpass, $use_tls,$deref_options); |
927 |
// Test with login and password of the user if exists
|
928 |
if (!$ds && !empty($login)) { |
929 |
$ds = connect_ldap($host, $port, $login, $password, $use_tls,$deref_options); |
930 |
} |
931 |
|
932 |
//If connection is not successfull on this directory, try replicates (if replicates exists)
|
933 |
if (!$ds && $id>0){ |
934 |
foreach (getAllReplicateForAMaster($id) as $replicate){ |
935 |
$ds = connect_ldap($replicate["ldap_host"], $replicate["ldap_port"], $rdn, $rpass, $use_tls,$deref_options); |
936 |
// Test with login and password of the user
|
937 |
if (!$ds && !empty($login)) { |
938 |
$ds = connect_ldap($replicate["ldap_host"], $replicate["ldap_port"], $login, $password, $use_tls,$deref_options); |
939 |
} |
940 |
if ($ds){ |
941 |
return $ds; |
942 |
} |
943 |
} |
944 |
} |
945 |
|
946 |
return $ds; |
947 |
} |
948 |
|
949 |
/**
|
950 |
* Get infos for groups
|
951 |
*
|
952 |
* @param $ds : LDAP link
|
953 |
* @param $basedn : base dn used to search
|
954 |
* @param $group_dn : dn of the group
|
955 |
* @param $condition : ldap condition used
|
956 |
* @return group infos if found, else false
|
957 |
**/
|
958 |
function ldap_search_group_by_dn($ds, $basedn, $group_dn,$condition) { |
959 |
if($result = @ ldap_read($ds, $group_dn, "objectClass=*", array("cn"))){ |
960 |
$info = ldap_get_entries($ds, $result); |
961 |
if (is_array($info) AND $info['count'] == 1) |
962 |
return $info[0]; |
963 |
else
|
964 |
return false; |
965 |
} |
966 |
return false; |
967 |
} |
968 |
|
969 |
/**
|
970 |
* Get dn for a user
|
971 |
*
|
972 |
* @param $ds : LDAP link
|
973 |
* @param $basedn : base dn used to search
|
974 |
* @param $login_attr : attribute to store login
|
975 |
* @param $login : user login
|
976 |
* @param $condition : ldap condition used
|
977 |
* @return dn of the user, else false
|
978 |
**/
|
979 |
function ldap_search_user_dn($ds, $basedn, $login_attr, $login, $condition) { |
980 |
|
981 |
// Tenter une recherche pour essayer de retrouver le DN
|
982 |
$filter = "($login_attr=$login)"; |
983 |
|
984 |
if (!empty ($condition)){ |
985 |
$filter = "(& $filter $condition)"; |
986 |
} |
987 |
if ($result = ldap_search($ds, $basedn, $filter, |
988 |
array ("dn", $login_attr),0,0) |
989 |
){ |
990 |
|
991 |
$info = ldap_get_entries($ds, $result); |
992 |
if (is_array($info) AND $info['count'] == 1) { |
993 |
return $info[0]['dn']; |
994 |
} else { // Si echec, essayer de deviner le DN / Flat LDAP |
995 |
$dn = "$login_attr=$login, " . $basedn; |
996 |
return $dn; |
997 |
} |
998 |
} else {
|
999 |
return false; |
1000 |
} |
1001 |
} |
1002 |
|
1003 |
/**
|
1004 |
* Try to authentify a user by checking all the directories
|
1005 |
* @param $identificat : identification object
|
1006 |
* @param $login : user login
|
1007 |
* @param $password : user password
|
1008 |
* @param $id_auth : id_auth already used for the user
|
1009 |
* @return identification object
|
1010 |
**/
|
1011 |
function try_ldap_auth($identificat,$login,$password, $id_auth = -1) { |
1012 |
|
1013 |
//If no specific source is given, test all ldap directories
|
1014 |
if ($id_auth == -1) { |
1015 |
foreach ($identificat->auth_methods["ldap"] as $ldap_method) { |
1016 |
if (!$identificat->auth_succeded) { |
1017 |
$identificat = ldap_auth($identificat, $login,$password,$ldap_method); |
1018 |
} else {
|
1019 |
break;
|
1020 |
} |
1021 |
} |
1022 |
//Check if the ldap server indicated as the last good one still exists !
