modules/ldap_lookup/ldap_lookup.user

<?php
// $Id: ldap_lookup.user,v 1.3 2007/10/04 10:07:03 kibble Exp $

/**
 *      Each time a new version of Drupals appears you have to update these if there are any changes
 *      Version:	5.1
 *      Date:		22/02/2007
 *      URL:		http://api.drupal.org/api/5/function/user_edit_validate
 *			http://api.drupal.org/api/5/function/user_edit_submit
 */

function ldap_lookup_form_alter_validate($form_id, $form_values) {

	user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']);
	
	        /** Start: LDAP Validation */
		if (ereg('[^[:space:]0-9]', $form_values['mobile'])) {
		        form_set_error('mobile', t('Mobile number cannot contain letters or special characters.'));
		        return;
		}
		if (ereg('[^[:space:]0-9]', $form_values['telephonenumber'])) {
		        form_set_error('mobile', t('Telephone number cannot contain letters or special characters.'));
		        return;
		}
		/** End: LDAP Validation */

	if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) {
		$message = t('Detected malicious attempt to alter protected user fields.');
		watchdog('security', $message, WATCHDOG_WARNING);
		form_set_error('category', $message);
	}

}

/** And this one too... */
function ldap_lookup_form_alter_submit($form_id, $form_values) {

	$account = $form_values['_account'];
	$category = $form_values['_category'];

	unset($form_values['_account'], $form_values['op'], $form_values['submit'], $form_values['delete'], $form_values['form_token'], $form_values['form_id'], $form_values['_category']);

	user_module_invoke('submit', $form_values, $account, $category);
	user_save($account, $form_values, $category);

	cache_clear_all();

		/** but keep this bit as this section updates the LDAP directory */
		/** Start: LDAP Updates */

		/**
		 *	description
		 *	extensionAttribute1
		 *	mobile
		 *	telephoneNumber
		 */
		$ldap = _ldap_lookup_auth($form_values['name'], NULL);

		$atrributes_array = array();
		$atrributes_array['description'][0] = $form_values['description'];
		$atrributes_array['extensionattribute1'][0] = $form_values['extensionattribute1'];
		$atrributes_array['mobile'][0] = $form_values['mobile'];
		$atrributes_array['telephonenumber'][0] = $form_values['telephonenumber'];
		if (variable_get('ldap_lookup_set_email', 0) == 1) {
			$atrributes_array['mail'][0] = $form_values['mail'];
		}
		$ldap->modify($form_values['name'], $atrributes_array);

		unset($ldap);

		/** End: LDAP Updates */

	drupal_set_message(t('The changes have been saved.'));
	return('user/'. $account->uid);

}

function ldap_lookup_form_alter($form_id, &$form) {

	global $user;

	if ($form_id == "user_edit") {

		// drupal_set_message('<pre>' . print_r($form, true) . '</pre>');

		$edit = (object)$form['_account']['#value'];

		unset($form['account']['name']['#description']);
		unset($form['account']['mail']['#description']);
		unset($form['account']['roles']);

		$form['#validate'] = array('ldap_lookup_form_alter_validate' => array());
		$form['#submit'] = array('ldap_lookup_form_alter_submit' => array());

		if ($user->uid == 1) {
			$form['account']['name']['#attributes'] = array("readonly" => "readonly");
		} else {
			$form['account']['name'] = array(
				'#type'			=> 'hidden',
				'#default_value'	=> $edit->name
			);
			if (variable_get('ldap_lookup_set_email', 0) != 1) {
				$form['account']['mail']['#attributes'] = array("readonly" => "readonly");
			}
		}

		$form['account']['pass']['#type'] = 'hidden';
		$form['account']['status']['#weight'] = 10;

		$ldap = _ldap_lookup_auth($form['account']['name']['#default_value'], NULL);

		if (count($ldap->connection) != 0) {

			$ent = $ldap->retrieve($ldap->binddn);

			/** these fields should be populated by the active directory */
			$form['account']['displayname'] = array(
				'#type'			=> 'textfield',
				'#title'		=> t('Display Name'),
				'#default_value'	=> $ent['displayname'][0],
				'#attributes'		=> array("readonly" => "readonly")
			);

