diff --git a/app/login/login_check.php b/app/login/login_check.php
new file mode 100644
index 0000000..2be680c
--- /dev/null
+++ b/app/login/login_check.php
@@ -0,0 +1,32 @@
+strip_input_tags ($_POST);
+
+# Authenticate
+if( !empty($_POST['trapusername']) && !empty($_POST['trappassword']) ) {
+ # all good, try to authentucate user
+ $User->authenticate ($_POST['trapusername'], $_POST['trappassword']);
+}
+# Username / pass not provided
+else {
+ $Result->show("danger", _('Please enter your username and password'), true);
+}
+?>
diff --git a/app/message/edit-submit.php b/app/message/edit-submit.php
new file mode 100644
index 0000000..830922e
--- /dev/null
+++ b/app/message/edit-submit.php
@@ -0,0 +1,27 @@
+check_user_session();
+
+/*
+print "
";
+var_dump($_POST);
+die('alert-danger');
+*/
+
+# execute
+if ($_POST['action']=="define") { $Trap_update->update_trap ($_POST['action'], $_POST); }
+elseif ($_POST['action']=="delete") { $Trap_update->update_trap ($_POST['action'], $_POST); }
+elseif ($_POST['action']=="ignore") { $Trap_update->update_trap ($_POST['action'], $_POST); }
+else { $Result->show ("warning", "Not implemented yet !", false); }
+?>
\ No newline at end of file
diff --git a/app/message/edit.php b/app/message/edit.php
new file mode 100644
index 0000000..00b7e78
--- /dev/null
+++ b/app/message/edit.php
@@ -0,0 +1,190 @@
+check_user_session();
+
+# fetch item
+$item = $Trap->fetch_snmp_trap ($_GET['id']);
+
+
+# validate
+if ($item!==false) {
+ // set title
+ $title = ucwords($_GET['action'])." message";
+ // footer text
+ $btn_text = ucwords($_GET['action']);
+
+
+ // add exception
+ if ($_GET['action']=="ignore") {
+
+ // distinct hosts
+ $uniq = $Common->fetch_unique_items ("traps", "hostname");
+ if ($uniq!==false) {
+ foreach ($uniq as $u) {
+ $unique_hosts[] = $u->hostname;
+ }
+ // add all
+ $unique_hosts = array_filter(array_merge(array("all"=>"all"), $unique_hosts));
+ }
+
+ // title
+ $title = "Ignore message";
+
+ // content
+ $html[] = "Here you define for some OID to be excluded from processing. All existing records with this OID will be deleted.
";
+
+ $html[] = "
";
+
+ // save content
+ $content = implode("\n", $html);
+ }
+ // define
+ elseif ($_GET['action']=="define") {
+ // title
+ $title = "Define severity for message";
+
+ // content
+ $html[] = "Here you can change severities for OID messages. All existing records with this OID will be updated.
";
+
+ $html[] = "";
+
+ // save content
+ $content = implode("\n", $html);
+
+ }
+ // delete all
+ elseif ($_GET['action']=="delete") {
+ // title
+ $title = "Delete all traps for oid";
+
+ // content
+ $html[] = "Here you can remove all traps for specific OID. All existing records with this OID will be removed. If content is defined than it will search by content also.
";
+}
+?>
\ No newline at end of file
diff --git a/app/settings/exceptions.php b/app/settings/exceptions.php
new file mode 100644
index 0000000..1f5db09
--- /dev/null
+++ b/app/settings/exceptions.php
@@ -0,0 +1,49 @@
+
Ignored messages (Exceptions)
+
+
+Below messages will not be placed to database, and notification message for below definitions will not be sent. If only OID is set, than trap containing this OID will not be processes.
+If hostname is set it will match hostname also, same goes for messages for better fine-tuning.
+
+
+
+Here you can set maintaneance periods for specific hosts. During maintaneance period you will not be receiving notifications for this host, but notifications will still be arraving to database.
+
";
+
+?>
\ No newline at end of file
diff --git a/app/settings/severity_definitions.php b/app/settings/severity_definitions.php
new file mode 100644
index 0000000..4dd6562
--- /dev/null
+++ b/app/settings/severity_definitions.php
@@ -0,0 +1,48 @@
+
Severity definitions
+
+
+List of all user-defined severity definitions.
+
';
+ }
+ }
+
+ /**
+ * Get an array of error messages, if any.
+ * @return array
+ */
+ public function getErrors()
+ {
+ return $this->errors;
+ }
+
+ /**
+ * POP3 connection error handler.
+ * @param integer $errno
+ * @param string $errstr
+ * @param string $errfile
+ * @param integer $errline
+ * @access protected
+ */
+ protected function catchWarning($errno, $errstr, $errfile, $errline)
+ {
+ $this->setError(array(
+ 'error' => "Connecting to the POP3 server raised a PHP warning: ",
+ 'errno' => $errno,
+ 'errstr' => $errstr,
+ 'errfile' => $errfile,
+ 'errline' => $errline
+ ));
+ }
+}
diff --git a/functions/PHPMailer/class.smtp.php b/functions/PHPMailer/class.smtp.php
new file mode 100644
index 0000000..950b002
--- /dev/null
+++ b/functions/PHPMailer/class.smtp.php
@@ -0,0 +1,1176 @@
+
+ * @author Jim Jagielski (jimjag)
+ * @author Andy Prevost (codeworxtech)
+ * @author Brent R. Matzelle (original founder)
+ * @copyright 2014 Marcus Bointon
+ * @copyright 2010 - 2012 Jim Jagielski
+ * @copyright 2004 - 2009 Andy Prevost
+ * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @note This program is distributed in the hope that it will be useful - WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/**
+ * PHPMailer RFC821 SMTP email transport class.
+ * Implements RFC 821 SMTP commands and provides some utility methods for sending mail to an SMTP server.
+ * @package PHPMailer
+ * @author Chris Ryan
+ * @author Marcus Bointon
+ */
+class SMTP
+{
+ /**
+ * The PHPMailer SMTP version number.
+ * @var string
+ */
+ const VERSION = '5.2.13';
+
+ /**
+ * SMTP line break constant.
+ * @var string
+ */
+ const CRLF = "\r\n";
+
+ /**
+ * The SMTP port to use if one is not specified.
+ * @var integer
+ */
+ const DEFAULT_SMTP_PORT = 25;
+
+ /**
+ * The maximum line length allowed by RFC 2822 section 2.1.1
+ * @var integer
+ */
+ const MAX_LINE_LENGTH = 998;
+
+ /**
+ * Debug level for no output
+ */
+ const DEBUG_OFF = 0;
+
+ /**
+ * Debug level to show client -> server messages
+ */
+ const DEBUG_CLIENT = 1;
+
+ /**
+ * Debug level to show client -> server and server -> client messages
+ */
+ const DEBUG_SERVER = 2;
+
+ /**
+ * Debug level to show connection status, client -> server and server -> client messages
+ */
+ const DEBUG_CONNECTION = 3;
+
+ /**
+ * Debug level to show all messages
+ */
+ const DEBUG_LOWLEVEL = 4;
+
+ /**
+ * The PHPMailer SMTP Version number.
+ * @var string
+ * @deprecated Use the `VERSION` constant instead
+ * @see SMTP::VERSION
+ */
+ public $Version = '5.2.13';
+
+ /**
+ * SMTP server port number.
+ * @var integer
+ * @deprecated This is only ever used as a default value, so use the `DEFAULT_SMTP_PORT` constant instead
+ * @see SMTP::DEFAULT_SMTP_PORT
+ */
+ public $SMTP_PORT = 25;
+
+ /**
+ * SMTP reply line ending.
+ * @var string
+ * @deprecated Use the `CRLF` constant instead
+ * @see SMTP::CRLF
+ */
+ public $CRLF = "\r\n";
+
+ /**
+ * Debug output level.
+ * Options:
+ * * self::DEBUG_OFF (`0`) No debug output, default
+ * * self::DEBUG_CLIENT (`1`) Client commands
+ * * self::DEBUG_SERVER (`2`) Client commands and server responses
+ * * self::DEBUG_CONNECTION (`3`) As DEBUG_SERVER plus connection status
+ * * self::DEBUG_LOWLEVEL (`4`) Low-level data output, all messages
+ * @var integer
+ */
+ public $do_debug = self::DEBUG_OFF;
+
+ /**
+ * How to handle debug output.
+ * Options:
+ * * `echo` Output plain-text as-is, appropriate for CLI
+ * * `html` Output escaped, line breaks converted to ` `, appropriate for browser output
+ * * `error_log` Output to error log as configured in php.ini
+ *
+ * Alternatively, you can provide a callable expecting two params: a message string and the debug level:
+ *
+ * $smtp->Debugoutput = function($str, $level) {echo "debug level $level; message: $str";};
+ *
+ * @var string|callable
+ */
+ public $Debugoutput = 'echo';
+
+ /**
+ * Whether to use VERP.
+ * @link http://en.wikipedia.org/wiki/Variable_envelope_return_path
+ * @link http://www.postfix.org/VERP_README.html Info on VERP
+ * @var boolean
+ */
+ public $do_verp = false;
+
+ /**
+ * The timeout value for connection, in seconds.
+ * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
+ * This needs to be quite high to function correctly with hosts using greetdelay as an anti-spam measure.
+ * @link http://tools.ietf.org/html/rfc2821#section-4.5.3.2
+ * @var integer
+ */
+ public $Timeout = 300;
+
+ /**
+ * How long to wait for commands to complete, in seconds.
+ * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
+ * @var integer
+ */
+ public $Timelimit = 300;
+
+ /**
+ * The socket for the server connection.
+ * @var resource
+ */
+ protected $smtp_conn;
+
+ /**
+ * Error information, if any, for the last SMTP command.