|
1023 |
} else if(array_key_exists($id_auth,$identificat->auth_methods["ldap"])){ |
1024 |
|
1025 |
//A specific ldap directory is given, test it and only this one !
|
1026 |
$identificat = ldap_auth($identificat, $login,$password,$identificat->auth_methods["ldap"][$id_auth]); |
1027 |
} |
1028 |
return $identificat; |
1029 |
} |
1030 |
|
1031 |
/**
|
1032 |
* Authentify a user by checking a specific directory
|
1033 |
* @param $identificat : identification object
|
1034 |
* @param $login : user login
|
1035 |
* @param $password : user password
|
1036 |
* @param $ldap_method : ldap_method array to use
|
1037 |
* @return identification object
|
1038 |
**/
|
1039 |
function ldap_auth($identificat,$login,$password, $ldap_method) { |
1040 |
|
1041 |
$user_dn = $identificat->connection_ldap($ldap_method["ID"],$ldap_method["ldap_host"], $ldap_method["ldap_port"], $ldap_method["ldap_basedn"], $ldap_method["ldap_rootdn"], $ldap_method["ldap_pass"], $ldap_method["ldap_login"],$login, $password, $ldap_method["ldap_condition"], $ldap_method["ldap_use_tls"],$ldap_method["ldap_opt_deref"]); |
1042 |
if ($user_dn) { |
1043 |
$identificat->auth_succeded = true; |
1044 |
$identificat->extauth = 1; |
1045 |
$identificat->user_present = $identificat->user->getFromDBbyName(addslashes($login)); |
1046 |
//$identificat->user->getFromLDAP($ldap_method, $user_dn, utf8_decode($login), utf8_decode($password));
|
1047 |
$identificat->user->getFromLDAP($identificat->ldap_connection,$ldap_method, $user_dn, $login, $password); |
1048 |
$identificat->auth_parameters = $ldap_method; |
1049 |
$identificat->user->fields["auth_method"] = AUTH_LDAP; |
1050 |
$identificat->user->fields["id_auth"] = $ldap_method["ID"]; |
1051 |
} |
1052 |
return $identificat; |
1053 |
} |
1054 |
|
1055 |
/**
|
1056 |
* Try to authentify a user by checking all the mail server
|
1057 |
* @param $identificat : identification object
|
1058 |
* @param $login : user login
|
1059 |
* @param $password : user password
|
1060 |
* @param $id_auth : id_auth already used for the user
|
1061 |
* @return identification object
|
1062 |
**/
|
1063 |
function try_mail_auth($identificat, $login,$password,$id_auth = -1) { |
1064 |
if ($id_auth == -1) { |
1065 |
foreach ($identificat->auth_methods["mail"] as $mail_method) { |
1066 |
if (!$identificat->auth_succeded) { |
1067 |
$identificat = mail_auth($identificat, $login,$password,$mail_method); |
1068 |
} |
1069 |
else {
|
1070 |
break;
|
1071 |
} |
1072 |
} |
1073 |
} else if(array_key_exists($id_auth,$identificat->auth_methods["mail"])){ //Check if the mail server indicated as the last good one still exists ! |
1074 |
$identificat = mail_auth($identificat, $login,$password,$identificat->auth_methods["mail"][$id_auth]); |
1075 |
} |
1076 |
return $identificat; |
1077 |
} |
1078 |
|
1079 |
/**
|
1080 |
* Authentify a user by checking a specific mail server
|
1081 |
* @param $identificat : identification object
|
1082 |
* @param $login : user login
|
1083 |
* @param $password : user password
|
