Added: incubator/vcl/tags/import/web/.ht-inc/Doxyfile URL: http://svn.apache.org/viewvc/incubator/vcl/tags/import/web/.ht-inc/Doxyfile?rev=726079&view=auto ============================================================================== --- incubator/vcl/tags/import/web/.ht-inc/Doxyfile (added) +++ incubator/vcl/tags/import/web/.ht-inc/Doxyfile Fri Dec 12 10:20:10 2008 @@ -0,0 +1,233 @@ +# Doxyfile 1.4.1-KDevelop + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- +PROJECT_NAME = vcl.kdevelop +PROJECT_NUMBER = $VERSION$ +OUTPUT_DIRECTORY = +CREATE_SUBDIRS = NO +OUTPUT_LANGUAGE = English +USE_WINDOWS_ENCODING = NO +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ABBREVIATE_BRIEF = "The $name class" \ + "The $name widget" \ + "The $name file" \ + is \ + provides \ + specifies \ + contains \ + represents \ + a \ + an \ + the +ALWAYS_DETAILED_SEC = NO +INLINE_INHERITED_MEMB = NO +FULL_PATH_NAMES = NO +STRIP_FROM_PATH = /home/jfthomps/ +STRIP_FROM_INC_PATH = +SHORT_NAMES = NO +JAVADOC_AUTOBRIEF = NO +MULTILINE_CPP_IS_BRIEF = NO +DETAILS_AT_TOP = NO +INHERIT_DOCS = YES +DISTRIBUTE_GROUP_DOC = NO +TAB_SIZE = 8 +ALIASES = +OPTIMIZE_OUTPUT_FOR_C = NO +OPTIMIZE_OUTPUT_JAVA = NO +SUBGROUPING = YES +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- +EXTRACT_ALL = YES +EXTRACT_PRIVATE = YES +EXTRACT_STATIC = YES +EXTRACT_LOCAL_CLASSES = YES +EXTRACT_LOCAL_METHODS = YES +HIDE_UNDOC_MEMBERS = NO +HIDE_UNDOC_CLASSES = NO +HIDE_FRIEND_COMPOUNDS = NO +HIDE_IN_BODY_DOCS = YES +INTERNAL_DOCS = YES +CASE_SENSE_NAMES = YES +HIDE_SCOPE_NAMES = NO +SHOW_INCLUDE_FILES = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = YES +SORT_BRIEF_DOCS = YES +SORT_BY_SCOPE_NAME = NO +GENERATE_TODOLIST = YES +GENERATE_TESTLIST = YES +GENERATE_BUGLIST = YES +GENERATE_DEPRECATEDLIST= YES +ENABLED_SECTIONS = +MAX_INITIALIZER_LINES = 30 +SHOW_USED_FILES = NO +SHOW_DIRECTORIES = NO +FILE_VERSION_FILTER = +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- +QUIET = NO +WARNINGS = YES +WARN_IF_UNDOCUMENTED = YES +WARN_IF_DOC_ERROR = YES +WARN_NO_PARAMDOC = YES +WARN_FORMAT = "$file:$line: $text" +WARN_LOGFILE = +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- +#INPUT = /home/jfthomps/locker/www/vcl/.ht-inc +INPUT = /afs/eos/engrwww/vcl.ncsu/scheduling/.ht-inc +FILE_PATTERNS = *.php +RECURSIVE = yes +EXCLUDE = /afs/eos/engrwww/vcl.ncsu/scheduling/.ht-inc/jpgraph /afs/eos/engrwww/vcl.ncsu/scheduling/.ht-inc/jpgraph.old +EXCLUDE_SYMLINKS = NO +EXCLUDE_PATTERNS = +EXAMPLE_PATH = /afs/eos/engrwww/vcl.ncsu/scheduling/.ht-inc +EXAMPLE_PATTERNS = * +EXAMPLE_RECURSIVE = NO +IMAGE_PATH = +INPUT_FILTER = +FILTER_PATTERNS = +FILTER_SOURCE_FILES = NO +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- +SOURCE_BROWSER = YES +INLINE_SOURCES = NO +STRIP_CODE_COMMENTS = YES +REFERENCED_BY_RELATION = YES +REFERENCES_RELATION = YES +VERBATIM_HEADERS = YES +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- +ALPHABETICAL_INDEX = YES +COLS_IN_ALPHA_INDEX = 5 +IGNORE_PREFIX = +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- +GENERATE_HTML = YES +HTML_OUTPUT = /home/jfthomps/locker/www/vcl/docs +HTML_FILE_EXTENSION = .html +HTML_HEADER = +HTML_FOOTER = +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +CHM_FILE = +HHC_LOCATION = +GENERATE_CHI = NO +BINARY_TOC = NO +TOC_EXPAND = YES +DISABLE_INDEX = NO +ENUM_VALUES_PER_LINE = 4 +GENERATE_TREEVIEW = YES +TREEVIEW_WIDTH = 210 +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- +GENERATE_LATEX = NO +LATEX_OUTPUT = latex +LATEX_CMD_NAME = latex +MAKEINDEX_CMD_NAME = makeindex +COMPACT_LATEX = NO +PAPER_TYPE = a4wide +EXTRA_PACKAGES = +LATEX_HEADER = +PDF_HYPERLINKS = NO +USE_PDFLATEX = NO +LATEX_BATCHMODE = NO +LATEX_HIDE_INDICES = NO +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- +GENERATE_RTF = NO +RTF_OUTPUT = rtf +COMPACT_RTF = NO +RTF_HYPERLINKS = NO +RTF_STYLESHEET_FILE = +RTF_EXTENSIONS_FILE = +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- +GENERATE_MAN = NO +MAN_OUTPUT = man +MAN_EXTENSION = .3 +MAN_LINKS = NO +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- +GENERATE_XML = NO +XML_OUTPUT = xml +XML_SCHEMA = +XML_DTD = +XML_PROGRAMLISTING = YES +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- +GENERATE_AUTOGEN_DEF = NO +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- +GENERATE_PERLMOD = NO +PERLMOD_LATEX = NO +PERLMOD_PRETTY = YES +PERLMOD_MAKEVAR_PREFIX = +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- +ENABLE_PREPROCESSING = YES +MACRO_EXPANSION = NO +EXPAND_ONLY_PREDEF = NO +SEARCH_INCLUDES = YES +INCLUDE_PATH = +INCLUDE_FILE_PATTERNS = +PREDEFINED = +EXPAND_AS_DEFINED = +SKIP_FUNCTION_MACROS = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- +TAGFILES = +GENERATE_TAGFILE = vcl.tag +ALLEXTERNALS = NO +EXTERNAL_GROUPS = YES +PERL_PATH = /usr/bin/perl +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- +CLASS_DIAGRAMS = YES +HIDE_UNDOC_RELATIONS = NO +HAVE_DOT = YES +CLASS_GRAPH = YES +COLLABORATION_GRAPH = YES +GROUP_GRAPHS = YES +UML_LOOK = NO +TEMPLATE_RELATIONS = NO +INCLUDE_GRAPH = YES +INCLUDED_BY_GRAPH = YES +CALL_GRAPH = YES +CALLER_GRAPH = NO +GRAPHICAL_HIERARCHY = YES +DIRECTORY_GRAPH = YES +DOT_IMAGE_FORMAT = png +DOT_PATH = /usr/bin +DOTFILE_DIRS = +MAX_DOT_GRAPH_WIDTH = 1536 +MAX_DOT_GRAPH_HEIGHT = 1536 +MAX_DOT_GRAPH_DEPTH = 1000 +DOT_GRAPH_MAX_NODES = 50 +DOT_TRANSPARENT = NO +DOT_MULTI_TARGETS = YES +GENERATE_LEGEND = YES +DOT_CLEANUP = NO +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- +SEARCHENGINE = NO