+ * @var array
+ */
+ protected $error = array(
+ 'error' => '',
+ 'detail' => '',
+ 'smtp_code' => '',
+ 'smtp_code_ex' => ''
+ );
+
+ /**
+ * The reply the server sent to us for HELO.
+ * If null, no HELO string has yet been received.
+ * @var string|null
+ */
+ protected $helo_rply = null;
+
+ /**
+ * The set of SMTP extensions sent in reply to EHLO command.
+ * Indexes of the array are extension names.
+ * Value at index 'HELO' or 'EHLO' (according to command that was sent)
+ * represents the server name. In case of HELO it is the only element of the array.
+ * Other values can be boolean TRUE or an array containing extension options.
+ * If null, no HELO/EHLO string has yet been received.
+ * @var array|null
+ */
+ protected $server_caps = null;
+
+ /**
+ * The most recent reply received from the server.
+ * @var string
+ */
+ protected $last_reply = '';
+
+ /**
+ * Output debugging info via a user-selected method.
+ * @see SMTP::$Debugoutput
+ * @see SMTP::$do_debug
+ * @param string $str Debug string to output
+ * @param integer $level The debug level of this message; see DEBUG_* constants
+ * @return void
+ */
+ protected function edebug($str, $level = 0)
+ {
+ if ($level > $this->do_debug) {
+ return;
+ }
+ //Avoid clash with built-in function names
+ if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {
+ call_user_func($this->Debugoutput, $str, $this->do_debug);
+ return;
+ }
+ switch ($this->Debugoutput) {
+ case 'error_log':
+ //Don't output, just log
+ error_log($str);
+ break;
+ case 'html':
+ //Cleans up output a bit for a better looking, HTML-safe output
+ echo htmlentities(
+ preg_replace('/[\r\n]+/', '', $str),
+ ENT_QUOTES,
+ 'UTF-8'
+ )
+ . " \n";
+ break;
+ case 'echo':
+ default:
+ //Normalize line breaks
+ $str = preg_replace('/(\r\n|\r|\n)/ms', "\n", $str);
+ echo gmdate('Y-m-d H:i:s') . "\t" . str_replace(
+ "\n",
+ "\n \t ",
+ trim($str)
+ )."\n";
+ }
+ }
+
+ /**
+ * Connect to an SMTP server.
+ * @param string $host SMTP server IP or host name
+ * @param integer $port The port number to connect to
+ * @param integer $timeout How long to wait for the connection to open
+ * @param array $options An array of options for stream_context_create()
+ * @access public
+ * @return boolean
+ */
+ public function connect($host, $port = null, $timeout = 30, $options = array())
+ {
+ static $streamok;
+ //This is enabled by default since 5.0.0 but some providers disable it
+ //Check this once and cache the result
+ if (is_null($streamok)) {
+ $streamok = function_exists('stream_socket_client');
+ }
+ // Clear errors to avoid confusion
+ $this->setError('');
+ // Make sure we are __not__ connected
+ if ($this->connected()) {
+ // Already connected, generate error
+ $this->setError('Already connected to a server');
+ return false;
+ }
+ if (empty($port)) {
+ $port = self::DEFAULT_SMTP_PORT;
+ }
+ // Connect to the SMTP server
+ $this->edebug(
+ "Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true),
+ self::DEBUG_CONNECTION
+ );
+ $errno = 0;
+ $errstr = '';
+ if ($streamok) {
+ $socket_context = stream_context_create($options);
+ //Suppress errors; connection failures are handled at a higher level
+ $this->smtp_conn = @stream_socket_client(
+ $host . ":" . $port,
+ $errno,
+ $errstr,
+ $timeout,
+ STREAM_CLIENT_CONNECT,
+ $socket_context
+ );
+ } else {
+ //Fall back to fsockopen which should work in more places, but is missing some features
+ $this->edebug(
+ "Connection: stream_socket_client not available, falling back to fsockopen",
+ self::DEBUG_CONNECTION
+ );
+ $this->smtp_conn = fsockopen(
+ $host,
+ $port,
+ $errno,
+ $errstr,
+ $timeout
+ );
+ }
+ // Verify we connected properly
+ if (!is_resource($this->smtp_conn)) {
+ $this->setError(
+ 'Failed to connect to server',
+ $errno,
+ $errstr
+ );
+ $this->edebug(
+ 'SMTP ERROR: ' . $this->error['error']
+ . ": $errstr ($errno)",
+ self::DEBUG_CLIENT
+ );
+ return false;
+ }
+ $this->edebug('Connection: opened', self::DEBUG_CONNECTION);
+ // SMTP server can take longer to respond, give longer timeout for first read
+ // Windows does not have support for this timeout function
+ if (substr(PHP_OS, 0, 3) != 'WIN') {
+ $max = ini_get('max_execution_time');
+ // Don't bother if unlimited
+ if ($max != 0 && $timeout > $max) {
+ @set_time_limit($timeout);
+ }
+ stream_set_timeout($this->smtp_conn, $timeout, 0);
+ }
+ // Get any announcement
+ $announce = $this->get_lines();
+ $this->edebug('SERVER -> CLIENT: ' . $announce, self::DEBUG_SERVER);
+ return true;
+ }
+
+ /**
+ * Initiate a TLS (encrypted) session.
+ * @access public
+ * @return boolean
+ */
+ public function startTLS()
+ {
+ if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) {
+ return false;
+ }
+ // Begin encrypted connection
+ if (!stream_socket_enable_crypto(
+ $this->smtp_conn,
+ true,
+ STREAM_CRYPTO_METHOD_TLS_CLIENT
+ )) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Perform SMTP authentication.
+ * Must be run after hello().
+ * @see hello()
+ * @param string $username The user name
+ * @param string $password The password
+ * @param string $authtype The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5, XOAUTH2)
+ * @param string $realm The auth realm for NTLM
+ * @param string $workstation The auth workstation for NTLM
+ * @param null|OAuth $OAuth An optional OAuth instance (@see PHPMailerOAuth)
+ * @return bool True if successfully authenticated.* @access public
+ */
+ public function authenticate(
+ $username,
+ $password,
+ $authtype = null,
+ $realm = '',
+ $workstation = '',
+ $OAuth = null
+ ) {
+ if (!$this->server_caps) {
+ $this->setError('Authentication is not allowed before HELO/EHLO');
+ return false;
+ }
+
+ if (array_key_exists('EHLO', $this->server_caps)) {
+ // SMTP extensions are available. Let's try to find a proper authentication method
+
+ if (!array_key_exists('AUTH', $this->server_caps)) {
+ $this->setError('Authentication is not allowed at this stage');
+ // 'at this stage' means that auth may be allowed after the stage changes
+ // e.g. after STARTTLS
+ return false;
+ }
+
+ self::edebug('Auth method requested: ' . ($authtype ? $authtype : 'UNKNOWN'), self::DEBUG_LOWLEVEL);
+ self::edebug(
+ 'Auth methods available on the server: ' . implode(',', $this->server_caps['AUTH']),
+ self::DEBUG_LOWLEVEL
+ );
+
+ if (empty($authtype)) {
+ foreach (array('LOGIN', 'CRAM-MD5', 'NTLM', 'PLAIN', 'XOAUTH2') as $method) {
+ if (in_array($method, $this->server_caps['AUTH'])) {
+ $authtype = $method;
+ break;
+ }
+ }
+ if (empty($authtype)) {
+ $this->setError('No supported authentication methods found');
+ return false;
+ }
+ self::edebug('Auth method selected: '.$authtype, self::DEBUG_LOWLEVEL);
+ }
+
+ if (!in_array($authtype, $this->server_caps['AUTH'])) {
+ $this->setError("The requested authentication method \"$authtype\" is not supported by the server");
+ return false;
+ }
+ } elseif (empty($authtype)) {
+ $authtype = 'LOGIN';
+ }
+ switch ($authtype) {
+ case 'PLAIN':
+ // Start authentication
+ if (!$this->sendCommand('AUTH', 'AUTH PLAIN', 334)) {
+ return false;
+ }
+ // Send encoded username and password
+ if (!$this->sendCommand(
+ 'User & Password',
+ base64_encode("\0" . $username . "\0" . $password),
+ 235
+ )
+ ) {
+ return false;
+ }
+ break;
+ case 'LOGIN':
+ // Start authentication
+ if (!$this->sendCommand('AUTH', 'AUTH LOGIN', 334)) {
+ return false;
+ }
+ if (!$this->sendCommand("Username", base64_encode($username), 334)) {
+ return false;
+ }
+ if (!$this->sendCommand("Password", base64_encode($password), 235)) {
+ return false;
+ }
+ break;
+ case 'XOAUTH2':
+ //If the OAuth Instance is not set. Can be a case when PHPMailer is used
+ //instead of PHPMailerOAuth
+ if (is_null($OAuth)) {
+ return false;
+ }
+ $oauth = $OAuth->getOauth64();
+
+ // Start authentication
+ if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 ' . $oauth, 235)) {
+ return false;
+ }
+ break;
+ case 'NTLM':
+ /*
+ * ntlm_sasl_client.php
+ * Bundled with Permission
+ *
+ * How to telnet in windows:
+ * http://technet.microsoft.com/en-us/library/aa995718%28EXCHG.65%29.aspx
+ * PROTOCOL Docs http://curl.haxx.se/rfc/ntlm.html#ntlmSmtpAuthentication
+ */
+ require_once 'extras/ntlm_sasl_client.php';
+ $temp = new stdClass;
+ $ntlm_client = new ntlm_sasl_client_class;
+ //Check that functions are available
+ if (!$ntlm_client->Initialize($temp)) {
+ $this->setError($temp->error);
+ $this->edebug(
+ 'You need to enable some modules in your php.ini file: '
+ . $this->error['error'],
+ self::DEBUG_CLIENT
+ );
+ return false;
+ }
+ //msg1
+ $msg1 = $ntlm_client->TypeMsg1($realm, $workstation); //msg1
+
+ if (!$this->sendCommand(
+ 'AUTH NTLM',
+ 'AUTH NTLM ' . base64_encode($msg1),
+ 334
+ )
+ ) {
+ return false;
+ }
+ //Though 0 based, there is a white space after the 3 digit number
+ //msg2
+ $challenge = substr($this->last_reply, 3);
+ $challenge = base64_decode($challenge);
+ $ntlm_res = $ntlm_client->NTLMResponse(
+ substr($challenge, 24, 8),
+ $password
+ );
+ //msg3
+ $msg3 = $ntlm_client->TypeMsg3(
+ $ntlm_res,
+ $username,
+ $realm,
+ $workstation
+ );
+ // send encoded username
+ return $this->sendCommand('Username', base64_encode($msg3), 235);
+ case 'CRAM-MD5':
+ // Start authentication
+ if (!$this->sendCommand('AUTH CRAM-MD5', 'AUTH CRAM-MD5', 334)) {
+ return false;
+ }
+ // Get the challenge
+ $challenge = base64_decode(substr($this->last_reply, 4));
+
+ // Build the response
+ $response = $username . ' ' . $this->hmac($challenge, $password);
+
+ // send encoded credentials
+ return $this->sendCommand('Username', base64_encode($response), 235);
+ default:
+ $this->setError("Authentication method \"$authtype\" is not supported");
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Calculate an MD5 HMAC hash.