			$form['account']['description'] = array(
				'#type'			=> 'textfield',
				'#title'		=> t('Description'),
				'#default_value'	=> $ent['description'][0],
				'#maxlength'		=> 32
			);

			$form['account']['mobile'] = array(
				'#type'			=> 'textfield',
				'#title'		=> t('Mobile Number'),
				'#default_value'	=> $ent['mobile'][0],
				'#maxlength'		=> 18
			);

			$form['account']['telephonenumber'] = array(
				'#type'			=> 'textfield',
				'#title'		=> t('Telephone Number'),
				'#default_value'	=> $ent['telephonenumber'][0],
				'#maxlength'		=> 18
			);

			$form['account']['extensionattribute1'] = array(
				'#type'			=> 'textfield',
				'#title'		=> t('Default Printer Path [UNC]'),
				'#default_value'	=> $ent['extensionattribute1'][0]
			);

		}

		unset($ldap);

	}

}

function ldap_lookup_user($op, &$edit, &$user_edit, $category = NULL) {

	if ($category == '') {
	        switch(strtolower($op)) {
	                case 'load':   /** this should only happen once with NTLM */

				if ($user_edit->uid != 0) {
					$ldap = _ldap_lookup_auth($user_edit->name, NULL);
					$ent = $ldap->retrieve($ldap->binddn);

					/** drupal_set_message($ent['mail'][0] . ":" . $ent['displayname'][0]); */
					$udata = unserialize($user_edit->data);
				        $udata['displayname'] = $ent['displayname'][0];
				        $udata['description'] = $ent['description'][0];
				        $udata['mobile'] = $ent['mobile'][0];
				        $udata['telephonenumber'] = $ent['telephonenumber'][0];
				        $udata['extensionattribute1'] = $ent['extensionattribute1'][0];
					$user_edit->data = serialize($udata);
					
			/**
			 *      kibble...
			 *      WHAT A RIGHT MESS !! The Next 60 LINES of code need tidying up !!!!
			 */
					
					/** build a complete array of roles users should be assigned to and removed from */
					$result = db_query("SELECT rid, name FROM {role}");
					if (db_num_rows($result)) {
						while ($row = db_fetch_object($result)) {
						        $role_id = $row->rid;
						        $role_array->$role_id = 0;
						}
					}

					if ($ent['memberof']['count'] != 0) {
						$sql_q = "SELECT rid FROM {ldap_lookup_associate}";
						
						$ldap_rid = db_query($sql_q);
						if (db_num_rows($ldap_rid)) {
						        while ($row = db_fetch_object($ldap_rid)) {
						                $del_flag = TRUE;
						                foreach($role_array as $role_id => $role_enable) {
						                        if ($row->rid == $role_id) {
						                                $del_flag = FALSE;
						                        }
						                }
						                if ($del_flag == TRUE) {
						                	db_query("DELETE FROM {ldap_lookup_associate} WHERE rid = " . $row->rid);
						                	db_query("DELETE FROM {users_roles} WHERE rid = " . $row->rid);
						                }
						        }
						}
						
						for($mcount = 0; $mcount != $ent['memberof']['count']; $mcount++) {
						        if ($mcount == 0) {
						                $sql_q .= " WHERE group_name = '" . $ent['memberof'][$mcount] . "'";
						        } else {
						                $sql_q .= " OR group_name = '" . $ent['memberof'][$mcount] . "'";
						        }
						}
						$results = db_query($sql_q);
						if (db_num_rows($results)) {
							while ($row = db_fetch_object($results)) {
								$role_id = $row->rid;
							        $role_array->$role_id = 1;
							}
						}

						foreach ($role_array as $role_key => $role_value) {

						        switch($role_value) {
						                case 0:
						                        db_query("DELETE FROM {users_roles} WHERE uid = " . $user_edit->uid . " AND rid = " . $role_key);
						                        unset($user_edit->roles[$role_key]);
						                        break;
								case 1:
								        $count = db_result(db_query("SELECT COUNT(*) FROM {users_roles} WHERE uid = " . $user_edit->uid . " AND rid = " . $role_key));
									if ($count == 0) {
									        $sql_q = "INSERT INTO {users_roles} (uid, rid) VALUES (" . $user_edit->uid . "," . $role_key . ")";
										db_query($sql_q);
										$rname = db_result(db_query("SELECT name FROM {role} WHERE rid = " . $role_key . " LIMIT 1"));
										$user_edit->roles[$role_key] = $rname;
									}
								        break;
							}
						}