Added: incubator/vcl/tags/import/web/.ht-inc/authentication.php URL: http://svn.apache.org/viewvc/incubator/vcl/tags/import/web/.ht-inc/authentication.php?rev=726079&view=auto ============================================================================== --- incubator/vcl/tags/import/web/.ht-inc/authentication.php (added) +++ incubator/vcl/tags/import/web/.ht-inc/authentication.php Fri Dec 12 10:20:10 2008 @@ -0,0 +1,605 @@ +<?php +/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +/** + * \file + */ +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn getAuthCookieData($loginid, $valid) +/// +/// \param $loginid - login id for user +/// \param $valid - (optional, default=600) - time in minutes the cookie +/// should be valid +/// +/// \return on failure, an error message; on success, an array with 2 elements:\n +/// data - encrypted payload for auth cookie\n +/// ts - unix timestamp it will expire +/// +/// \brief gets user's information and stores it along with their IP address and +/// a timestamp +/// +//////////////////////////////////////////////////////////////////////////////// +function getAuthCookieData($loginid, $valid=600) { + global $keys; + $ts = time() + ($valid * 60); + $remoteIP = $_SERVER["REMOTE_ADDR"]; + if(empty($remoteIP)) + return "Failed to obtain remote IP address for fixed cookie type"; + $cdata = "$loginid|$remoteIP|$ts"; + + if(! openssl_private_encrypt($cdata, $cryptdata, $keys["private"])) + return "Failed to encrypt cookie data"; + + return array("data" => $cryptdata, "ts" => $ts); +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn readAuthCookie() +/// +/// \return on success, an array with the following indices:\n +/// \b userid - numeric user id\n +/// \b first - first name\n +/// \b middle - middle name (may be an empty string)\n +/// \b last - last name\n +/// \b email - email address\n +/// \b created - timestamp of account creation (in mysql datetime format)\n +/// \b ts - timestamp that authentication cookie will expire (in unix timestamp +/// format)\n +/// \b type - 'fixed' or 'floating' - fixed = tied to specific IP address; +/// floating = not tied to any IP address (only fixed is supported at this time)\n +/// \b remoteIP - empty for type 'floating'; user's IP address for type 'fixed' +/// +/// \brief parses the ITECSAUTH cookie and returns an array; on failure, returns +/// an empty array. You will then need to call ITECSAUTH_getError to get +/// the reason. +/// +//////////////////////////////////////////////////////////////////////////////// +function readAuthCookie() { + global $keys, $AUTHERROR; + if(get_magic_quotes_gpc()) + $cookie = stripslashes($_COOKIE["VCLAUTH"]); + else + $cookie = $_COOKIE["VCLAUTH"]; + if(! openssl_public_decrypt($cookie, $tmp, $keys['public'])) { + $AUTHERROR["code"] = 3; + $AUTHERROR["message"] = "Failed to decrypt auth cookie"; + return NULL; + } + + $tmparr = explode('|', $tmp); + $loginid = $tmparr[0]; + $remoteIP = $tmparr[1]; + $ts = $tmparr[2]; + + if($ts < time()) { + $AUTHERROR["code"] = 4; + $AUTHERROR["message"] = "Auth cookie has expired"; + return NULL; + } + if($_SERVER["REMOTE_ADDR"] != $remoteIP) { + //setcookie("ITECSAUTH", "", time() - 10, "/", COOKIEDOMAIN); + $AUTHERROR["code"] = 4; + $AUTHERROR["message"] = "remote IP in auth cookie doesn't match user's remote IP"; + return NULL; + } + + return $loginid; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn selectAuth() +/// +/// \brief prints a page for the user to select the authentication method to use +/// +//////////////////////////////////////////////////////////////////////////////// +function selectAuth() { + global $HTMLheader, $printedHTMLheader, $authMechs, $skin; + $authtype = getContinuationVar('authtype', processInputVar("authtype", ARG_STRING)); + if(array_key_exists($authtype, $authMechs)) { + if($authMechs[$authtype]['type'] == 'redirect') { + header("Location: {$authMechs[$authtype]['URL']}"); + dbDisconnect(); + exit; + } + elseif($authMechs[$authtype]['type'] == 'ldap' || + $authMechs[$authtype]['type'] == 'local') { + printLoginPageWithSkin($authtype); + return; + } + } + require_once("themes/$skin/page.php"); + $HTMLheader = getHeader(0); + print $HTMLheader; + $printedHTMLheader = 1; + print "<H2>Welcome to the Virtual Computing Lab</H2>\n"; + print "<TABLE>\n"; + print "<TR>\n"; + print "<TD nowrap class=rightborder>\n"; + print "Please select an authentication method to use:<br><br>\n"; + if(strlen($authtype)) + print "<font color=red>Selected method failed, please try again</font><br>\n"; + foreach(array_keys($authMechs) as $mech) + $methods["$mech"] = $mech; + print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post name=loginform>\n"; + /*if($skin == 'example1') + printSelectInput("authtype", $methods, 'EXAMPLE1 LDAP'); + elseif($skin == 'example2') + printSelectInput("authtype", $methods, 'EXAMPLE2 LDAP'); + else*/ + printSelectInput("authtype", $methods, -1, 0, 0, '', 'tabindex=1'); + print "<br><INPUT type=hidden name=mode value=selectauth>\n"; + print "<INPUT type=submit value=\"Proceed to Login\" tabindex=2 name=userid>\n"; + print "</FORM>\n"; + print "</TD>\n"; + print "<TD>\n"; + print "<h3>Explanation of authentication methods:</h3>\n"; + print "<UL id=expauthul>\n"; + foreach($authMechs as $mech) + print "<LI>{$mech['help']}</LI>\n"; + print "</UL>\n"; + print "</TD>\n"; + print "</TR>\n"; + print "</TABLE>\n"; + print getFooter(); +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn printLoginPageWithSkin($authtype) +/// +/// \param $authtype - and authentication type +/// +/// \brief sets up the skin for the page correctly, then calls printLoginPage +/// +//////////////////////////////////////////////////////////////////////////////// +function printLoginPageWithSkin($authtype) { + global $authMechs, $HTMLheader, $skin, $printedHTMLheader; + switch(getAffiliationName($authMechs[$authtype]['affiliationid'])) { + case 'EXAMPLE1': + $skin = 'example1'; + break; + case 'EXAMPLE2': + $skin = 'example2'; + break; + default: + $skin = 'default'; + break; + } + require_once("themes/$skin/page.php"); + $HTMLheader = getHeader(0); + printHTMLHeader(); + print $HTMLheader; + $printedHTMLheader = 1; + printLoginPage(); +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn printLoginPage() +/// +/// \brief prints a page for a user to login +/// +//////////////////////////////////////////////////////////////////////////////// +function