+ * Works like hash_hmac('md5', $data, $key)
+ * in case that function is not available
+ * @param string $data The data to hash
+ * @param string $key The key to hash with
+ * @access protected
+ * @return string
+ */
+ protected function hmac($data, $key)
+ {
+ if (function_exists('hash_hmac')) {
+ return hash_hmac('md5', $data, $key);
+ }
+
+ // The following borrowed from
+ // http://php.net/manual/en/function.mhash.php#27225
+
+ // RFC 2104 HMAC implementation for php.
+ // Creates an md5 HMAC.
+ // Eliminates the need to install mhash to compute a HMAC
+ // by Lance Rushing
+
+ $bytelen = 64; // byte length for md5
+ if (strlen($key) > $bytelen) {
+ $key = pack('H*', md5($key));
+ }
+ $key = str_pad($key, $bytelen, chr(0x00));
+ $ipad = str_pad('', $bytelen, chr(0x36));
+ $opad = str_pad('', $bytelen, chr(0x5c));
+ $k_ipad = $key ^ $ipad;
+ $k_opad = $key ^ $opad;
+
+ return md5($k_opad . pack('H*', md5($k_ipad . $data)));
+ }
+
+ /**
+ * Check connection state.
+ * @access public
+ * @return boolean True if connected.
+ */
+ public function connected()
+ {
+ if (is_resource($this->smtp_conn)) {
+ $sock_status = stream_get_meta_data($this->smtp_conn);
+ if ($sock_status['eof']) {
+ // The socket is valid but we are not connected
+ $this->edebug(
+ 'SMTP NOTICE: EOF caught while checking if connected',
+ self::DEBUG_CLIENT
+ );
+ $this->close();
+ return false;
+ }
+ return true; // everything looks good
+ }
+ return false;
+ }
+
+ /**
+ * Close the socket and clean up the state of the class.
+ * Don't use this function without first trying to use QUIT.
+ * @see quit()
+ * @access public
+ * @return void
+ */
+ public function close()
+ {
+ $this->setError('');
+ $this->server_caps = null;
+ $this->helo_rply = null;
+ if (is_resource($this->smtp_conn)) {
+ // close the connection and cleanup
+ fclose($this->smtp_conn);
+ $this->smtp_conn = null; //Makes for cleaner serialization
+ $this->edebug('Connection: closed', self::DEBUG_CONNECTION);
+ }
+ }
+
+ /**
+ * Send an SMTP DATA command.
+ * Issues a data command and sends the msg_data to the server,
+ * finializing the mail transaction. $msg_data is the message
+ * that is to be send with the headers. Each header needs to be
+ * on a single line followed by a with the message headers
+ * and the message body being separated by and additional .
+ * Implements rfc 821: DATA
+ * @param string $msg_data Message data to send
+ * @access public
+ * @return boolean
+ */
+ public function data($msg_data)
+ {
+ //This will use the standard timelimit
+ if (!$this->sendCommand('DATA', 'DATA', 354)) {
+ return false;
+ }
+
+ /* The server is ready to accept data!
+ * According to rfc821 we should not send more than 1000 characters on a single line (including the CRLF)
+ * so we will break the data up into lines by \r and/or \n then if needed we will break each of those into
+ * smaller lines to fit within the limit.
+ * We will also look for lines that start with a '.' and prepend an additional '.'.
+ * NOTE: this does not count towards line-length limit.
+ */
+
+ // Normalize line breaks before exploding
+ $lines = explode("\n", str_replace(array("\r\n", "\r"), "\n", $msg_data));
+
+ /* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
+ * of the first line (':' separated) does not contain a space then it _should_ be a header and we will
+ * process all lines before a blank line as headers.
+ */
+
+ $field = substr($lines[0], 0, strpos($lines[0], ':'));
+ $in_headers = false;
+ if (!empty($field) && strpos($field, ' ') === false) {
+ $in_headers = true;
+ }
+
+ foreach ($lines as $line) {
+ $lines_out = array();
+ if ($in_headers and $line == '') {
+ $in_headers = false;
+ }
+ //Break this line up into several smaller lines if it's too long
+ //Micro-optimisation: isset($str[$len]) is faster than (strlen($str) > $len),
+ while (isset($line[self::MAX_LINE_LENGTH])) {
+ //Working backwards, try to find a space within the last MAX_LINE_LENGTH chars of the line to break on
+ //so as to avoid breaking in the middle of a word
+ $pos = strrpos(substr($line, 0, self::MAX_LINE_LENGTH), ' ');
+ //Deliberately matches both false and 0
+ if (!$pos) {
+ //No nice break found, add a hard break
+ $pos = self::MAX_LINE_LENGTH - 1;
+ $lines_out[] = substr($line, 0, $pos);
+ $line = substr($line, $pos);
+ } else {
+ //Break at the found point
+ $lines_out[] = substr($line, 0, $pos);
+ //Move along by the amount we dealt with
+ $line = substr($line, $pos + 1);
+ }
+ //If processing headers add a LWSP-char to the front of new line RFC822 section 3.1.1
+ if ($in_headers) {
+ $line = "\t" . $line;
+ }
+ }
+ $lines_out[] = $line;
+
+ //Send the lines to the server
+ foreach ($lines_out as $line_out) {
+ //RFC2821 section 4.5.2
+ if (!empty($line_out) and $line_out[0] == '.') {
+ $line_out = '.' . $line_out;
+ }
+ $this->client_send($line_out . self::CRLF);
+ }
+ }
+
+ //Message data has been sent, complete the command
+ //Increase timelimit for end of DATA command
+ $savetimelimit = $this->Timelimit;
+ $this->Timelimit = $this->Timelimit * 2;
+ $result = $this->sendCommand('DATA END', '.', 250);
+ //Restore timelimit
+ $this->Timelimit = $savetimelimit;
+ return $result;
+ }
+
+ /**
+ * Send an SMTP HELO or EHLO command.
+ * Used to identify the sending server to the receiving server.
+ * This makes sure that client and server are in a known state.
+ * Implements RFC 821: HELO
+ * and RFC 2821 EHLO.
+ * @param string $host The host name or IP to connect to
+ * @access public
+ * @return boolean
+ */
+ public function hello($host = '')
+ {
+ //Try extended hello first (RFC 2821)
+ return (boolean)($this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host));
+ }
+
+ /**
+ * Send an SMTP HELO or EHLO command.
+ * Low-level implementation used by hello()
+ * @see hello()
+ * @param string $hello The HELO string
+ * @param string $host The hostname to say we are
+ * @access protected
+ * @return boolean
+ */
+ protected function sendHello($hello, $host)
+ {
+ $noerror = $this->sendCommand($hello, $hello . ' ' . $host, 250);
+ $this->helo_rply = $this->last_reply;
+ if ($noerror) {
+ $this->parseHelloFields($hello);
+ } else {
+ $this->server_caps = null;
+ }
+ return $noerror;
+ }
+
+ /**
+ * Parse a reply to HELO/EHLO command to discover server extensions.
+ * In case of HELO, the only parameter that can be discovered is a server name.
+ * @access protected
+ * @param string $type - 'HELO' or 'EHLO'
+ */
+ protected function parseHelloFields($type)
+ {
+ $this->server_caps = array();
+ $lines = explode("\n", $this->last_reply);
+
+ foreach ($lines as $n => $s) {
+ //First 4 chars contain response code followed by - or space
+ $s = trim(substr($s, 4));
+ if (empty($s)) {
+ continue;
+ }
+ $fields = explode(' ', $s);
+ if (!empty($fields)) {
+ if (!$n) {
+ $name = $type;
+ $fields = $fields[0];
+ } else {
+ $name = array_shift($fields);
+ switch ($name) {
+ case 'SIZE':
+ $fields = ($fields ? $fields[0] : 0);
+ break;
+ case 'AUTH':
+ if (!is_array($fields)) {
+ $fields = array();
+ }
+ break;
+ default:
+ $fields = true;
+ }
+ }
+ $this->server_caps[$name] = $fields;
+ }
+ }
+ }
+
+ /**
+ * Send an SMTP MAIL command.
