1<?php
2namespace LAM\TOOLS\PROFILE_EDITOR;
3use \htmlResponsiveRow;
4use \htmlTitle;
5use \htmlResponsiveInputField;
6use \htmlResponsiveSelect;
7use \htmlButton;
8use \htmlHiddenInput;
9use \htmlSubTitle;
10/*
11
12  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
13  Copyright (C) 2003 - 2020  Roland Gruber
14
15  This program is free software; you can redistribute it and/or modify
16  it under the terms of the GNU General Public License as published by
17  the Free Software Foundation; either version 2 of the License, or
18  (at your option) any later version.
19
20  This program is distributed in the hope that it will be useful,
21  but WITHOUT ANY WARRANTY; without even the implied warranty of
22  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23  GNU General Public License for more details.
24
25  You should have received a copy of the GNU General Public License
26  along with this program; if not, write to the Free Software
27  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
28
29*/
30
31/**
32* Manages creating/changing of profiles.
33*
34* @package profiles
35* @author Roland Gruber
36*/
37
38/** security functions */
39include_once(__DIR__ . "/../../lib/security.inc");
40/** helper functions for profiles */
41include_once(__DIR__ . "/../../lib/profiles.inc");
42/** access to LDAP server */
43include_once(__DIR__ . "/../../lib/ldap.inc");
44/** access to configuration options */
45include_once(__DIR__ . "/../../lib/config.inc");
46/** access to account modules */
47include_once(__DIR__ . "/../../lib/modules.inc");
48/** Used to display status messages */
49include_once(__DIR__ . "/../../lib/status.inc");
50
51// start session
52startSecureSession();
53enforceUserIsLoggedIn();
54
55// die if no write access
56if (!checkIfWriteAccessIsAllowed()) die();
57
58checkIfToolIsActive('toolProfileEditor');
59
60setlanguage();
61
62if (!empty($_POST)) {
63	validateSecurityToken();
64}
65
66// check if user is logged in, if not go to login
67if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
68	metaRefresh("../login.php");
69	exit;
70}
71
72// copy type and profile name from POST to GET
73if (isset($_POST['profname'])) {
74	$_GET['edit'] = $_POST['profname'];
75}
76if (isset($_POST['accounttype'])) {
77	$_GET['type'] = $_POST['accounttype'];
78}
79
80$typeManager = new \LAM\TYPES\TypeManager();
81$type = $typeManager->getConfiguredType($_GET['type']);
82if ($type->isHidden() || !checkIfWriteAccessIsAllowed($_GET['type'])) {
83	logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
84	die();
85}
86
87// abort button was pressed
88// back to profile editor
89if (isset($_POST['abort'])) {
90	metaRefresh("profilemain.php");
91	exit;
92}
93
94$errors = array();
95
96// save button was presed
97if (isset($_POST['save'])) {
98	// create option array to check and save
99	$options = array();
100	$opt_keys = array_keys($_SESSION['profile_types']);
101	foreach ($opt_keys as $element) {
102		// text fields
103		if ($_SESSION['profile_types'][$element] == "text") {
104			$options[$element] = array($_POST[$element]);
105		}
106		// checkboxes
107		elseif ($_SESSION['profile_types'][$element] == "checkbox") {
108			if (isset($_POST[$element]) && ($_POST[$element] == "on")) $options[$element] = array('true');
109			else $options[$element] = array('false');
110		}
111		// dropdownbox
112		elseif ($_SESSION['profile_types'][$element] == "select") {
113			$options[$element] = array($_POST[$element]);
114		}
115		// multiselect
116		elseif ($_SESSION['profile_types'][$element] == "multiselect") {
117			if (isset($_POST[$element])) $options[$element] = $_POST[$element];  // value is already an array
118			else $options[$element] = array();
119		}
120		// textareas
121		if ($_SESSION['profile_types'][$element] == "textarea") {
122			$options[$element] = explode("\r\n", $_POST[$element]);
123		}
124	}
125
126	// check options
127	$errors = checkProfileOptions($_POST['accounttype'], $options);
128	if (sizeof($errors) == 0) {  // input data is valid, save profile
129		// save profile
130		if (\LAM\PROFILES\saveAccountProfile($options, $_POST['profname'], $_POST['accounttype'], $_SESSION['config'])) {
131			metaRefresh('profilemain.php?savedSuccessfully=' . $_POST['profname']);
132			exit();
133		}
134		else {
135			$errors[] = array("ERROR", _("Unable to save profile!"), $_POST['profname']);
136		}
137	}
138}
139
140// print header
141include __DIR__ . '/../../lib/adminHeader.inc';