printLoginPage() { + global $authMechs, $skin, $user; + $user['id'] = 0; + $authtype = getContinuationVar("authtype", processInputVar("authtype", ARG_STRING)); + $userid = processInputVar('userid', ARG_STRING, ''); + if($userid == 'Proceed to Login') + $userid = ''; + if(! array_key_exists($authtype, $authMechs)) { + // FIXME - hackerish + dbDisconnect(); + exit; + } + /*if($skin == 'example1') { + $useridLabel = 'Pirateid'; + $passLabel = 'Passphrase'; + $text1 = 'Login with your Pirate ID'; + $text2 = ""; + } + elseif($skin == 'example2') { + print "<br>"; + print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post name=loginform>\n"; + if(strlen($userid)) + print "<font color=red>Login failed</font>\n"; + print "<TABLE width=\"250\">\n"; + print " <TR>\n"; + print " <TH align=right>Key Account:</TH>\n"; + print " <TD><INPUT type=text name=userid value=\"\"></TD>\n"; + print " </TR>\n"; + print " <TR>\n"; + print " <TH align=right>Password:</TH>\n"; + print " <TD><INPUT type=password name=password></TD>\n"; + print " </TR>\n"; + print " <TR>\n"; + print " <TD colspan=2 align=right><INPUT type=submit value=Login class=button></TD>\n"; + print " </TR>\n"; + print "</TABLE>\n"; + print "<div width=250 align=center>\n"; + print "<p>\n"; + $cdata = array('authtype' => $authtype); + $cont = addContinuationsEntry('submitLogin', $cdata); + print " <INPUT type=hidden name=continuation value=\"$cont\">\n"; + print " <br>\n"; + print " </p>\n"; + print "</div>\n"; + print "</FORM>\n"; + print getFooter(); + return; + } + else {*/ + $useridLabel = 'Userid'; + $passLabel = 'Password'; + $text1 = "Login with $authtype"; + $text2 = ""; + #} + print "<H2 style=\"display: block\">$text1</H2>\n"; + print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post name=loginform>\n"; + if(strlen($userid)) + print "<font color=red>Login failed</font>\n"; + print "<TABLE>\n"; + print " <TR>\n"; + print " <TH align=right>$useridLabel:</TH>\n"; + print " <TD><INPUT type=text name=userid value=\"$userid\"></TD>\n"; + print " </TR>\n"; + print " <TR>\n"; + print " <TH align=right>$passLabel:</TH>\n"; + print " <TD><INPUT type=password name=password></TD>\n"; + print " </TR>\n"; + print " <TR>\n"; + print " <TD colspan=2 align=right><INPUT type=submit value=Login></TD>\n"; + print " </TR>\n"; + print "</TABLE>\n"; + $cdata = array('authtype' => $authtype); + $cont = addContinuationsEntry('submitLogin', $cdata); + print "<INPUT type=hidden name=continuation value=\"$cont\">\n"; + print "</FORM>\n"; + print "$text2<br>\n"; + print getFooter(); +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn submitLogin() +/// +/// \brief processes a login page submission +/// +//////////////////////////////////////////////////////////////////////////////// +function submitLogin() { + global $authMechs; + $authtype = getContinuationVar("authtype", processInputVar('authtype', ARG_STRING)); + if(! array_key_exists($authtype, $authMechs)) { + // FIXME - hackerish + dbDisconnect(); + exit; + } + $userid = processInputVar('userid', ARG_STRING, ''); + $passwd = processInputVar('password', ARG_STRING, ''); + if(empty($userid) || empty($passwd)) { + selectAuth(); + return; + } + if(get_magic_quotes_gpc()) + $passwd = stripslashes($passwd); + if($authMechs[$authtype]['type'] == 'ldap') + ldapLogin($authtype, $userid, $passwd); + elseif($authMechs[$authtype]['type'] == 'local') + localLogin($authtype, $userid, $passwd); + else + selectAuth(); +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn ldapLogin($authtype, $userid, $passwd) +/// +/// \param $authtype - index from $authMechs array +/// \param $userid - userid without affiliation +/// \param $passwd - submitted password +/// +/// \brief tries to authenticate user via ldap; calls printLoginPageWithSkin if +/// authentication fails +/// +//////////////////////////////////////////////////////////////////////////////// +function ldapLogin($authtype, $userid, $passwd) { + global $HTMLheader, $printedHTMLheader, $authMechs, $phpVer; + $ds = ldap_connect("ldaps://{$authMechs[$authtype]['server']}/"); + if(! $ds) { + print $HTMLheader; + $printedHTMLheader = 1; + selectAuth(); + return; + } + ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + /*if($authtype == 'EXAMPLE1 LDAP') { + # in this case, we have to look up what part of the tree the user is in + # before we can actually look up the user + $auth = $authMechs[$authtype]; + ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); + $res = ldap_bind($ds, $auth['masterlogin'], + $auth['masterpwd']); + if(! $res) { + printLoginPageWithSkin($authtype); + return; + } + $search = ldap_search($ds, + $auth['binddn'], + "cn=$userid", + array('dn'), 0, 3, 15); + if($search) { + $tmpdata = ldap_get_entries($ds, $search); + if(! $tmpdata['count'] || ! array_key_exists('dn', $tmpdata[0])) { + printLoginPageWithSkin($authtype); + return; + } + $ldapuser = $tmpdata[0]['dn']; + } + else { + printLoginPageWithSkin($authtype); + return; + } + } + elseif($authtype == 'EXAMPLE2 LDAP') { + # this is similar to EXAMPLE1, but here we do an anonymous bind + $auth = $authMechs[$authtype]; + $res = ldap_bind($ds); + if(! $res) { + printLoginPageWithSkin($authtype); + return; + } + $search = ldap_search($ds, + $auth['binddn'], + "uid=$userid", + array('dn'), 0, 3, 15); + if($search) { + $tmpdata = ldap_get_entries($ds, $search); + if(! $tmpdata['count'] || ! array_key_exists('dn', $tmpdata[0])) { + printLoginPageWithSkin($authtype); + return; + } + $ldapuser = $tmpdata[0]['dn']; + } + else { + printLoginPageWithSkin($authtype); + return; + } + } + else*/ + $ldapuser = sprintf($authMechs[$authtype]['userid'], $userid); + $res = ldap_bind($ds, $ldapuser, $passwd); + if(! $res) { + // login failed + printLoginPageWithSkin($authtype); + return; + } + else { + // see if user in our db + $query = "SELECT id " + . "FROM user " + . "WHERE unityid = '$userid' AND " + . "affiliationid = {$authMechs[$authtype]['affiliationid']}"; + $qh = doQuery($query, 101); + if(! mysql_num_rows($qh)) { + // if not, add user + $newid = updateLDAPUser($authtype, $userid); + if(is_null($newid)) + abort(8); + } + // get cookie data + $cookie = getAuthCookieData("$userid@" . getAffiliationName($authMechs[$authtype]['affiliationid'])); + // set cookie + if(version_compare(PHP_VERSION, "5.2", ">=") == true) + setcookie("VCLAUTH", "{$cookie['data']}", $cookie['ts'], "/", COOKIEDOMAIN, 1, 1); + else + setcookie("VCLAUTH", "{$cookie['data']}", $cookie['ts'], "/", COOKIEDOMAIN, 1); + # set skin cookie based on affiliation + /*if(getAffiliationName($authMechs[$authtype]['affiliationid']) == 'EXAMPLE1') + setcookie("VCLSKIN", "EXAMPLE1", (time() + (SECINDAY * 31)), "/", COOKIEDOMAIN); + elseif(getAffiliationName($authMechs[$authtype]['affiliationid']) == 'EXAMPLE2') + setcookie("VCLSKIN", "EXAMPLE2", (time() + (SECINDAY * 31)), "/", COOKIEDOMAIN); + else*/ + setcookie("VCLSKIN", "DEFAULT", (time() + (SECINDAY * 31)), "/", COOKIEDOMAIN); + // redirect to main page + $tmp = explode('/', $_SERVER['HTTP_REFERER']); + if($tmp[2] != 'vcl.ncsu.edu' || + (array_key_exists(3, $tmp) && $tmp[3] != 'scheduling')) { + array_shift($tmp); + array_shift($tmp); + array_shift($tmp); + $rest = implode('/', $tmp); + header("Location: https://vcl.ncsu.edu/$rest"); + } + else + header("Location: " . BASEURL . SCRIPT); + dbDisconnect(); + exit; + } +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn localLogin() +/// +/// \brief tries to authenticate user locally; calls printLoginPageWithSkin if +/// authentication fails +/// +//////////////////////////////////////////////////////////////////////////////// +function localLogin() { + global $HTMLheader, $phpVer; + $userid = processInputVar('userid', ARG_STRING); + $passwd = processInputVar('password', ARG_STRING); + if(validateLocalAccount($userid, $passwd)) { + //set cookie + $cookie = getAuthCookieData("$use...@local"); + if(version_compare(PHP_VERSION, "5.2", ">=") == true) + setcookie("VCLAUTH", "{$cookie['data']}", $cookie['ts'], "/", COOKIEDOMAIN, 1, 1); + else + setcookie("VCLAUTH", "{$cookie['data']}", $cookie['ts'], "/", COOKIEDOMAIN, 1); + //load main page + setcookie("VCLSKIN", "NCSU", (time() + (SECINDAY * 31)), "/", COOKIEDOMAIN); + header("Location: " . BASEURL . SCRIPT); + dbDisconnect(); + exit; + } + else { + printLoginPageWithSkin('Local Account'); + printHTMLFooter(); + dbDisconnect(); + exit; + } +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn validateLocalAccount($user, $pass) +/// +/// \param $user - unityid from user table +/// \param $pass - user's password +/// +/// \return 1 if account exists in localauth table, 0 if it does not +/// +/// \brief checks to see if $user has an entry in the localauth table +/// +//////////////////////////////////////////////////////////////////////////////// +function validateLocalAccount($user, $pass) { + $query = "SELECT l.salt " + . "FROM localauth l, " + . "user u, " + . "affiliation a " + . "WHERE u.unityid = '$user' AND " + . "u.affiliationid = a.id AND " + . "a.name = 'Local' AND " + . "l.userid = u.id"; + $qh = doQuery($query, 101); + if(mysql_num_rows($qh) != 1 || + (! ($row = mysql_fetch_assoc($qh)))) + return 0; + + $passhash = sha1("$pass{$row['salt']}"); + $query = "SELECT u.id " + . "FROM user u, " + . "localauth l, " + . "affiliation a " + . "WHERE u.unityid = '$user' AND " + . "l.userid = u.id AND " + . "l.passhash = '$passhash' AND " + . "u.affiliationid = a.id AND " + . "a.name = 'Local'"; + $qh = doQuery($query, 101); + if(mysql_num_rows($qh) == 1) + return 1; + else + return 0; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn checkExpiredDemoUser($userid, $groups) +/// +/// \param $userid - id from user table +/// \param $groups - (optional) array of user's groups as returned by +/// getUsersGroups +/// +/// \brief checks to see if user is only in demo group and if so check to see +/// if it has been 3 days since start of first reservation or if user has made +/// 3 reservations; if so, moves user to nodemo group +/// +//////////////////////////////////////////////////////////////////////////////// +function checkExpiredDemoUser($userid, $groups=0) { + global $mode, $skin, $noHTMLwrappers; + if($groups == 0) + $groups = getUsersGroups($userid, 1); + + if(count($groups) != 1) + return; + + $tmp = array_values($groups); + if($tmp[0] != 'demo') + return; + + $query = "SELECT start " + . "FROM log " + . "WHERE userid = $userid " + . "AND finalend < NOW() " + . "ORDER BY start " + . "LIMIT 3"; + $qh = doQuery($query, 101); + $expire = time() - (SECINDAY * 3); + $rows = mysql_num_rows($qh); + if($row = mysql_fetch_assoc($qh)) { + if($rows >= 3 || datetimeToUnix($row['start']) < $expire) { + if(in_array($mode, $noHTMLwrappers)) + # do a redirect and handle removal on next page load so user can + # be notified - doesn't always work, but handles a few extra + # cases + header("Location: " . BASEURL . SCRIPT); + else { + $nodemoid = getUserGroupID('nodemo', getAffiliationID('ITECS')); + $query = "DELETE FROM usergroupmembers " # have to do the delete here + . "WHERE userid = $userid"; # because updateGroups doesn't + # delete from custom groups + doQuery($query, 101); + updateGroups(array($nodemoid), $userid); + if(empty($skin)) { + $skin = 'ncsu'; + require_once("themes/$skin/page.php"); + } + $mode = 'expiredemouser'; + printHTMLHeader(); + print "<h2>Account Expired</h2>\n"; + print "The account you are using is a demo account that has now expired. "; + print "You cannot make any more reservations. Please contact <a href=\""; + print "mailto:" . HELPEMAIL . "\">" . HELPEMAIL . "</a> if you need "; + print "further access to VCL.