+ * Starts a mail transaction from the email address specified in
+ * $from. Returns true if successful or false otherwise. If True
+ * the mail transaction is started and then one or more recipient
+ * commands may be called followed by a data command.
+ * Implements rfc 821: MAIL FROM:
+ * @param string $from Source address of this message
+ * @access public
+ * @return boolean
+ */
+ public function mail($from)
+ {
+ $useVerp = ($this->do_verp ? ' XVERP' : '');
+ return $this->sendCommand(
+ 'MAIL FROM',
+ 'MAIL FROM:<' . $from . '>' . $useVerp,
+ 250
+ );
+ }
+
+ /**
+ * Send an SMTP QUIT command.
+ * Closes the socket if there is no error or the $close_on_error argument is true.
+ * Implements from rfc 821: QUIT
+ * @param boolean $close_on_error Should the connection close if an error occurs?
+ * @access public
+ * @return boolean
+ */
+ public function quit($close_on_error = true)
+ {
+ $noerror = $this->sendCommand('QUIT', 'QUIT', 221);
+ $err = $this->error; //Save any error
+ if ($noerror or $close_on_error) {
+ $this->close();
+ $this->error = $err; //Restore any error from the quit command
+ }
+ return $noerror;
+ }
+
+ /**
+ * Send an SMTP RCPT command.
+ * Sets the TO argument to $toaddr.
+ * Returns true if the recipient was accepted false if it was rejected.
+ * Implements from rfc 821: RCPT TO:
+ * @param string $toaddr The address the message is being sent to
+ * @access public
+ * @return boolean
+ */
+ public function recipient($toaddr)
+ {
+ return $this->sendCommand(
+ 'RCPT TO',
+ 'RCPT TO:<' . $toaddr . '>',
+ array(250, 251)
+ );
+ }
+
+ /**
+ * Send an SMTP RSET command.
+ * Abort any transaction that is currently in progress.
+ * Implements rfc 821: RSET
+ * @access public
+ * @return boolean True on success.
+ */
+ public function reset()
+ {
+ return $this->sendCommand('RSET', 'RSET', 250);
+ }
+
+ /**
+ * Send a command to an SMTP server and check its return code.
+ * @param string $command The command name - not sent to the server
+ * @param string $commandstring The actual command to send
+ * @param integer|array $expect One or more expected integer success codes
+ * @access protected
+ * @return boolean True on success.
+ */
+ protected function sendCommand($command, $commandstring, $expect)
+ {
+ if (!$this->connected()) {
+ $this->setError("Called $command without being connected");
+ return false;
+ }
+ $this->client_send($commandstring . self::CRLF);
+
+ $this->last_reply = $this->get_lines();
+ // Fetch SMTP code and possible error code explanation
+ $matches = array();
+ if (preg_match("/^([0-9]{3})[ -](?:([0-9]\\.[0-9]\\.[0-9]) )?/", $this->last_reply, $matches)) {
+ $code = $matches[1];
+ $code_ex = (count($matches) > 2 ? $matches[2] : null);
+ // Cut off error code from each response line
+ $detail = preg_replace(
+ "/{$code}[ -]".($code_ex ? str_replace('.', '\\.', $code_ex).' ' : '')."/m",
+ '',
+ $this->last_reply
+ );
+ } else {
+ // Fall back to simple parsing if regex fails
+ $code = substr($this->last_reply, 0, 3);
+ $code_ex = null;
+ $detail = substr($this->last_reply, 4);
+ }
+
+ $this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER);
+
+ if (!in_array($code, (array)$expect)) {
+ $this->setError(
+ "$command command failed",
+ $detail,
+ $code,
+ $code_ex
+ );
+ $this->edebug(
+ 'SMTP ERROR: ' . $this->error['error'] . ': ' . $this->last_reply,
+ self::DEBUG_CLIENT
+ );
+ return false;
+ }
+
+ $this->setError('');
+ return true;
+ }
+
+ /**
+ * Send an SMTP SAML command.
+ * Starts a mail transaction from the email address specified in $from.
+ * Returns true if successful or false otherwise. If True
+ * the mail transaction is started and then one or more recipient
+ * commands may be called followed by a data command. This command
+ * will send the message to the users terminal if they are logged
+ * in and send them an email.
+ * Implements rfc 821: SAML FROM:
+ * @param string $from The address the message is from
+ * @access public
+ * @return boolean
+ */
+ public function sendAndMail($from)
+ {
+ return $this->sendCommand('SAML', "SAML FROM:$from", 250);
+ }
+
+ /**
+ * Send an SMTP VRFY command.
+ * @param string $name The name to verify
+ * @access public
+ * @return boolean
+ */
+ public function verify($name)
+ {
+ return $this->sendCommand('VRFY', "VRFY $name", array(250, 251));
+ }
+
+ /**
+ * Send an SMTP NOOP command.
+ * Used to keep keep-alives alive, doesn't actually do anything
+ * @access public
+ * @return boolean
+ */
+ public function noop()
+ {
+ return $this->sendCommand('NOOP', 'NOOP', 250);
+ }
+
+ /**
+ * Send an SMTP TURN command.
+ * This is an optional command for SMTP that this class does not support.
+ * This method is here to make the RFC821 Definition complete for this class
+ * and _may_ be implemented in future
+ * Implements from rfc 821: TURN
+ * @access public
+ * @return boolean
+ */
+ public function turn()
+ {
+ $this->setError('The SMTP TURN command is not implemented');
+ $this->edebug('SMTP NOTICE: ' . $this->error['error'], self::DEBUG_CLIENT);
+ return false;
+ }
+
+ /**
+ * Send raw data to the server.
+ * @param string $data The data to send
+ * @access public
+ * @return integer|boolean The number of bytes sent to the server or false on error
+ */
+ public function client_send($data)
+ {
+ $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
+ return fwrite($this->smtp_conn, $data);
+ }
+
+ /**
+ * Get the latest error.
+ * @access public
+ * @return array
+ */
+ public function getError()
+ {
+ return $this->error;
+ }
+
+ /**
+ * Get SMTP extensions available on the server
+ * @access public
+ * @return array|null
+ */
+ public function getServerExtList()
+ {
+ return $this->server_caps;
+ }
+
+ /**
+ * A multipurpose method
+ * The method works in three ways, dependent on argument value and current state
+ * 1. HELO/EHLO was not sent - returns null and set up $this->error
+ * 2. HELO was sent
+ * $name = 'HELO': returns server name
+ * $name = 'EHLO': returns boolean false
+ * $name = any string: returns null and set up $this->error
+ * 3. EHLO was sent
+ * $name = 'HELO'|'EHLO': returns server name
+ * $name = any string: if extension $name exists, returns boolean True
+ * or its options. Otherwise returns boolean False
+ * In other words, one can use this method to detect 3 conditions:
+ * - null returned: handshake was not or we don't know about ext (refer to $this->error)
+ * - false returned: the requested feature exactly not exists
+ * - positive value returned: the requested feature exists
+ * @param string $name Name of SMTP extension or 'HELO'|'EHLO'
+ * @return mixed
+ */
+ public function getServerExt($name)
+ {
+ if (!$this->server_caps) {
+ $this->setError('No HELO/EHLO was sent');
+ return null;
+ }
+
+ // the tight logic knot ;)
+ if (!array_key_exists($name, $this->server_caps)) {
+ if ($name == 'HELO') {
+ return $this->server_caps['EHLO'];
+ }
+ if ($name == 'EHLO' || array_key_exists('EHLO', $this->server_caps)) {
+ return false;
+ }
+ $this->setError('HELO handshake was used. Client knows nothing about server extensions');
+ return null;
+ }
+
+ return $this->server_caps[$name];
+ }
+
+ /**
+ * Get the last reply from the server.
+ * @access public
+ * @return string
+ */
+ public function getLastReply()
+ {
+ return $this->last_reply;
+ }
+
+ /**
+ * Read the SMTP server's response.
+ * Either before eof or socket timeout occurs on the operation.
+ * With SMTP we can tell if we have more lines to read if the
+ * 4th character is '-' symbol. If it is a space then we don't
+ * need to read anything else.
+ * @access protected
+ * @return string
+ */
+ protected function get_lines()
+ {
+ // If the connection is bad, give up straight away
+ if (!is_resource($this->smtp_conn)) {
+ return '';
+ }
+ $data = '';
+ $endtime = 0;
+ stream_set_timeout($this->smtp_conn, $this->Timeout);
+ if ($this->Timelimit > 0) {
+ $endtime = time() + $this->Timelimit;
+ }
+ while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) {
+ $str = @fgets($this->smtp_conn, 515);
+ $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
+ $this->edebug("SMTP -> get_lines(): \$str is \"$str\"", self::DEBUG_LOWLEVEL);
+ $data .= $str;
+ // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
+ if ((isset($str[3]) and $str[3] == ' ')) {
+ break;
+ }
+ // Timed-out? Log and break
+ $info = stream_get_meta_data($this->smtp_conn);
+ if ($info['timed_out']) {
+ $this->edebug(
+ 'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)',
+ self::DEBUG_LOWLEVEL
+ );
+ break;
+ }
+ // Now check if reads took too long
+ if ($endtime and time() > $endtime) {
+ $this->edebug(
+ 'SMTP -> get_lines(): timelimit reached ('.
+ $this->Timelimit . ' sec)',
+ self::DEBUG_LOWLEVEL
+ );
+ break;
+ }
+ }
+ return $data;
+ }
+
+ /**
+ * Enable or disable VERP address generation.
+ * @param boolean $enabled
+ */
+ public function setVerp($enabled = false)
+ {
+ $this->do_verp = $enabled;
+ }
+
+ /**
+ * Get VERP address generation mode.