1084 |
* @param $mail_method : mail_method array to use
|
1085 |
* @return identification object
|
1086 |
**/
|
1087 |
function mail_auth($identificat, $login,$password,$mail_method) { |
1088 |
|
1089 |
if (isset($mail_method["imap_auth_server"])&&!empty ($mail_method["imap_auth_server"])) { |
1090 |
$identificat->auth_succeded = $identificat->connection_imap($mail_method["imap_auth_server"], utf8_decode($login), utf8_decode($password)); |
1091 |
if ($identificat->auth_succeded) { |
1092 |
$identificat->extauth = 1; |
1093 |
$identificat->user_present = $identificat->user->getFromDBbyName(addslashes($login)); |
1094 |
$identificat->auth_parameters = $mail_method; |
1095 |
|
1096 |
$identificat->user->getFromIMAP($mail_method, utf8_decode($login)); |
1097 |
|
1098 |
//Update the authentication method for the current user
|
1099 |
$identificat->user->fields["auth_method"] = AUTH_MAIL; |
1100 |
$identificat->user->fields["id_auth"] = $mail_method["ID"]; |
1101 |
} |
1102 |
} |
1103 |
return $identificat; |
1104 |
} |
1105 |
|
1106 |
/**
|
1107 |
* Test a connexion to the IMAP/POP server
|
1108 |
* @param $imap_auth_server : mail server
|
1109 |
* @param $login : user login
|
1110 |
* @param $password : user password
|
1111 |
* @return authentification succeeded ?
|
1112 |
**/
|
1113 |
function test_auth_mail($imap_auth_server,$login,$password){ |
1114 |
$identificat = new Identification(); |
1115 |
return $identificat->connection_imap($imap_auth_server, utf8_decode($login), utf8_decode($password)); |
1116 |
} |
1117 |
|
1118 |
/**
|
1119 |
* Import a user from ldap
|
1120 |
* Check all the directories. When the user is found, then import it
|
1121 |
* @param $login : user login
|
1122 |
**/
|
1123 |
function import_user_from_ldap_servers($login){ |
1124 |
global $LANG; |
1125 |
|
1126 |
$identificat = new Identification; |
1127 |
$identificat->user_present = $identificat->userExists($login); |
1128 |
|
1129 |
//If the user does not exists
|
1130 |
if ($identificat->user_present == 0){ |
1131 |
$identificat->getAuthMethods();
|
1132 |
$ldap_methods = $identificat->auth_methods["ldap"]; |
1133 |
$userid = -1; |
1134 |
|
1135 |
foreach ($ldap_methods as $ldap_method){ |
1136 |
$result=ldapImportUserByServerId($login, 0,$ldap_method["ID"]); |
1137 |
if ($result != false){ |
1138 |
return $result; |
1139 |
} |
1140 |
} |
1141 |
addMessageAfterRedirect($LANG["login"][15]); |
1142 |
} else {
|
1143 |
addMessageAfterRedirect($LANG["setup"][606]); |
1144 |
} |
1145 |
return false; |
1146 |
|
1147 |
} |
1148 |
|
1149 |
/**
|
1150 |
* Is the Mail authentication used ?
|
1151 |
*
|
1152 |
* @return boolean
|
1153 |
**/
|
1154 |
function useAuthMail(){ |
1155 |
global $DB; |
1156 |
|
1157 |
//Get all the pop/imap servers
|
1158 |
$sql = "SELECT count(*) FROM glpi_auth_mail"; |
1159 |
$result = $DB->query($sql); |
1160 |
if ($DB->result($result,0,0) > 0) { |
1161 |
return true; |
1162 |
} |
1163 |
return false; |
1164 |
} |
1165 |
|
1166 |
/**
|
1167 |
* Is the LDAP authentication used ?