<br>\n"; + } + semUnlock(); + printHTMLFooter(); + dbDisconnect(); + exit; + } + } +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn testGeneralAffiliation(&$login, &$affilid) +/// +/// \param $login - (pass by ref) a login id with affiliation +/// \param $affilid - (pass by ref) gets overwritten +/// +/// \return - 1 if successfully found affiliation id, 0 if failed +/// +/// \brief changes $login to be without affiliation and sticks the associated +/// affiliation id in $affilid +/// +//////////////////////////////////////////////////////////////////////////////// +function testGeneralAffiliation(&$login, &$affilid) { + if(preg_match('/^([...@]*)@([...@\.]*)$/', $login, $matches)) { + $login = $matches[1]; + $affilid = getAffiliationID($matches[2]); + return 1; + } + return 0; +} + +?> Added: incubator/vcl/tags/import/web/.ht-inc/authmethods/itecsauth.php URL: http://svn.apache.org/viewvc/incubator/vcl/tags/import/web/.ht-inc/authmethods/itecsauth.php?rev=726079&view=auto ============================================================================== --- incubator/vcl/tags/import/web/.ht-inc/authmethods/itecsauth.php (added) +++ incubator/vcl/tags/import/web/.ht-inc/authmethods/itecsauth.php Fri Dec 12 10:20:10 2008 @@ -0,0 +1,299 @@ +<?php +/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +/** + * \file + */ + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn addITECSUser($loginid) +/// +/// \param $loginid - email address of user +/// +/// \return new id from user table or NULL if there was a problem +/// +/// \brief looks up a user's info in the accounts database and adds the user to +/// our database +/// +//////////////////////////////////////////////////////////////////////////////// +function addITECSUser($loginid) { + global $mysql_link_vcl, $ENABLE_ITECSAUTH; + if(! $ENABLE_ITECSAUTH) + return NULL; + $query = "SELECT id AS uid, " + . "first, " + . "middle, " + . "last, " + . "email, " + . "created, " + . "active, " + . "lockedout " + . "FROM user " + . "WHERE email = '$loginid'"; + $qh = doQuery($query, 101, "accounts"); + if($row = mysql_fetch_assoc($qh)) { + // FIXME test replacing ''s + // FIXME do we care if the account is active? + $first = ereg_replace("'", "\'", $row['first']); + $middle = ereg_replace("'", "\'", $row['middle']); + $last = ereg_replace("'", "\'", $row['last']); + $loweruser = strtolower($row['email']); + $query = "INSERT INTO user (" + . "uid, " + . "unityid, " + . "affiliationid, " + . "firstname, " + . "middlename, " + . "lastname, " + . "email, " + . "emailnotices, " + . "lastupdated) " + . "VALUES (" + . "{$row['uid']}, " + . "'$loweruser', " + . "2, " + . "'$first', " + . "'$middle', " + . "'$last', " + . "'{$row['email']}', " + . "0, " + . "NOW())"; + // FIXME might want this logged + doQuery($query, 101, 'vcl', 1); + } + if(mysql_affected_rows($mysql_link_vcl)) { + $qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101); + if(! $row = mysql_fetch_row($qh)) { + abort(101); + } + return $row[0]; + } + return NULL; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn validateITECSUser($loginid) +/// +/// \param $loginid - email address for user +/// +/// \return 1 if account exists and is active or not yet activated, 0 otherwise +/// +/// \brief looks up $loginid in accounts db +/// +//////////////////////////////////////////////////////////////////////////////// +function validateITECSUser($loginid) { + global $ENABLE_ITECSAUTH; + if(! $ENABLE_ITECSAUTH) + return 0; + $query = "SELECT email " + . "FROM user " + . "WHERE email = '$loginid' AND " + . "(active = 1 OR " + . "activated = 0)"; + $qh = doQuery($query, 101, "accounts"); + if(mysql_num_rows($qh)) + return 1; + return 0; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn updateITECSUser($userid) +/// +/// \param $userid - email address for user +/// +/// \return NULL if fail to update data or an array with these elements:\n +/// \b id - user's numeric from user table\n +/// \b uid - user's numeric unity id\n +/// \b unityid - unity ID for the user\n +/// \b affiliation - user's affiliation\n +/// \b affiliationid - user's affiliation id\n +/// \b curriculum - curriculum user is in\n +/// \b firstname - user's first name\n +/// \b preferredname - user's preferred name\n +/// \b middlename - user's middle name\n +/// \b lastname - user's last name\n +/// \b email - user's preferred email address\n +/// \b IMtype - user's preferred IM protocol\n +/// \b IMid - user's IM id\n +/// \b adminlevel - user's admin level (= 'none' if no admin access)\n +/// \b adminlevelid - id of adminlevel\n +/// \b width - rdp file width\n +/// \b height - rdp file height\n +/// \b bpp - rdp file bpp\n +/// \b audiomode - rdp file audio mode\n +/// \b mapdrives - rdp file drive mapping\n +/// \b mapprinters - rdp file printer mapping\n +/// \b mapserial - rdp file serial port mapping\n +/// \b showallgroups - show all user groups or not\n +/// \b lastupdated - datetime the information was last updated +/// +/// \brief updates user's info in the user table; adds user if not already in +/// table +/// +//////////////////////////////////////////////////////////////////////////////// +function updateITECSUser($userid) { + global $ENABLE_ITECSAUTH; + if(! $ENABLE_ITECSAUTH) + return NULL; + $query = "SELECT id AS uid, " + . "first, " + . "middle, " + . "last, " + . "email, " + . "created " + . "FROM user " + . "WHERE email = '$userid'"; + $qh = doQuery($query, 101, "accounts"); + if(! ($userData = mysql_fetch_assoc($qh))) + return NULL; + + $now = unixToDatetime(time()); + + // select desired data from db + $query = "SELECT c.name AS curriculum, " + . "i.name AS IMtype, " + . "u.IMid AS IMid, " + . "u.affiliationid, " + . "af.name AS affiliation, " + . "a.name AS adminlevel, " + . "a.id AS adminlevelid, " + . "u.preferredname AS preferredname, " + . "u.uid AS uid, " + . "u.id AS id, " + . "u.width AS width, " + . "u.height AS height, " + . "u.bpp AS bpp, " + . "u.audiomode AS audiomode, " + . "u.mapdrives AS mapdrives, " + . "u.mapprinters AS mapprinters, " + . "u.mapserial AS mapserial, " + . "u.showallgroups " + . "FROM user u, " + . "curriculum c, " + . "IMtype i, " + . "affiliation af, " + . "adminlevel a " + . "WHERE