+ * @return boolean
+ */
+ public function getVerp()
+ {
+ return $this->do_verp;
+ }
+
+ /**
+ * Set error messages and codes.
+ * @param string $message The error message
+ * @param string $detail Further detail on the error
+ * @param string $smtp_code An associated SMTP error code
+ * @param string $smtp_code_ex Extended SMTP code
+ */
+ protected function setError($message, $detail = '', $smtp_code = '', $smtp_code_ex = '')
+ {
+ $this->error = array(
+ 'error' => $message,
+ 'detail' => $detail,
+ 'smtp_code' => $smtp_code,
+ 'smtp_code_ex' => $smtp_code_ex
+ );
+ }
+
+ /**
+ * Set debug output method.
+ * @param string|callable $method The name of the mechanism to use for debugging output, or a callable to handle it.
+ */
+ public function setDebugOutput($method = 'echo')
+ {
+ $this->Debugoutput = $method;
+ }
+
+ /**
+ * Get debug output method.
+ * @return string
+ */
+ public function getDebugOutput()
+ {
+ return $this->Debugoutput;
+ }
+
+ /**
+ * Set debug output level.
+ * @param integer $level
+ */
+ public function setDebugLevel($level = 0)
+ {
+ $this->do_debug = $level;
+ }
+
+ /**
+ * Get debug output level.
+ * @return integer
+ */
+ public function getDebugLevel()
+ {
+ return $this->do_debug;
+ }
+
+ /**
+ * Set SMTP timeout.
+ * @param integer $timeout
+ */
+ public function setTimeout($timeout = 0)
+ {
+ $this->Timeout = $timeout;
+ }
+
+ /**
+ * Get SMTP timeout.
+ * @return integer
+ */
+ public function getTimeout()
+ {
+ return $this->Timeout;
+ }
+}
diff --git a/functions/PHPMailer/composer.json b/functions/PHPMailer/composer.json
new file mode 100644
index 0000000..b13fd50
--- /dev/null
+++ b/functions/PHPMailer/composer.json
@@ -0,0 +1,44 @@
+{
+ "name": "phpmailer/phpmailer",
+ "type": "library",
+ "description": "PHPMailer is a full-featured email creation and transfer class for PHP",
+ "authors": [
+ {
+ "name": "Marcus Bointon",
+ "email": "phpmailer@synchromedia.co.uk"
+ },
+ {
+ "name": "Jim Jagielski",
+ "email": "jimjag@gmail.com"
+ },
+ {
+ "name": "Andy Prevost",
+ "email": "codeworxtech@users.sourceforge.net"
+ },
+ {
+ "name": "Brent R. Matzelle"
+ }
+ ],
+ "require": {
+ "php": ">=5.0.0"
+ },
+ "require-dev": {
+ "phpdocumentor/phpdocumentor": "*",
+ "phpunit/phpunit": "4.7.*"
+ },
+ "suggest": {
+ "league/oauth2-client": "Needed for Gmail's XOAUTH2 authentication system"
+ },
+ "autoload": {
+ "classmap": [
+ "class.phpmailer.php",
+ "class.phpmaileroauth.php",
+ "class.phpmaileroauthgoogle.php",
+ "class.smtp.php",
+ "class.pop3.php",
+ "extras/EasyPeasyICS.php",
+ "extras/ntlm_sasl_client.php"
+ ]
+ },
+ "license": "LGPL-2.1"
+}
\ No newline at end of file
diff --git a/functions/adLDAP/CHANGELOG.txt b/functions/adLDAP/CHANGELOG.txt
new file mode 100644
index 0000000..604e4f7
--- /dev/null
+++ b/functions/adLDAP/CHANGELOG.txt
@@ -0,0 +1,139 @@
+adLDAP - PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+
+Written by Scott Barnett, Richard Hyland
+email: scott@wiggumworld.com, adldap@richardhyland.com
+http://adldap.sourceforge.net/
+
+
+CHANGELOG
+-------------------------------------------------------------------------------------------
+
+Version 4.0.4
+-------------
+[+] New Feature: Ability to delete a group $adldap->group()->delete($groupName);
+[+] New Feature: #30 Add magic __isset method to adLDAPCollection
+[-] Feature Change: #34 A better recursiveGroups() implementation
+[-] Feature Change: Changed $adldap->user()->getLastLogon from using the lastLogin attribute to lastLogonTimestamp. The difference between the two is detailed here http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
+[-] Bug Fix: $adldap->user()->getLastLogon('mySAMAccountName') produced a PHP error 'Non-static method adLDAPUtils::convertWindowsTimeToUnixTime() should not be called statically'
+[-] Bug Fix: #29 $includeDescription broken in adLDAPContacts->all()
+[-] Bug Fix: #25 exchange->createMailbox typo in $storageGroup variable null checking
+[-] Bug Fix: #25 exchange->createMailbox Call to undefined method adLDAPExchange::utilities()
+[-] Bug Fix: #27 Case mismatch on an array key in the folder()->create()
+[-] Bug Fix: Typo in $adldap->contact()->contactMailEnable() for email address so that the function wouldn't work as intended
+[-] Bug Fix: $adldap->folder->create() typo would have failed to create the folder correctly
+[-] Bug Fix: Some uninitialized variable warnings quashed for PHP Strict Mode
+[-] Bug Fix: Ensure a connection is established before calling ldap_close in __destruct()
+[-] Bug Fix: #32 undefined offset in getPrimaryGroup()
+[-] Bug Fix: #31 Non-recursive group()->members method sometimes does not work
+
+Version 4.0.3
+-------------
+[+] New feature: Added support for homephone attribute to the adLDAP schema
+[+] New feature: Added getLastLogon($username) to the user model to return a Unix timestamp for the last logon of a user
+[-] Bug fix: Change strGuidToHex to public function to prevent errors when used with $isGUID = true
+[-] Bug fix: user()->find() function would cause an undefined array error if full error reporting was enabled
+[-] Bug fix: #11 If the array "$this->info[0][strtolower($attribute)]" contains a key with 0 (zero), it does not add to the array
+[-] Bug fix: #22 Typo in adLDAPFolders for listings
+
+Version 4.0.2
+-------------
+[-] Bug fix: #16 Typo Error in adLDAPGroups.php could cause an error when PHP strict mode error reporting enabled
+[-] Bug fix: #18 Typo in adLDAPContacts.php affecting info and infoCollection functions failing
+
+Version 4.0.1
+-------------
+[+] New feature: #13 allow binding over SASL where supported
+[+] New feature: #12 new $adldap->user()->find() function to find users by searching specific fields
+[+] New feature: exchange_altrecipient and exchange_deliverandredirect added to adldap_schema
+[-] Bug fix: $adldap->user()->usernameToGuid() function had invalid parameter in ldap_search function
+[-] Bug fix: #9 When a password change is attempted but fails due to the configured Active Directory Password Policy. Instead of the error an Exception is thrown.
+[-] Bug fix: #10 PHP Warning issued for missing array element. Assumes that element ["count"] exists which does not when the login only has one AD group.