|
1168 |
*
|
1169 |
* @return boolean
|
1170 |
**/
|
1171 |
function useAuthLdap(){ |
1172 |
global $DB; |
1173 |
|
1174 |
//Get all the ldap directories
|
1175 |
$sql = "SELECT count(*) FROM glpi_auth_ldap"; |
1176 |
$result = $DB->query($sql); |
1177 |
if ($DB->result($result,0,0) > 0) { |
1178 |
return true; |
1179 |
} |
1180 |
return false; |
1181 |
} |
1182 |
|
1183 |
|
1184 |
/**
|
1185 |
* Is an external authentication used ?
|
1186 |
*
|
1187 |
* @return boolean
|
1188 |
**/
|
1189 |
function useAuthExt(){ |
1190 |
global $DB; |
1191 |
|
1192 |
//Get all the ldap directories
|
1193 |
if (useAuthLdap()){
|
1194 |
return true; |
1195 |
} |
1196 |
|
1197 |
if (useAuthMail()){
|
1198 |
return true; |
1199 |
} |
1200 |
return false; |
1201 |
} |
1202 |
|
1203 |
|
1204 |
/**
|
1205 |
* Show replicate list for a ldap server
|
1206 |
*
|
1207 |
* @param $target : target page for add new replicate
|
1208 |
* @param $master_id : master ldap server ID
|
1209 |
**/
|
1210 |
function showReplicatesList($target,$master_id){ |
1211 |
global $DB,$LANG,$CFG_GLPI; |
1212 |
|
1213 |
addNewReplicateForm($target, $master_id); |
1214 |
|
1215 |
$sql = "SELECT * FROM glpi_auth_ldap_replicate WHERE server_id='".$master_id."' ORDER BY name"; |
1216 |
$result = $DB->query($sql); |
1217 |
if ($DB->numrows($result)>0){ |
1218 |
echo "<br>"; |
1219 |
$canedit = haveRight("config", "w"); |
1220 |
|
1221 |
echo "<form action=\"$target\" method=\"post\" name=\"ldap_replicates_form\" id=\"ldap_replicates_form\">"; |
1222 |
echo"<input type=\"hidden\" name=\"ID\" value=\"" . $master_id . "\" ></td>"; |
1223 |
echo "<div class='center'>"; |
1224 |
echo "<table class='tab_cadre_fixe'>"; |
1225 |
|
1226 |
echo "<tr><th colspan='4'><div class='relative'><span><strong>" . $LANG["ldap"][18] . "</strong></span></th></tr>"; |
1227 |
echo "<tr class='tab_bg_1'><td class='center'></td><td class='center'>".$LANG["common"][16]."</td><td class='center'>".$LANG["ldap"][18]."</td><td class='center'></td>"; |
1228 |
while ($ldap_replicate = $DB->fetch_array($result)){ |
1229 |
echo "<tr class='tab_bg_2'><td class='center'>"; |
1230 |
|
1231 |
if (isset ($_GET["select"]) && $_GET["select"] == "all"){ |
1232 |
$sel = "checked"; |
1233 |
} else {
|
1234 |
$sel=""; |
1235 |
} |
1236 |
echo "<input type='checkbox' name='item[" . $ldap_replicate["ID"] . "]' value='1' $sel>"; |
1237 |
echo "</td>"; |
1238 |
echo "<td class='center'>" . $ldap_replicate["name"] . "</td>"; |
1239 |
echo "<td class='center'>".$ldap_replicate["ldap_host"]." : ".$ldap_replicate["ldap_port"] . "</td>"; |
1240 |
echo "<td align='center' colspan=4>"; |
1241 |
echo"<input type=\"submit\" name=\"test_ldap_replicate[".$ldap_replicate["ID"]."]\" class=\"submit\" value=\"" . $LANG["buttons"][50] . "\" ></td>"; |
1242 |
echo"</tr>"; |
1243 |
|
1244 |
} |
1245 |
|
1246 |
echo "<div class='center'>"; |
1247 |
echo "<table width='950px'>"; |
1248 |
|
1249 |