142echo '<div class="user-bright smallPaddingContent">';
143
144// print error messages if any
145if (sizeof($errors) > 0) {
146	echo "<br>\n";
147	foreach ($errors as $error) {
148		call_user_func_array('StatusMessage', $error);
149	}
150}
151
152// empty list of attribute types
153$_SESSION['profile_types'] = array();
154
155// get module options
156$options = getProfileOptions($type->getId());
157
158// load old profile or POST values if needed
159$old_options = array();
160if (isset($_POST['save'])) {
161	foreach ($_POST as $key => $value) {
162		if (!is_array($value)) {
163			$old_options[$key] = array($value);
164		}
165		else {
166			$old_options[$key] = $value;
167		}
168	}
169}
170elseif (isset($_GET['edit'])) {
171	$old_options = \LAM\PROFILES\loadAccountProfile($_GET['edit'], $type->getId(), $_SESSION['config']->getName());
172}
173
174// display formular
175echo "<form id=\"profilepage\" action=\"profilepage.php?type=" . $type->getId() . "\" method=\"post\">\n";
176echo '<input type="hidden" name="' . getSecurityTokenName() . '" value="' . getSecurityTokenValue() . '">';
177
178$profName = '';
179if (isset($_GET['edit'])) {
180	$profName = $_GET['edit'];
181}
182
183$tabindex = 1;
184
185$container = new htmlResponsiveRow();
186$container->add(new htmlTitle(_("Profile editor")), 12);
187
188// general options
189$container->add(new htmlSubTitle(_("General settings"), '../../graphics/logo32.png', null, true), 12);
190$container->add(new htmlResponsiveInputField(_("Profile name") . '*', 'profname', $profName, '360'), 12);
191$container->addVerticalSpacer('1rem');
192// suffix box
193// get root suffix
194$rootsuffix = $type->getSuffix();
195// get subsuffixes
196$suffixes = array('-' => '-');
197$possibleSuffixes = $type->getSuffixList();
198foreach ($possibleSuffixes as $suffix) {
199	$suffixes[getAbstractDN($suffix)] = $suffix;
200}
201$selectedSuffix = array();
202if (isset($old_options['ldap_suffix'][0])) {
203	$selectedSuffix[] = $old_options['ldap_suffix'][0];
204}
205$suffixSelect = new htmlResponsiveSelect('ldap_suffix', $suffixes, $selectedSuffix, _("LDAP suffix"), '361');
206$suffixSelect->setHasDescriptiveElements(true);
207$suffixSelect->setSortElements(false);
208$suffixSelect->setRightToLeftTextDirection(true);
209$container->add($suffixSelect, 12);
210// RDNs
211$rdns = getRDNAttributes($type->getId());
212$selectedRDN = array();
213if (isset($old_options['ldap_rdn'][0])) {
214	$selectedRDN[] = $old_options['ldap_rdn'][0];
215}
216$container->add(new htmlResponsiveSelect('ldap_rdn', $rdns, $selectedRDN, _("RDN identifier"), '301'), 12);
217
218$container->addVerticalSpacer('2rem');
219
220$_SESSION['profile_types'] = parseHtml(null, $container, $old_options, false, $tabindex, $type->getScope());
221
222// display module options
223foreach ($options as $moduleName => $moduleOptions) {
224	// ignore modules without options
225	if (empty($moduleOptions)) {
226		continue;
227	}
228	$module = new $moduleName($type->getScope());
229	$icon = $module->getIcon();
230	if (!empty($icon) && !(strpos($icon, 'http') === 0) && !(strpos($icon, '/') === 0)) {
231		$icon = '../../graphics/' . $icon;
232	}
233	$modContainer = new htmlResponsiveRow();
234	$modContainer->add(new htmlSubTitle(getModuleAlias($moduleName, $type->getScope()), $icon, null, true), 12);
235	$modContainer->add($moduleOptions, 12);
236	$modContainer->addVerticalSpacer('2rem');
237	$_SESSION['profile_types'] = array_merge($_SESSION['profile_types'], parseHtml($moduleName, $modContainer, $old_options, false, $tabindex, $type->getScope()));
238}
239
240// profile name and submit/abort buttons
241$buttonTable = new htmlResponsiveRow();
242$saveButton = new htmlButton('save', _('Save'));
243$saveButton->setIconClass('saveButton');
244$buttonTable->addLabel($saveButton);
245$cancelButton = new htmlButton('abort', _('Cancel'));
246$cancelButton->setIconClass('cancelButton');
247$buttonTable->addField($cancelButton);
248$buttonTable->add(new htmlHiddenInput('accounttype', $type->getId()), 0);
249
250$_SESSION['profile_types'] = array_merge($_SESSION['profile_types'], parseHtml(null, $buttonTable, $old_options, false, $tabindex, $type->getScope()));
251
252?>
253<script type="text/javascript">
254	jQuery("#profilepage").validationEngine({promptPosition: "topLeft", addFailureCssClassToField: "lam-input-error", autoHidePrompt: true, autoHideDelay: 5000});
255</script>
256</form>
257</div>
258<?php
259include __DIR__ . '/../../lib/adminFooter.inc';
260
261?>
262