+[-] Bug fix: #8 The ou_create function was giving naming violation errors
+[-] Bug fix: adldap_schema errors from the version 4.0 changes
+
+Version 4.0.0
+-------------
+[+] New feature: Version 4 is a complete re-write of the class and is backwards incompatible with version 3 and below. Groups, users, contacts, etc have been seperated into seperate classes and can be called like this $adldap->user()->modify(); or $adldap->group()->create();
+
+Version 3.3.2
+-------------
+[+] New feature: Move the user to a new OU using user_move() function
+[-] Bug fix: Prevent an 'undefined index' error in recursive_groups() when full PHP E_ALL logging is enabled
+[-] Bug fix: user_groups() does not return primary group when objectsid is not given (Tracker ID:2931213)
+[-] Bug fix: Undefined index in function user_info for non-existent users (Tracker ID:2922729)
+[-] Bug fix: Force user_info to find objectCategory of person as if a sAMAccountName also exists in a group it will return that group. (Tracker ID:3006096)
+[-] Bug fix: Return false for user_info if the user does not exist
+[-] Bug fix: user_info, checks for for a "count" value that not exist in $entries array if "memberof" isn't passed in $fields array. (Tracker ID:2993172)
+[-] Bug fix: In authenticate() if user authentication fails function returns and does not rebind with admin credentials - so the other funcions don't work anymore as $this->_bind === false. (Tracker ID:2987887)
+[-] Bug fix: When calling $ldap->user_modify('user', array("expires"=>0)) the function fails due to the value being 0. Changed to isset (Tracker ID:3036726)
+[-] Bug fix: When calling user_info allow the username to be either a sAMAccountName or userPrincipalName attribute
+
+
+Version 3.3.1
+-------------
+[-] Bug fix: Prevent empty $username and $password in authenticate from falling through to the default administrator login
+
+Version 3.3
+-----------
+
+[+] New feature: Calling adLDAP without LDAP support in PHP will now throw an adLDAPException
+[+] New feature: Specifying a NULL $_base_dn will now automatically attempt to detect the base_dn from your domain controller
+[+] New feature: Most user objects can now be queried using a user's GUID as well as their username (samAccountName). Set the $isGUID optional parameter to true. To obtain a user's GUID either use the username2guid() function or decodeGuid()
+[+] New function: username2guid($username) will return a string representation of the GUID for a given username
+[+] New function: decodeGuid($binaryGuid) will convert a binary GUID to a string
+[+] New function: find_base_dn() will return the base_dn from your domain controller
+[+] New function: get_root_dse($attributes) will return root domain controller configuration attributes such as the default naming context, current DC time, etc
+[+] New function: exchange_servers($attributes) will return a list of Exchange servers in your domain
+[+] New function: exchange_storage_groups($exchangeServer, $attributes, $recursive) will return a list of Storage groups on any given Exchange server. Setting $recursive to true (or inheriting from the $_recursive_groups setting will automatically query the databases within a storage group)
+[+] New function: exchange_storage_databases($storageGroup, $attributes) will return a list of Databases in any given storage group on any given Exchange server
+[+] New function: exchange_add_X400($username, $country, $admd, $pdmd, $org, $surname, $givenname, $isGUID=false) will add an X400 address to the Exchange server
+[-] Bug fix: Null comparison error in contact_mailenable()
+
+Version 3.2
+-----------
+
+[+] New function: user_password_expiry($username) which will return the timestamp and formatted time of when a user's password expires based both on domain policy and user password expiry policy
+[+] New function: groups_in_group($group, $recursive = NULL) returns a list of groups within a group
+[+] New function: all_groups() function to list ALL types of group rather than just security groups alone
+[+] New function: folder_list($folder_name = NULL, $dn_type = ADLDAP_FOLDER, $recursive = NULL, $type = NULL) allows you to navigate the AD folder structure
+[+] New function: computer_ingroup()
+[+] New function: computer_groups()
+[+] New function: connect()
+[+] New function: disconnect()
+[+] New feature: Added recursive group lookups to group_members() to recursively get the username of users in a group
+[+] New feature: TLS support
+[+] New feature: Added getters and setters for core variables
+[-] Change: Renamed all_groups() to all_security_groups()
+[-] Change: Re-written ldap_slashes() function based on a port from Per's Net::LDAP::Util escape_filter_value
+[-] Bug fix: Attempt to deal with special char + in group_info()
+[-] Bug fix: user_ingroup() would not allow recursion to be disabled using the $recursive parameter and would only inherit from $_recursive_groups variable
+[-] Bug fix: Runtime overriding of $recursive group lookups failed due to changes in PHP 5.2
+
+
+Version 3.1
+-----------
+
+[+] New function: get_last_error() returns the last error returned by your domain controller
+[+] New feature: Automatically detect and encode 8bit characters when being added to an AD object
+[+] New feature: Exception handing added for connections or attempting methods that require SSL where it is not set
+[+] New feature: Added pager to the schema
+[+] New feature: New method to obtain a user's or contacts primary group that is far less intensive using get_primary_group(). The old group_cn() is now deprecated
+[-] Change: Only return primary group memberof if a user or contact is returned
+[-] Bug fix: Contact could not be added to a group
+[-] Bug fix: bool2str() function caused exchange mailbox creation to fail
+
+
+Version 3.0
+-----------
+
+[+] New function: user_delete()
+[+] New feature: Source code comments totally overhauled
+[+] New feature: Configuration options and functions now have their visibility defined. adLDAP is now PHP 5 compatible only.
+[+] New feature: Exchange mailbox creation for users
+[+] New feature: Add new SMTP addresses to a user
+[+] New feature: Change the default SMTP address for a user
+[+] New feature: Remove an SMTP address for a user
+[+] New feature: Mail enable a contact
+[+] New feature: Create, query, delete contacts
+[+] New feature: Enable or disable a user with user_enable() or user_disable()
+[-] Bug fix: Disabling a user did not work
\ No newline at end of file
diff --git a/functions/adLDAP/LICENCE.txt b/functions/adLDAP/LICENCE.txt
new file mode 100644
index 0000000..2661dc2
--- /dev/null
+++ b/functions/adLDAP/LICENCE.txt
@@ -0,0 +1,457 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
diff --git a/functions/adLDAP/README.txt b/functions/adLDAP/README.txt
new file mode 100644
index 0000000..d4a2907
--- /dev/null
+++ b/functions/adLDAP/README.txt
@@ -0,0 +1,74 @@
+PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+Version 4.0.4
+
+Written by Scott Barnett, Richard Hyland
+email: scott@wiggumworld.com, adldap@richardhyland.com
+http://adldap.sourceforge.net/
+
+ABOUT
+=====
+
+adLDAP is a PHP class that provides LDAP authentication and integration with Active Directory.
+
+We'd appreciate any improvements or additions to be submitted back
+to benefit the entire community :)
+
+REQUIREMENTS
+============
+
+adLDAP requires PHP 5 and both the LDAP (http://php.net/ldap) and SSL (http://php.net/openssl) libraries
+
+INSTALLATION
+============
+
+adLDAP is not an application, but a class library designed to integrate into your own applications.
+
+The core of adLDAP is contained in the 'src' directory. Simply copy/rename this directory inside your own
+projects.
+
+Edit the file 'src/adLDAP.php' and change the configuration variables near the top, specifically
+those for domain controllers, base dn and account suffix, and if you want to perform anything more complex
+than use authentication you'll also need to set the admin username and password variables too.
+
+From within your code simply require the adLDAP.php file and call it like so
+
+require_once(dirname(__FILE__) . '/adLDAP.php');
+$adldap = new adLDAP();
+
+It would be better to wrap it in a try/catch though
+
+try {
+ $adldap = new adLDAP();
+}
+catch (adLDAPException $e) {
+ echo $e;
+ exit();
+}
+
+Then simply call commands against it e.g.
+
+$adldap->authenticate($username, $password);
+
+or
+
+$adldap->group()->members($groupName);
+
+DOCUMENTATION
+=============
+
+You can find our website at http://adldap.sourceforce.net or the class documentation at
+
+http://adldap.sourceforge.net/wiki/doku.php?id=documentation
+
+LICENSE
+=======
+
+This library is free software; you can redistribute it and/or modify it under the terms of the
+GNU Lesser General Public License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+See the GNU Lesser General Public License for more details or LICENSE.txt distributed with
+this class.
+
diff --git a/functions/adLDAP/src/adLDAP.php b/functions/adLDAP/src/adLDAP.php
new file mode 100644
index 0000000..2d3eb3b
--- /dev/null
+++ b/functions/adLDAP/src/adLDAP.php
@@ -0,0 +1,972 @@
+ldapConnection) {
+ return $this->ldapConnection;
+ }
+ return false;
+ }
+
+ /**
+ * Get the bind status
+ *
+ * @return bool
+ */
+ public function getLdapBind() {
+ return $this->ldapBind;
+ }
+
+ /**
+ * Get the current base DN
+ *
+ * @return string
+ */
+ public function getBaseDn() {
+ return $this->baseDn;
+ }
+
+ /**
+ * The group class
+ *
+ * @var adLDAPGroups
+ */
+ protected $groupClass;
+
+ /**
+ * Get the group class interface
+ *
+ * @return adLDAPGroups
+ */
+ public function group() {
+ if (!$this->groupClass) {
+ $this->groupClass = new adLDAPGroups($this);
+ }
+ return $this->groupClass;
+ }
+
+ /**
+ * The user class
+ *
+ * @var adLDAPUsers
+ */
+ protected $userClass;
+
+ /**
+ * Get the userclass interface
+ *
+ * @return adLDAPUsers
+ */
+ public function user() {
+ if (!$this->userClass) {
+ $this->userClass = new adLDAPUsers($this);
+ }
+ return $this->userClass;
+ }
+
+ /**
+ * The folders class
+ *
+ * @var adLDAPFolders
+ */
+ protected $folderClass;
+
+ /**
+ * Get the folder class interface
+ *
+ * @return adLDAPFolders
+ */
+ public function folder() {
+ if (!$this->folderClass) {
+ $this->folderClass = new adLDAPFolders($this);
+ }
+ return $this->folderClass;
+ }
+
+ /**
+ * The utils class
+ *
+ * @var adLDAPUtils
+ */
+ protected $utilClass;
+
+ /**
+ * Get the utils class interface
+ *
+ * @return adLDAPUtils
+ */
+ public function utilities() {
+ if (!$this->utilClass) {
+ $this->utilClass = new adLDAPUtils($this);
+ }
+ return $this->utilClass;
+ }
+
+ /**
+ * The contacts class
+ *
+ * @var adLDAPContacts
+ */
+ protected $contactClass;
+
+ /**
+ * Get the contacts class interface
+ *
+ * @return adLDAPContacts
+ */
+ public function contact() {
+ if (!$this->contactClass) {
+ $this->contactClass = new adLDAPContacts($this);
+ }
+ return $this->contactClass;
+ }
+
+ /**
+ * The exchange class
+ *
+ * @var adLDAPExchange
+ */
+ protected $exchangeClass;
+
+ /**
+ * Get the exchange class interface
+ *
+ * @return adLDAPExchange
+ */
+ public function exchange() {
+ if (!$this->exchangeClass) {
+ $this->exchangeClass = new adLDAPExchange($this);
+ }
+ return $this->exchangeClass;
+ }
+
+ /**
+ * The computers class
+ *
+ * @var adLDAPComputers
+ */
+ protected $computersClass;
+
+ /**
+ * Get the computers class interface
+ *
+ * @return adLDAPComputers
+ */
+ public function computer() {
+ if (!$this->computerClass) {
+ $this->computerClass = new adLDAPComputers($this);
+ }
+ return $this->computerClass;
+ }
+
+ /**
+ * Getters and Setters
+ */
+
+ /**
+ * Set the account suffix
+ *
+ * @param string $accountSuffix
+ * @return void