echo "<tr><td><img src=\"" . $CFG_GLPI["root_doc"] . "/pics/arrow-left.png\" alt=''></td><td class='center'><a onclick= \"if ( markAllRows('ldap_replicates_form') ) return false;\" href='" . $_SERVER['PHP_SELF'] . "?next=extauth_ldap&ID=$master_id&select=all'>" . $LANG["buttons"][18] . "</a></td>"; |
1250 |
echo "<td>/</td><td class='center'><a onclick= \"if ( unMarkAllRows('ldap_replicates_form') ) return false;\" href='" . $_SERVER['PHP_SELF'] . "?next=extauth_ldap&ID=$master_id&select=none'>" . $LANG["buttons"][19] . "</a>"; |
1251 |
echo "</td><td align='left' width='80%'>"; |
1252 |
echo "<input type='submit' name='delete_replicate' value=\"" . $LANG["buttons"][6] . "\" class='submit'></td>"; |
1253 |
echo "</tr>"; |
1254 |
|
1255 |
echo "</table>"; |
1256 |
echo "</div>"; |
1257 |
echo "</form>"; |
1258 |
} |
1259 |
} |
1260 |
|
1261 |
/**
|
1262 |
* Form to add a replicate to a ldap server
|
1263 |
*
|
1264 |
* @param $target : target page for add new replicate
|
1265 |
* @param $master_id : master ldap server ID
|
1266 |
**/
|
1267 |
function addNewReplicateForm($target, $master_id){ |
1268 |
global $LANG; |
1269 |
|
1270 |
echo "<form action=\"$target\" method=\"post\" name=\"add_replicate_form\" id=\"add_replicate_form\">"; |
1271 |
echo "<div class='center'>"; |
1272 |
echo "<table class='tab_cadre_fixe'>"; |
1273 |
|
1274 |
echo "<tr><th colspan='4'><div class='relative'><span><strong>" .$LANG["ldap"][20] . "</strong></span></th></tr>"; |
1275 |
echo "<tr class='tab_bg_1'><td class='center'>".$LANG["common"][16]."</td><td class='center'>".$LANG["common"][52]."</td><td class='center'>".$LANG["setup"][175]."</td><td></td></tr>"; |
1276 |
echo "<tr class='tab_bg_1'>"; |
1277 |
echo "<td class='center'><input type='text' name='name'></td>"; |
1278 |
echo "<td class='center'><input type='text' name='ldap_host'></td>"; |
1279 |
echo "<td class='center'><input type='text' name='ldap_port'></td>"; |
1280 |
echo "<input type='hidden' name='next' value=\"extauth_ldap\"></td>"; |
1281 |
echo "<input type='hidden' name='server_id' value=\"".$master_id."\">"; |
1282 |
echo "<td class='center'><input type='submit' name='add_replicate' value=\"" . $LANG["buttons"][2] . "\" class='submit'></td></tr>"; |
1283 |
echo "</table>"; |
1284 |
echo "</div>"; |
1285 |
echo "</form>"; |
1286 |
|
1287 |
} |
1288 |
|
1289 |
/**
|
1290 |
* Get all replicate servers for a master one
|
1291 |
*
|
1292 |
* @param $master_id : master ldap server ID
|
1293 |
* @return array of the replicate servers
|
1294 |
**/
|
1295 |
function getAllReplicateForAMaster($master_id){ |
1296 |
global $DB; |
1297 |
|
1298 |
$replicates = array(); |
1299 |
$result = $DB->query("SELECT ID, ldap_host,ldap_port FROM glpi_auth_ldap_replicate WHERE server_id='".$master_id."'"); |
1300 |
if ($DB->numrows($result)>0){ |
1301 |
while ($replicate = $DB->fetch_array($result)){ |
1302 |
$replicates[] = array("ID"=>$replicate["ID"], "ldap_host"=>$replicate["ldap_host"], "ldap_port"=>$replicate["ldap_port"]); |