						// drupal_set_message('<pre>' . print_r($user_edit, true) . '</pre>');
						
					}

					/** should really update all entries here as the ldap server (i.e. active directory) should over write any new changes */
					db_query(
						"UPDATE {users} SET mail = '%s', data = '%s' WHERE uid = %d",
						$ent['mail'][0] ? $ent['mail'][0] : variable_get('ldap_lookup_default_email', 'itsupport@globecast.com'), $user_edit->data, $user_edit->uid
					);

					unset($ldap);
					unset($ent);
				}

	                        break;
			case 'view':
			        $udata = unserialize($user_edit->data);
			        if (isset($udata['displayname'])) {
			        	$user_edit->name = $udata['displayname'];
			        }

				$items['email'] = array(
					'title'		=> t('Email Address'),
					'value'		=> $user_edit->mail ? $user_edit->mail : t('No email address set'),
					'class'		=> "member"
				);
				$items['title'] = array(
					'title'		=> t('Title'),
					'value'		=> $user_edit->description ? $user_edit->description : t('No title set'),
					'class'		=> "member"
				);
				$items['telephone'] = array(
					'title'		=> t('Telephone Number'),
					'value'		=> $user_edit->telephonenumber ? $user_edit->telephonenumber : t('No telephone number set'),
					'class'		=> "member"
				);
				$items['roles'] = array(
					'title'		=> t('Assigned Roles'),
					'value'		=> ucwords(implode('<br />', $user_edit->roles)),
					'class'		=> "member"
				);

				// drupal_set_message('<pre>' . print_r($user_edit, true) . '</pre>');
	                        return array(t('Profile') => $items);