+ */
+ public function setAccountSuffix($accountSuffix)
+ {
+ $this->accountSuffix = $accountSuffix;
+ }
+
+ /**
+ * Get the account suffix
+ *
+ * @return string
+ */
+ public function getAccountSuffix()
+ {
+ return $this->accountSuffix;
+ }
+
+ /**
+ * Set the domain controllers array
+ *
+ * @param array $domainControllers
+ * @return void
+ */
+ public function setDomainControllers(array $domainControllers)
+ {
+ $this->domainControllers = $domainControllers;
+ }
+
+ /**
+ * Get the list of domain controllers
+ *
+ * @return void
+ */
+ public function getDomainControllers()
+ {
+ return $this->domainControllers;
+ }
+
+ /**
+ * Sets the port number your domain controller communicates over
+ *
+ * @param int $adPort
+ */
+ public function setPort($adPort)
+ {
+ $this->adPort = $adPort;
+ }
+
+ /**
+ * Gets the port number your domain controller communicates over
+ *
+ * @return int
+ */
+ public function getPort()
+ {
+ return $this->adPort;
+ }
+
+ /**
+ * Set the username of an account with higher priviledges
+ *
+ * @param string $adminUsername
+ * @return void
+ */
+ public function setAdminUsername($adminUsername)
+ {
+ $this->adminUsername = $adminUsername;
+ }
+
+ /**
+ * Get the username of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminUsername()
+ {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set the password of an account with higher priviledges
+ *
+ * @param string $adminPassword
+ * @return void
+ */
+ public function setAdminPassword($adminPassword)
+ {
+ $this->adminPassword = $adminPassword;
+ }
+
+ /**
+ * Get the password of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminPassword()
+ {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set whether to detect the true primary group
+ *
+ * @param bool $realPrimaryGroup
+ * @return void
+ */
+ public function setRealPrimaryGroup($realPrimaryGroup)
+ {
+ $this->realPrimaryGroup = $realPrimaryGroup;
+ }
+
+ /**
+ * Get the real primary group setting
+ *
+ * @return bool
+ */
+ public function getRealPrimaryGroup()
+ {
+ return $this->realPrimaryGroup;
+ }
+
+ /**
+ * Set whether to use SSL
+ *
+ * @param bool $useSSL
+ * @return void
+ */
+ public function setUseSSL($useSSL)
+ {
+ $this->useSSL = $useSSL;
+ // Set the default port correctly
+ if ($this->useSSL) {
+ $this->setPort(self::ADLDAP_LDAPS_PORT);
+ } else {
+ $this->setPort(self::ADLDAP_LDAP_PORT);
+ }
+ }
+
+ /**
+ * Get the SSL setting
+ *
+ * @return bool
+ */
+ public function getUseSSL()
+ {
+ return $this->useSSL;
+ }
+
+ /**
+ * Set whether to use TLS
+ *
+ * @param bool $useTLS
+ * @return void
+ */
+ public function setUseTLS($useTLS)
+ {
+ $this->useTLS = $useTLS;
+ }
+
+ /**
+ * Get the TLS setting
+ *
+ * @return bool
+ */
+ public function getUseTLS()
+ {
+ return $this->useTLS;
+ }
+
+ /**
+ * Set whether to use SSO
+ * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
+ *
+ * @param bool $useSSO
+ * @return void
+ */
+ public function setUseSSO($useSSO)
+ {
+ if ($useSSO === true && !$this->ldapSaslSupported()) {
+ throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind');
+ }
+ $this->useSSO = $useSSO;
+ }
+
+ /**
+ * Get the SSO setting
+ *
+ * @return bool
+ */
+ public function getUseSSO()
+ {
+ return $this->useSSO;
+ }
+
+ /**
+ * Set whether to lookup recursive groups
+ *
+ * @param bool $recursiveGroups
+ * @return void
+ */
+ public function setRecursiveGroups($recursiveGroups)
+ {
+ $this->recursiveGroups = $recursiveGroups;
+ }
+
+ /**
+ * Get the recursive groups setting
+ *
+ * @return bool
+ */
+ public function getRecursiveGroups()
+ {
+ return $this->recursiveGroups;
+ }
+
+
+ /**
+ * Set the openLDAP to true/false
+ *
+ * @return boolean|null
+ */
+ public function setUseOpenLDAP($useOpenLDAP)
+ {
+ $this->openLDAP = $useOpenLDAP;
+ }
+
+ /**
+ * Default Constructor
+ *
+ * Tries to bind to the AD domain over LDAP or LDAPs
+ *
+ * @param array $options Array of options to pass to the constructor
+ * @throws Exception - if unable to bind to Domain Controller
+ * @return bool
+ */
+ function __construct($options = array()) {
+ // You can specifically overide any of the default configuration options setup above
+ if (count($options) > 0) {
+ if (array_key_exists("account_suffix", $options)) { $this->accountSuffix = $options["account_suffix"]; }
+ if (array_key_exists("base_dn", $options)) { $this->baseDn = $options["base_dn"]; }
+ if (array_key_exists("domain_controllers", $options)) {
+ if (!is_array($options["domain_controllers"])) {
+ throw new adLDAPException('[domain_controllers] option must be an array');
+ }
+ $this->domainControllers = $options["domain_controllers"];
+ }
+ if (array_key_exists("admin_username", $options)) { $this->adminUsername = $options["admin_username"]; }
+ if (array_key_exists("admin_password", $options)) { $this->adminPassword = $options["admin_password"]; }
+ if (array_key_exists("real_primarygroup", $options)) { $this->realPrimaryGroup = $options["real_primarygroup"]; }
+ if (array_key_exists("use_ssl", $options)) { $this->setUseSSL($options["use_ssl"]); }
+ if (array_key_exists("use_tls", $options)) { $this->useTLS = $options["use_tls"]; }
+ if (array_key_exists("recursive_groups", $options)) { $this->recursiveGroups = $options["recursive_groups"]; }
+ if (array_key_exists("ad_port", $options)) { $this->setPort($options["ad_port"]); }
+ if (array_key_exists("sso", $options)) {
+ $this->setUseSSO($options["sso"]);
+ if (!$this->ldapSaslSupported()) {
+ $this->setUseSSO(false);
+ }
+ }
+ }
+
+ if ($this->ldapSupported() === false) {
+ throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap');
+ }
+
+ return $this->connect();
+ }
+
+ /**
+ * Default Destructor
+ *
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ function __destruct() {
+ $this->close();
+ }
+
+ /**
+ * Connects and Binds to the Domain Controller
+ *
+ * @return bool
+ */
+ public function connect()
+ {
+ // Connect to the AD/LDAP server as the username/password
+ $domainController = $this->randomController();
+ if ($this->useSSL) {
+ $this->ldapConnection = ldap_connect("ldaps://".$domainController, $this->adPort);
+ } else {
+ $this->ldapConnection = ldap_connect($domainController, $this->adPort);
+ }
+
+ // Set some ldap options for talking to AD
+ ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
+
+ if ($this->useTLS) {
+ ldap_start_tls($this->ldapConnection);
+ }
+
+ // Bind as a domain admin if they've set it up
+ if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername.$this->accountSuffix, $this->adminPassword);
+ if (!$this->ldapBind) {
+ if ($this->useSSL && !$this->useTLS) {
+ // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
+ throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: '.$this->getLastError());
+ }
+ else {
+ throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: '.$this->getLastError());
+ }
+ }
+ }
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=".$_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind) {
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: '.$this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+
+ if ($this->baseDn == NULL) {
+ $this->baseDn = $this->findBaseDn();
+ }
+
+ return true;
+ }
+
+ /**
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ public function close() {
+ if ($this->ldapConnection) {
+ @ldap_close($this->ldapConnection);
+ }
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $preventRebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ // Prevent null binding
+ if ($username === NULL || $password === NULL) { return false; }
+ if (empty($username) || empty($password)) { return false; }
+
+ // Allow binding over SSO for Kerberos
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=".$_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind) {
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: '.$this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+ // Bind as the user
+ $ret = true;
+
+ //OpenLDAP?
+ if ($this->openLDAP == true) { $this->ldapBind = @ldap_bind($this->ldapConnection, "uid=".$username.$this->accountSuffix, $password); }
+ else { $this->ldapBind = @ldap_bind($this->ldapConnection, $username.$this->accountSuffix, $password); }
+
+ if (!$this->ldapBind) {
+ $ret = false;
+ }
+
+ // Cnce we've checked their details, kick back into admin mode if we have it
+ if ($this->adminUsername !== NULL && !$preventRebind) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername.$this->accountSuffix, $this->adminPassword);
+ if (!$this->ldapBind) {
+ // This should never happen in theory
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: '.$this->getLastError());
+ }
+ }
+
+ return $ret;
+ }
+
+ /**
+ * Find the Base DN of your domain controller
+ *
+ * @return string
+ */
+ public function findBaseDn()
+ {
+ $namingContext = $this->getRootDse(array('defaultnamingcontext'));
+ return $namingContext[0]['defaultnamingcontext'][0];
+ }
+
+ /**
+ * Get the RootDSE properties from a domain controller
+ *
+ * @param string[] $attributes The attributes you wish to query e.g. defaultnamingcontext
+ * @return array
+ */
+ public function getRootDse($attributes = array("*", "+")) {
+ if (!$this->ldapBind) { return (false); }
+
+ $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
+ $entries = @ldap_get_entries($this->ldapConnection, $sr);
+ return $entries;
+ }
+
+ /**
+ * Get last error from Active Directory
+ *
+ * This function gets the last message from Active Directory
+ * This may indeed be a 'Success' message but if you get an unknown error
+ * it might be worth calling this function to see what errors were raised
+ *
+ * return string
+ */
+ public function getLastError() {
+ return @ldap_error($this->ldapConnection);
+ }
+
+ /**
+ * Detect LDAP support in php
+ *
+ * @return bool
+ */
+ protected function ldapSupported()
+ {
+ if (!function_exists('ldap_connect')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Detect ldap_sasl_bind support in PHP
+ *
+ * @return bool
+ */
+ protected function ldapSaslSupported()
+ {
+ if (!function_exists('ldap_sasl_bind')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Schema
+ *
+ * @param array $attributes Attributes to be queried
+ * @return array
+ */
+ public function adldap_schema($attributes) {
+
+ // LDAP doesn't like NULL attributes, only set them if they have values
+ // If you wish to remove an attribute you should set it to a space
+ // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+ $mod = array();
+
+ // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+ array_walk($attributes, array($this, 'encode8bit'));
+
+ if ($attributes["address_city"]) { $mod["l"][0] = $attributes["address_city"]; }
+ if ($attributes["address_code"]) { $mod["postalCode"][0] = $attributes["address_code"]; }
+ //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+ if ($attributes["address_country"]) { $mod["c"][0] = $attributes["address_country"]; }
+ if ($attributes["address_pobox"]) { $mod["postOfficeBox"][0] = $attributes["address_pobox"]; }
+ if ($attributes["address_state"]) { $mod["st"][0] = $attributes["address_state"]; }
+ if ($attributes["address_street"]) { $mod["streetAddress"][0] = $attributes["address_street"]; }
+ if ($attributes["company"]) { $mod["company"][0] = $attributes["company"]; }
+ if ($attributes["change_password"]) { $mod["pwdLastSet"][0] = 0; }
+ if ($attributes["department"]) { $mod["department"][0] = $attributes["department"]; }
+ if ($attributes["description"]) { $mod["description"][0] = $attributes["description"]; }
+ if ($attributes["display_name"]) { $mod["displayName"][0] = $attributes["display_name"]; }
+ if ($attributes["email"]) { $mod["mail"][0] = $attributes["email"]; }
+ if ($attributes["expires"]) { $mod["accountExpires"][0] = $attributes["expires"]; } //unix epoch format?