1303 |
} |
1304 |
} |
1305 |
return $replicates; |
1306 |
} |
1307 |
|
1308 |
/**
|
1309 |
* Get all replicate name servers for a master one
|
1310 |
*
|
1311 |
* @param $master_id : master ldap server ID
|
1312 |
* @return string containing names of the replicate servers
|
1313 |
**/
|
1314 |
function getAllReplicatesNamesForAMaster($master_id){ |
1315 |
$replicates = getAllReplicateForAMaster($master_id); |
1316 |
$str = ""; |
1317 |
foreach ($replicates as $replicate){ |
1318 |
$str.= ($str!=''?',':'')." ".$replicate["ldap_host"].":".$replicate["ldap_port"]; |
1319 |
} |
1320 |
return $str; |
1321 |
} |
1322 |
|
1323 |
/**
|
1324 |
* Check alternate authentication systems
|
1325 |
*
|
1326 |
* @param $redirect : need to redirect (true) or get type of Auth system which match
|
1327 |
* @param $redirect_string : redirect string if exists
|
1328 |
* @return nothing if redirect is true, else Auth system ID
|
1329 |
**/
|
1330 |
function checkAlternateAuthSystems($redirect=false,$redirect_string=''){ |
1331 |
global $CFG_GLPI; |
1332 |
if (isset($_GET["noAUTO"])||isset($_POST["noAUTO"])){ |
1333 |
return false; |
1334 |
} |
1335 |
|
1336 |
$redir_string=""; |
1337 |
if (!empty($redirect_string)){ |
1338 |
$redir_string="?redirect=".$redirect_string; |
1339 |
} |
1340 |
|
1341 |
// Using x509 server
|
1342 |
if (!empty($CFG_GLPI["x509_email_field"]) |
1343 |
&&isset($_SERVER['SSL_CLIENT_S_DN'])&&ereg($CFG_GLPI["x509_email_field"],$_SERVER['SSL_CLIENT_S_DN'])) { |
1344 |
if ($redirect){ |
1345 |
glpi_header("login.php".$redir_string); |
1346 |
} else {
|
1347 |
return AUTH_X509; |
1348 |
} |
1349 |
} |
1350 |
|
1351 |
// Existing auth method
|
1352 |
if (!empty($CFG_GLPI["existing_auth_server_field"]) |
1353 |
&&isset($_SERVER[$CFG_GLPI["existing_auth_server_field"]])&&!empty($_SERVER[$CFG_GLPI["existing_auth_server_field"]])) { |
1354 |
if ($redirect){ |
1355 |
glpi_header("login.php".$redir_string); |
1356 |
} else {
|
1357 |
return AUTH_EXTERNAL; |
1358 |
} |
1359 |
} |
1360 |
|
1361 |
// Using CAS server
|
1362 |
if (!empty($CFG_GLPI["cas_host"])) { |
1363 |
if ($redirect){ |
1364 |
glpi_header("login.php".$redir_string); |
1365 |
} else {
|
1366 |
return AUTH_CAS; |
1367 |
} |
1368 |
} |
1369 |
|
1370 |
return false; |
1371 |
} |
1372 |
|
1373 |
/**
|
1374 |
* Is an alternate auth ?
|
1375 |
*
|
1376 |
* @param $id_auth auth type
|
1377 |
* @return boolean
|
1378 |
**/
|
1379 |
function isAlternateAuth($id_auth){ |
1380 |
return in_array($id_auth,array(AUTH_X509,AUTH_CAS,AUTH_EXTERNAL)); |
1381 |
} |
1382 |
|
1383 |
/**
|
1384 |
* Is an alternate auth wich used LDAP extra server?
|
1385 |
*
|
1386 |
* @param $id_auth auth type
|
1387 |
* @return boolean
|
1388 |
**/
|
1389 |
function isAlternateAuthWithLdap($id_auth){ |
1390 |
global $CFG_GLPI; |
1391 |
return (isAlternateAuth($id_auth) && $CFG_GLPI["extra_ldap_server"] > 0); |
1392 |
} |
1393 |
?>
|