			        break;
			default:
			        break;
		}
	}

}

?>
1	<?php
2	// $Id: ldap_lookup.user,v 1.3 2007/10/04 10:07:03 kibble Exp $
3
4	/**
5	* Each time a new version of Drupals appears you have to update these if there are any changes
6	* Version: 5.1
7	* Date: 22/02/2007
8	* URL: http://api.drupal.org/api/5/function/user_edit_validate
9	* http://api.drupal.org/api/5/function/user_edit_submit
10	*/
11
12	function ldap_lookup_form_alter_validate($form_id, $form_values) {
13
14	user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']);
15
16	/** Start: LDAP Validation */
17	if (ereg('[^[:space:]0-9]', $form_values['mobile'])) {
18	form_set_error('mobile', t('Mobile number cannot contain letters or special characters.'));
19	return;
20	}
21	if (ereg('[^[:space:]0-9]', $form_values['telephonenumber'])) {
22	form_set_error('mobile', t('Telephone number cannot contain letters or special characters.'));
23	return;
24	}
25	/** End: LDAP Validation */
26
27	if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) \|\| (!user_access('administer access control') && isset($form_values['roles']))) {
28	$message = t('Detected malicious attempt to alter protected user fields.');
29	watchdog('security', $message, WATCHDOG_WARNING);
30	form_set_error('category', $message);
31	}
32
33	}
34
35	/** And this one too... */
36	function ldap_lookup_form_alter_submit($form_id, $form_values) {
37
38	$account = $form_values['_account'];
39	$category = $form_values['_category'];
40
41	unset($form_values['_account'], $form_values['op'], $form_values['submit'], $form_values['delete'], $form_values['form_token'], $form_values['form_id'], $form_values['_category']);
42
43	user_module_invoke('submit', $form_values, $account, $category);
44	user_save($account, $form_values, $category);
45
46	cache_clear_all();
47
48	/** but keep this bit as this section updates the LDAP directory */
49	/** Start: LDAP Updates */
50
51	/**
52	* description
53	* extensionAttribute1
54	* mobile
55	* telephoneNumber
56	*/
57	$ldap = _ldap_lookup_auth($form_values['name'], NULL);
58
59	$atrributes_array = array();
60	$atrributes_array['description'][0] = $form_values['description'];
61	$atrributes_array['extensionattribute1'][0] = $form_values['extensionattribute1'];
62	$atrributes_array['mobile'][0] = $form_values['mobile'];
63	$atrributes_array['telephonenumber'][0] = $form_values['telephonenumber'];
64	if (variable_get('ldap_lookup_set_email', 0) == 1) {
65	$atrributes_array['mail'][0] = $form_values['mail'];
66	}
67	$ldap->modify($form_values['name'], $atrributes_array);
68
69	unset($ldap);
70
71	/** End: LDAP Updates */
72
73	drupal_set_message(t('The changes have been saved.'));
74	return('user/'. $account->uid);
75
76	}
77
78	function ldap_lookup_form_alter($form_id, &$form) {
79
80	global $user;
81
82	if ($form_id == "user_edit") {
83
84	// drupal_set_message('<pre>' . print_r($form, true) . '</pre>');
85
86	$edit = (object)$form['_account']['#value'];
87
88	unset($form['account']['name']['#description']);
89	unset($form['account']['mail']['#description']);
90	unset($form['account']['roles']);
91
92	$form['#validate'] = array('ldap_lookup_form_alter_validate' => array());
93	$form['#submit'] = array('ldap_lookup_form_alter_submit' => array());
94
95	if ($user->uid == 1) {
96	$form['account']['name']['#attributes'] = array("readonly" => "readonly");
97	} else {
98	$form['account']['name'] = array(
99	'#type' => 'hidden',
100	'#default_value' => $edit->name
101	);
102	if (variable_get('ldap_lookup_set_email', 0) != 1) {
103	$form['account']['mail']['#attributes'] = array("readonly" => "readonly");
104	}
105	}
106
107	$form['account']['pass']['#type'] = 'hidden';
108	$form['account']['status']['#weight'] = 10;
109
110	$ldap = _ldap_lookup_auth($form['account']['name']['#default_value'], NULL);
111
112	if (count($ldap->connection) != 0) {
113
114	$ent = $ldap->retrieve($ldap->binddn);
115
116	/** these fields should be populated by the active directory */
117	$form['account']['displayname'] = array(
118	'#type' => 'textfield',
119	'#title' => t('Display Name'),
120	'#default_value' => $ent['displayname'][0],
121	'#attributes' => array("readonly" => "readonly")
122	);
123
124	$form['account']['description'] = array(
125	'#type' => 'textfield',
126	'#title' => t('Description'),
127	'#default_value' => $ent['description'][0],
128	'#maxlength' => 32
129	);
130
131	$form['account']['mobile'] = array(
132	'#type' => 'textfield',
133	'#title' => t('Mobile Number'),
134	'#default_value' => $ent['mobile'][0],
135	'#maxlength' => 18
136	);
137
138	$form['account']['telephonenumber'] = array(
139	'#type' => 'textfield',
140	'#title' => t('Telephone Number'),
141	'#default_value' => $ent['telephonenumber'][0],