u.curriculumid = c.id AND " + . "u.IMtypeid = i.id AND " + . "u.adminlevelid = a.id AND " + . "u.affiliationid = af.id AND " + . "u.uid = " . $userData["uid"]; + $qh = doQuery($query, 255); + // if get a row + // update db + // update results from select + if($user = mysql_fetch_assoc($qh)) { + $user["unityid"] = $userid; + $user["firstname"] = $userData['first']; + $user["middlename"] = $userData['middle']; + $user["lastname"] = $userData["last"]; + $user["email"] = $userData["email"]; + $user["lastupdated"] = $now; + $query = "UPDATE user " + . "SET unityid = '$userid', " + . "firstname = '{$userData['first']}', " + . "middlename = '{$userData['middle']}', " + . "lastname = '{$userData['last']}', " + . "email = '{$userData['email']}', " + . "lastupdated = '$now' " + . "WHERE uid = " . $userData["uid"]; + doQuery($query, 256, 'vcl', 1); + } + else { + // call addITECSUser + $id = addITECSUser($userid); + $query = "SELECT u.unityid AS unityid, " + . "u.affiliationid, " + . "af.name AS affiliation, " + . "c.name AS curriculum, " + . "u.firstname AS firstname, " + . "u.middlename AS middlename, " + . "u.lastname AS lastname, " + . "u.preferredname AS preferredname, " + . "u.email AS email, " + . "i.name AS IMtype, " + . "u.IMid AS IMid, " + . "u.uid AS uid, " + . "u.id AS id, " + . "a.name AS adminlevel, " + . "a.id AS adminlevelid, " + . "u.width AS width, " + . "u.height AS height, " + . "u.bpp AS bpp, " + . "u.audiomode AS audiomode, " + . "u.mapdrives AS mapdrives, " + . "u.mapprinters AS mapprinters, " + . "u.mapserial AS mapserial, " + . "u.showallgroups, " + . "u.lastupdated AS lastupdated " + . "FROM user u, " + . "curriculum c, " + . "IMtype i, " + . "affiliation af, " + . "adminlevel a " + . "WHERE u.curriculumid = c.id AND " + . "u.IMtypeid = i.id AND " + . "u.adminlevelid = a.id AND " + . "u.affiliationid = af.id AND " + . "u.id = $id"; + $qh = doQuery($query, 101); + $user = mysql_fetch_assoc($qh); + + # add account to demo group + $demoid = getUserGroupID('demo', getAffiliationID('ITECS')); + updateGroups(array($demoid), $user['id']); + } + + $user["groups"] = getUsersGroups($user["id"], 1); + + checkExpiredDemoUser($user['id'], $user['groups']); + + $user["privileges"] = getOverallUserPrivs($user["id"]); + $tmparr = explode('@', $user['unityid']); + $user['login'] = $tmparr[0]; + return $user; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn testITECSAffiliation(&$login, &$affilid) +/// +/// \param $login - (pass by ref) a login id with affiliation +/// \param $affilid - (pass by ref) gets overwritten +/// +/// \return - 1 if successfully found affiliation id, 0 if failed +/// +/// \brief changes $login to be without affiliation and sticks the associated +/// affiliation id for ITECS in $affilid +/// +//////////////////////////////////////////////////////////////////////////////// +function testITECSAffiliation(&$login, &$affilid) { + if(preg_match('/^([...@]*@[...@]*\.[^@]*)@ITECS$/', $login, $matches) || + preg_match('/^([...@]*@[...@]*\.[^@]*)$/', $login, $matches)) { + $login = $matches[1]; + $affilid = getAffiliationID('ITECS'); + return 1; + } + return 0; +} + +array_push($findAffilFuncs, "testITECSAffiliation"); +?> Added: incubator/vcl/tags/import/web/.ht-inc/authmethods/ldapauth.php URL: http://svn.apache.org/viewvc/incubator/vcl/tags/import/web/.ht-inc/authmethods/ldapauth.php?rev=726079&view=auto ============================================================================== --- incubator/vcl/tags/import/web/.ht-inc/authmethods/ldapauth.php (added) +++ incubator/vcl/tags/import/web/.ht-inc/authmethods/ldapauth.php Fri Dec 12 10:20:10 2008 @@ -0,0 +1,487 @@ +<?php +/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +/** + * \file + */ + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn addLDAPUser($authtype, $userid) +/// +/// \param $authtype - index from the $authMechs array +/// \param $userid - a userid without the affiliation part +/// +/// \return id from the user table or NULL on failure +/// +/// \brief looks up $userid in LDAP according to info in $authMechs array, adds +/// the user to the user table, and returns the new id from the table +/// +//////////////////////////////////////////////////////////////////////////////// +function addLDAPUser($authtype, $userid) { + global $authMechs, $mysql_link_vcl; + $data = getLDAPUserData($authtype, $userid); + if(is_null($data)) + return NULL; + + $loweruserid = strtolower($userid); + + # check for existance of an expired user if a numericid exists + if(array_key_exists('numericid', $data)) { + $query = "SELECT id, " + . "unityid, " + . "affiliationid " + . "FROM user " + . "WHERE lastupdated < DATE_SUB(NOW(), INTERVAL 1 YEAR) AND " + . "uid = {$data['numericid']} AND " + . "unityid != '$loweruserid'"; + #. "affiliationid = {$authMechs[$authtype]['affiliationid']}"; + $qh = doQuery($query, 101); + if($row = mysql_fetch_assoc($qh)) { + # find the authtype for this user + foreach($authMechs as $index => $auth) { + if($auth['affiliationid'] == $row['affiliationid'] && + $auth['type'] == 'ldap') { + $checktype = $index; + break; + } + } + # see if user is still in ldap + if(! empty($checktype)) { + $testdata = getLDAPUserData($checktype, $row['unityid']); + if(! is_null($testdata)) + abort(52); + # if not, null the uid for the user + $query = "UPDATE user SET uid = NULL WHERE id = {$row['id']}"; + doQuery($query, 101); + } + } + } + + $query = "INSERT INTO user ("; + if(array_key_exists('numericid', $data)) + $query .= "uid, "; + $query .= "unityid, " + . "affiliationid, " + . "firstname, "; + if(array_key_exists('middle', $data)) + $query .= "middlename, "; + $query .= "lastname, " + . "email, " + . "emailnotices, " + . "lastupdated) " + . "VALUES ("; + if(array_key_exists('numericid', $data)) + $query .= "{$data['numericid']}, "; + $query .= "'$loweruserid', " + . "{$authMechs[$authtype]['affiliationid']}, " + . "'{$data['first']}', "; + if(array_key_exists('middle', $data)) + $query .