142	'#maxlength' => 18
143	);
144
145	$form['account']['extensionattribute1'] = array(
146	'#type' => 'textfield',
147	'#title' => t('Default Printer Path [UNC]'),
148	'#default_value' => $ent['extensionattribute1'][0]
149	);
150
151	}
152
153	unset($ldap);
154
155	}
156
157	}
158
159	function ldap_lookup_user($op, &$edit, &$user_edit, $category = NULL) {
160
161	if ($category == '') {
162	switch(strtolower($op)) {
163	case 'load': /** this should only happen once with NTLM */
164
165	if ($user_edit->uid != 0) {
166	$ldap = _ldap_lookup_auth($user_edit->name, NULL);
167	$ent = $ldap->retrieve($ldap->binddn);
168
169	/** drupal_set_message($ent['mail'][0] . ":" . $ent['displayname'][0]); */
170	$udata = unserialize($user_edit->data);
171	$udata['displayname'] = $ent['displayname'][0];
172	$udata['description'] = $ent['description'][0];
173	$udata['mobile'] = $ent['mobile'][0];
174	$udata['telephonenumber'] = $ent['telephonenumber'][0];
175	$udata['extensionattribute1'] = $ent['extensionattribute1'][0];
176	$user_edit->data = serialize($udata);
177
178	/**
179	* kibble...
180	* WHAT A RIGHT MESS !! The Next 60 LINES of code need tidying up !!!!
181	*/
182
183	/** build a complete array of roles users should be assigned to and removed from */
184	$result = db_query("SELECT rid, name FROM {role}");
185	if (db_num_rows($result)) {
186	while ($row = db_fetch_object($result)) {
187	$role_id = $row->rid;
188	$role_array->$role_id = 0;
189	}
190	}
191
192	if ($ent['memberof']['count'] != 0) {
193	$sql_q = "SELECT rid FROM {ldap_lookup_associate}";
194
195	$ldap_rid = db_query($sql_q);
196	if (db_num_rows($ldap_rid)) {
197	while ($row = db_fetch_object($ldap_rid)) {
198	$del_flag = TRUE;
199	foreach($role_array as $role_id => $role_enable) {
200	if ($row->rid == $role_id) {
201	$del_flag = FALSE;
202	}
203	}
204	if ($del_flag == TRUE) {
205	db_query("DELETE FROM {ldap_lookup_associate} WHERE rid = " . $row->rid);
206	db_query("DELETE FROM {users_roles} WHERE rid = " . $row->rid);
207	}
208	}
209	}
210
211	for($mcount = 0; $mcount != $ent['memberof']['count']; $mcount++) {
212	if ($mcount == 0) {
213	$sql_q .= " WHERE group_name = '" . $ent['memberof'][$mcount] . "'";
214	} else {
215	$sql_q .= " OR group_name = '" . $ent['memberof'][$mcount] . "'";
216	}
217	}
218	$results = db_query($sql_q);
219	if (db_num_rows($results)) {
220	while ($row = db_fetch_object($results)) {
221	$role_id = $row->rid;
222	$role_array->$role_id = 1;
223	}
224	}
225
226	foreach ($role_array as $role_key => $role_value) {
227
228	switch($role_value) {
229	case 0:
230	db_query("DELETE FROM {users_roles} WHERE uid = " . $user_edit->uid . " AND rid = " . $role_key);
231	unset($user_edit->roles[$role_key]);
232	break;
233	case 1:
234	$count = db_result(db_query("SELECT COUNT(*) FROM {users_roles} WHERE uid = " . $user_edit->uid . " AND rid = " . $role_key));
235	if ($count == 0) {
236	$sql_q = "INSERT INTO {users_roles} (uid, rid) VALUES (" . $user_edit->uid . "," . $role_key . ")";
237	db_query($sql_q);
238	$rname = db_result(db_query("SELECT name FROM {role} WHERE rid = " . $role_key . " LIMIT 1"));
239	$user_edit->roles[$role_key] = $rname;
240	}
241	break;
242	}
243	}
244
245	// drupal_set_message('<pre>' . print_r($user_edit, true) . '</pre>');
246
247	}
248
249	/** should really update all entries here as the ldap server (i.e. active directory) should over write any new changes */
250	db_query(
251	"UPDATE {users} SET mail = '%s', data = '%s' WHERE uid = %d",
252	$ent['mail'][0] ? $ent['mail'][0] : variable_get('ldap_lookup_default_email', 'itsupport@globecast.com'), $user_edit->data, $user_edit->uid
253	);
254
255	unset($ldap);
256	unset($ent);
257	}
258
259	break;
260	case 'view':
261	$udata = unserialize($user_edit->data);
262	if (isset($udata['displayname'])) {
263	$user_edit->name = $udata['displayname'];
264	}
265
266	$items['email'] = array(
267	'title' => t('Email Address'),
268	'value' => $user_edit->mail ? $user_edit->mail : t('No email address set'),
269	'class' => "member"
270	);
271	$items['title'] = array(
272	'title' => t('Title'),
273	'value' => $user_edit->description ? $user_edit->description : t('No title set'),
274	'class' => "member"
275	);
276	$items['telephone'] = array(
277	'title' => t('Telephone Number'),
278	'value' => $user_edit->telephonenumber ? $user_edit->telephonenumber : t('No telephone number set'),
279	'class' => "member"
280	);
281	$items['roles'] = array(
282	'title' => t('Assigned Roles'),
283	'value' => ucwords(implode('<br />', $user_edit->roles)),
284	'class' => "member"
285	);
286
287	// drupal_set_message('<pre>' . print_r($user_edit, true) . '</pre>');
288	return array(t('Profile') => $items);
289
290	break;
291	default:
292	break;
293	}
294	}
295
296	}
297
298	?>