= "'{$data['middle']}', "; + $query .= "'{$data['last']}', " + . "'{$data['email']}', " + . "'{$data['emailnotices']}', " + . "NOW())"; + doQuery($query, 101, 'vcl', 1); + if(mysql_affected_rows($mysql_link_vcl)) { + $qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101); + if(! $row = mysql_fetch_row($qh)) { + abort(101); + } + return $row[0]; + } + return NULL; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn validateLDAPUser($type, $loginid) +/// +/// \param $type - an array from the $authMechs table +/// \param $loginid - a userid without the affiliation part +/// +/// \return 1 if user was found in ldap, 0 if not +/// +/// \brief checks to see if a user is in ldap +/// +//////////////////////////////////////////////////////////////////////////////// +function validateLDAPUser($type, $loginid) { + global $authMechs; + $auth = $authMechs[$type]; + $ds = ldap_connect("ldaps://{$auth['server']}/"); + if(! $ds) + return -1; + ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); + + if(array_key_exists('masterlogin', $auth) && strlen($auth['masterlogin'])) + $res = ldap_bind($ds, $auth['masterlogin'], $auth['masterpwd']); + else + $res = ldap_bind($ds); + + if(! $res) + return -1; + + $return = array($auth['email']); + + $search = ldap_search($ds, + $auth['binddn'], + "{$auth['unityid']}=$loginid", + $return, 0, 3, 15); + if(! $search) + return -1; + + $data = ldap_get_entries($ds, $search); + if($data['count']) + return 1; + + return 0; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn updateLDAPUser($authtype, $userid) +/// +/// \param $authtype - an array from the $authMechs table +/// \param $userid - a userid without the affiliation part +/// +/// \return an array of user information or NULL on error +/// +/// \brief pulls the user's information from ldap, updates it in the db, and +/// returns an array of the information +/// +//////////////////////////////////////////////////////////////////////////////// +function updateLDAPUser($authtype, $userid) { + global $authMechs; + $userData = getLDAPUserData($authtype, $userid); + if(is_null($userData)) + return NULL; + if(! array_key_exists('middle', $userData)) + $userData['middle'] = ''; + $affilid = $authMechs[$authtype]['affiliationid']; + $now = unixToDatetime(time()); + + // select desired data from db + $query = "SELECT c.name AS curriculum, " + . "i.name AS IMtype, " + . "u.IMid AS IMid, " + . "u.affiliationid, " + . "af.name AS affiliation, " + . "a.name AS adminlevel, " + . "a.id AS adminlevelid, " + . "u.preferredname AS preferredname, " + . "u.uid AS uid, " + . "u.id AS id, " + . "u.width AS width, " + . "u.height AS height, " + . "u.bpp AS bpp, " + . "u.audiomode AS audiomode, " + . "u.mapdrives AS mapdrives, " + . "u.mapprinters AS mapprinters, " + . "u.mapserial AS mapserial, " + . "u.showallgroups " + . "FROM user u, " + . "curriculum c, " + . "IMtype i, " + . "adminlevel a, " + . "affiliation af " + . "WHERE u.curriculumid = c.id AND " + . "u.IMtypeid = i.id AND " + . "u.adminlevelid = a.id AND " + . "af.id = $affilid AND "; + if(array_key_exists('numericid', $userData)) + $query .= "u.uid = " . $userData["numericid"]; + else { + $query .= "u.unityid = '$userid' AND " + . "u.affiliationid = $affilid"; + } + $qh = doQuery($query, 255); + // if get a row + // update db + // update results from select + if($user = mysql_fetch_assoc($qh)) { + $user["unityid"] = $userid; + $user["firstname"] = $userData['first']; + $user["middlename"] = $userData['middle']; + $user["lastname"] = $userData["last"]; + $user["email"] = $userData["email"]; + $user["lastupdated"] = $now; + $query = "UPDATE user " + . "SET unityid = '$userid', " + . "firstname = '{$userData['first']}', " + . "middlename = '{$userData['middle']}', " + . "lastname = '{$userData['last']}', " + . "email = '{$userData['email']}', " + . "lastupdated = '$now' "; + if(array_key_exists('numericid', $userData)) + $query .= "WHERE uid = " . $userData["numericid"]; + else + $query .= "WHERE unityid = '$userid' AND " + . "affiliationid = $affilid"; + doQuery($query, 256, 'vcl', 1); + } + else { + // call addLDAPUser + $id = addLDAPUser($authtype, $userid); + $query = "SELECT u.unityid AS unityid, " + . "u.affiliationid, " + . "af.name AS affiliation, " + . "c.name AS curriculum, " + . "u.firstname AS firstname, " + . "u.middlename AS middlename, " + . "u.lastname AS lastname, " + . "u.preferredname AS preferredname, " + . "u.email AS email, " + . "i.name AS IMtype, " + . "u.IMid AS IMid, " + . "u.uid AS uid, " + . "u.id AS id, " + . "a.name AS adminlevel, " + . "a.id AS adminlevelid, " + . "u.width AS width, " + . "u.height AS height, " + . "u.bpp AS bpp, " + . "u.audiomode AS audiomode, " + . "u.mapdrives AS mapdrives, " + . "u.mapprinters AS mapprinters, " + . "u.mapserial AS mapserial, " + . "u.showallgroups, " + . "u.lastupdated AS lastupdated " + . "FROM user u, " + . "curriculum c, " + . "IMtype i, " + . "affiliation af, " + . "adminlevel a " + . "WHERE u.curriculumid = c.id AND " + . "u.IMtypeid = i.id AND " + . "u.adminlevelid = a.id AND " + . "u.affiliationid = af.id AND " + . "u.id = $id"; + $qh = doQuery($query, 101); + if(! $user = mysql_fetch_assoc($qh)) + return NULL; + } + + // TODO handle generic updating of groups + switch(getAffiliationName($affilid)) { + case 'EXAMPLE1': + updateEXAMPLE1Groups($user); + break; + case 'EXAMPLE2': + updateEXAMPLE2Groups($user); + break; + default: + //TODO possibly add to a default group + } + $user["groups"] = getUsersGroups($user["id"], 1); + $user["privileges"] = getOverallUserPrivs($user["id"]); + $user['login'] = $user['unityid']; + return $user; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn getLDAPUserData($authtype, $userid) +/// +/// \param $authtype - an array from the $authMechs table +/// \param $userid - a userid without the affiliation part +/// +/// \return an array of user information +/// +/// \brief gets user information from ldap +/// +//////////////////////////////////////////////////////////////////////////////// +function getLDAPUserData($authtype, $userid) { + global $authMechs, $mysql_link_vcl; + $auth = $authMechs[$authtype]; + $domiddle = 0; + $donumericid = 0; + if(array_key_exists('middlename', $auth)) + $domiddle = 1; + if(array_key_exists('numericid', $auth)) + $donumericid = 1; + + $ds = ldap_connect("ldaps://{$auth['server']}/"); + // FIXME + ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); + + if(array_key_exists('masterlogin', $auth) && strlen($auth['masterlogin'])) + $res = ldap_bind($ds, $auth['masterlogin'], $auth['masterpwd']); + else + $res = ldap_bind($ds); + + // FIXME + + $ldapsearch = array($auth['firstname'], + $auth['lastname'], + $auth['email']); + if($domiddle) + array_push($ldapsearch, $auth['middlename']); + if($donumericid) + array_push($ldapsearch, $auth['numericid']); + # FIXME hack + array_push($ldapsearch, 'gecos'); + + $search = ldap_search($ds, + $auth['binddn'], + "{$auth['unityid']}=$userid", + $ldapsearch, 0, 3, 15); + $return = array(); + if($search) { + $tmpdata = ldap_get_entries($ds, $search); + if(! $tmpdata['count']) + return NULL; + $data = array(); + for($i = 0; $i < $tmpdata['count']; $i++) { + for($j = 0; $j < $tmpdata[$i]['count']; $j++) { + if(is_array($tmpdata[$i][$tmpdata[$i][$j]])) + $data[strtolower($tmpdata[$i][$j])] = $tmpdata[$i][$tmpdata[$i][$j]][0]; + else + $data[strtolower($tmpdata[$i][$j])] = $tmpdata[$i][$tmpdata[$i][$j]]; + } + } + // FIXME hack to take care of users that don't have full info in ldap + if(! array_key_exists($auth['firstname'], $data) && + ! array_key_exists(strtolower($auth['firstname']), $data)) { + if(array_key_exists('gecos', $data)) { + $tmpArr = explode(' ', $data['gecos']); + if(count($tmpArr) == 3) { + $data[strtolower($auth['firstname'])] = $tmpArr[0]; + $data[strtolower($auth['middlename'])] = $tmpArr[1]; + $data[strtolower($auth['lastname'])] = $tmpArr[2]; + } + elseif(count($tmpArr) == 2) { + $data[strtolower($auth['firstname'])] = $tmpArr[0]; + $data[strtolower($auth['middlename'])] = ''; + $data[strtolower($auth['lastname'])] = $tmpArr[1]; + } + elseif(count($tmpArr) == 1) { + $data[strtolower($auth['firstname'])] = ''; + $data[strtolower($auth['middlename'])] = ''; + $data[strtolower($auth['lastname'])] = $tmpArr[0]; + } + } + else { + $data[strtolower($auth['firstname'])] = ''; + if($domiddle) + $data[strtolower($auth['middlename'])] = ''; + $data[strtolower($auth['lastname'])] = ''; + } + } + if(! array_key_exists($auth['email'], $data)) { + $data[strtolower($auth['email'])] = $userid . $auth['defaultemail']; + } + + $return['first'] = ereg_replace("'", "\'", $data[strtolower($auth['firstname'])]); + $return['last'] = ereg_replace("'", "\'", $data[strtolower($auth['lastname'])]); + if($domiddle && array_key_exists(strtolower($auth['middlename']), $data)) + $return['middle'] = ereg_replace("'", "\'", $data[strtolower($auth['middlename'])]); + if($donumericid) + $return['numericid'] = $data[strtolower($auth['numericid'])]; + $return['email'] = $data[strtolower($auth['email'])]; + $return['emailnotices'] = 1; + + return $return; + } + return NULL; +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn updateEXAMPLE1Groups($user) +/// +/// \param $user - an array of user data +/// +/// \brief builds an array of nisNetgroups user is a member of and calls +/// updateGroups +/// +//////////////////////////////////////////////////////////////////////////////// +function updateEXAMPLE1Groups($user) { + $count = 0; + do { + if($count > 2) + abort(35); + if($count > 0) + sleep(1); + ldapUIDLookup($user['unityid'], $userData); + $count++; + } while(! array_key_exists("info", $userData) || + ! array_key_exists("account", $userData["info"]) || + ! array_key_exists("memberNisNetgroup", $userData["info"]["account"])); + $newusergroups = array(); + if(! array_key_exists('info', $userData) || + ! array_key_exists('account', $userData['info']) || + ! array_key_exists('memberNisNetgroup', $userData['info']['account'])) + return; + foreach($userData["info"]["account"]["memberNisNetgroup"] as $item) { + $tmpArr = explode(',', $item); + $tmpArr = explode('=', $tmpArr[0]); + if(! array_key_exists(1, $tmpArr)) { + continue; + } + $grp = mysql_escape_string($tmpArr[1]); + array_push($newusergroups, getUserGroupID($grp, $user['affiliationid'])); + } + $newusergroups = array_unique($newusergroups); + updateGroups($newusergroups, $user["id"]); +} + +//////////////////////////////////////////////////////////////////////////////// +/// +/// \fn updateEXAMPLE2Groups($user) +/// +/// \param $user - an array of user data +/// +/// \brief builds an array of memberof groups user is a member of and calls +/// updateGroups +/// +//////////////////////////////////////////////////////////////////////////////// +function updateEXAMPLE2Groups($user) { + global $authMechs; + $auth = $authMechs['EXAMPLE2 LDAP']; + $ds = ldap_connect("ldaps://{$auth['server']}/"); + if(! $ds) + return 0; + ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + + $res = ldap_bind($ds, $auth['masterlogin'], + $auth['masterpwd']); + if(! $res) + return 0; + + $search = ldap_search($ds, + $auth['binddn'], + "{$auth['unityid']}={$user['unityid']}", + array('memberof'), 0, 10, 15); + if(! $search) + return 0; + + $data = ldap_get_entries($ds, $search); + $newusergroups = array(); + if(! array_key_exists('memberof', $data[0])) + return; + for($i = 0; $i < $data[0]['memberof']['count']; $i++) { + if(preg_match('/^CN=(.+),OU=CourseRolls,DC=example2,DC=com/', $data[0]['memberof'][$i], $match) || + preg_match('/^CN=(Students_Enrolled),OU=Students,DC=example2,DC=com$/', $data[0]['memberof'][$i], $match) || + preg_match('/^CN=(Staff),OU=IT,DC=example2,DC=com$/', $data[0]['memberof'][$i], $match)) + array_push($newusergroups, getUserGroupID($match[1], $user['affiliationid'])); + } + $newusergroups = array_unique($newusergroups); + updateGroups($newusergroups, $user["id"]); +}