+ if ($attributes["firstname"]) { $mod["givenName"][0] = $attributes["firstname"]; }
+ if ($attributes["home_directory"]) { $mod["homeDirectory"][0] = $attributes["home_directory"]; }
+ if ($attributes["home_drive"]) { $mod["homeDrive"][0] = $attributes["home_drive"]; }
+ if ($attributes["initials"]) { $mod["initials"][0] = $attributes["initials"]; }
+ if ($attributes["logon_name"]) { $mod["userPrincipalName"][0] = $attributes["logon_name"]; }
+ if ($attributes["manager"]) { $mod["manager"][0] = $attributes["manager"]; } //UNTESTED ***Use DistinguishedName***
+ if ($attributes["office"]) { $mod["physicalDeliveryOfficeName"][0] = $attributes["office"]; }
+ if ($attributes["password"]) { $mod["unicodePwd"][0] = $this->user()->encodePassword($attributes["password"]); }
+ if ($attributes["profile_path"]) { $mod["profilepath"][0] = $attributes["profile_path"]; }
+ if ($attributes["script_path"]) { $mod["scriptPath"][0] = $attributes["script_path"]; }
+ if ($attributes["surname"]) { $mod["sn"][0] = $attributes["surname"]; }
+ if ($attributes["title"]) { $mod["title"][0] = $attributes["title"]; }
+ if ($attributes["telephone"]) { $mod["telephoneNumber"][0] = $attributes["telephone"]; }
+ if ($attributes["mobile"]) { $mod["mobile"][0] = $attributes["mobile"]; }
+ if ($attributes["pager"]) { $mod["pager"][0] = $attributes["pager"]; }
+ if ($attributes["ipphone"]) { $mod["ipphone"][0] = $attributes["ipphone"]; }
+ if ($attributes["web_page"]) { $mod["wWWHomePage"][0] = $attributes["web_page"]; }
+ if ($attributes["fax"]) { $mod["facsimileTelephoneNumber"][0] = $attributes["fax"]; }
+ if ($attributes["enabled"]) { $mod["userAccountControl"][0] = $attributes["enabled"]; }
+ if ($attributes["homephone"]) { $mod["homephone"][0] = $attributes["homephone"]; }
+
+ // Distribution List specific schema
+ if ($attributes["group_sendpermission"]) { $mod["dlMemSubmitPerms"][0] = $attributes["group_sendpermission"]; }
+ if ($attributes["group_rejectpermission"]) { $mod["dlMemRejectPerms"][0] = $attributes["group_rejectpermission"]; }
+
+ // Exchange Schema
+ if ($attributes["exchange_homemdb"]) { $mod["homeMDB"][0] = $attributes["exchange_homemdb"]; }
+ if ($attributes["exchange_mailnickname"]) { $mod["mailNickname"][0] = $attributes["exchange_mailnickname"]; }
+ if ($attributes["exchange_proxyaddress"]) { $mod["proxyAddresses"][0] = $attributes["exchange_proxyaddress"]; }
+ if ($attributes["exchange_usedefaults"]) { $mod["mDBUseDefaults"][0] = $attributes["exchange_usedefaults"]; }
+ if ($attributes["exchange_policyexclude"]) { $mod["msExchPoliciesExcluded"][0] = $attributes["exchange_policyexclude"]; }
+ if ($attributes["exchange_policyinclude"]) { $mod["msExchPoliciesIncluded"][0] = $attributes["exchange_policyinclude"]; }
+ if ($attributes["exchange_addressbook"]) { $mod["showInAddressBook"][0] = $attributes["exchange_addressbook"]; }
+ if ($attributes["exchange_altrecipient"]) { $mod["altRecipient"][0] = $attributes["exchange_altrecipient"]; }
+ if ($attributes["exchange_deliverandredirect"]) { $mod["deliverAndRedirect"][0] = $attributes["exchange_deliverandredirect"]; }
+
+ // This schema is designed for contacts
+ if ($attributes["exchange_hidefromlists"]) { $mod["msExchHideFromAddressLists"][0] = $attributes["exchange_hidefromlists"]; }
+ if ($attributes["contact_email"]) { $mod["targetAddress"][0] = $attributes["contact_email"]; }
+
+ //echo ("
"); print_r($mod);
+ /*
+ // modifying a name is a bit fiddly
+ if ($attributes["firstname"] && $attributes["surname"]){
+ $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ }
+ */
+
+ if (count($mod) == 0) { return (false); }
+ return ($mod);
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ protected function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i = 0; $i < strlen($item); $i++) {
+ if (ord($item[$i]) >> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Select a random domain controller from your domain controller array
+ *
+ * @return string
+ */
+ protected function randomController()
+ {
+ mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+ /*if (sizeof($this->domainControllers) > 1) {
+ $adController = $this->domainControllers[array_rand($this->domainControllers)];
+ // Test if the controller is responding to pings
+ $ping = $this->pingController($adController);
+ if ($ping === false) {
+ // Find the current key in the domain controllers array
+ $key = array_search($adController, $this->domainControllers);
+ // Remove it so that we don't end up in a recursive loop
+ unset($this->domainControllers[$key]);
+ // Select a new controller
+ return $this->randomController();
+ }
+ else {
+ return ($adController);
+ }
+ } */
+ return $this->domainControllers[array_rand($this->domainControllers)];
+ }
+
+ /**
+ * Test basic connectivity to controller
+ *
+ * @return bool
+ */
+ protected function pingController($host) {
+ $port = $this->adPort;
+ fsockopen($host, $port, $errno, $errstr, 10);
+ if ($errno > 0) {
+ return false;
+ }
+ return true;
+ }
+
+}
+
+/**
+* adLDAP Exception Handler
+*
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+* $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+* echo $e;
+* exit();
+* }
+*/
+class adLDAPException extends Exception {}
+
+?>
\ No newline at end of file
diff --git a/functions/adLDAP/src/classes/adLDAPComputers.php b/functions/adLDAP/src/classes/adLDAPComputers.php
new file mode 100644
index 0000000..dc6a566
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPComputers.php
@@ -0,0 +1,153 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Get information about a specific computer. Returned in a raw array format from AD
+ *
+ * @param string $computerName The name of the computer
+ * @param array $fields Attributes to return
+ * @return array
+ */
+ public function info($computerName, $fields = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = "(&(objectClass=computer)(cn=".$computerName."))";
+ if ($fields === NULL) {
+ $fields = array("memberof", "cn", "displayname", "dnshostname", "distinguishedname", "objectcategory", "operatingsystem", "operatingsystemservicepack", "operatingsystemversion");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ return $entries;
+ }
+
+ /**
+ * Find information about the computers. Returned in a raw array format from AD
+ *
+ * @param string $computerName The name of the computer
+ * @param array $fields Array of parameters to query
+ * @return mixed
+ */
+ public function infoCollection($computerName, $fields = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($computerName, $fields);
+
+ if ($info !== false) {
+ $collection = new adLDAPComputerCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Check if a computer is in a group
+ *
+ * @param string $computerName The name of the computer
+ * @param string $group The group to check
+ * @param bool $recursive Whether to check recursively
+ * @return boolean
+ */
+ public function inGroup($computerName, $group, $recursive = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
+
+ //get a list of the groups
+ $groups = $this->groups($computerName, array("memberof"), $recursive);
+
+ //return true if the specified group is in the group list
+ if (in_array($group, $groups)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Get the groups a computer is in
+ *
+ * @param string $computerName The name of the computer
+ * @param bool $recursive Whether to check recursively
+ * @return array
+ */
+ public function groups($computerName, $recursive = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ //search the directory for their information
+ $info = @$this->info($computerName, array("memberof", "primarygroupid"));
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+ if ($recursive === true) {
+ foreach ($groups as $id => $groupName) {
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+}
+?>
\ No newline at end of file
diff --git a/functions/adLDAP/src/classes/adLDAPContacts.php b/functions/adLDAP/src/classes/adLDAPContacts.php
new file mode 100644
index 0000000..416e25b
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPContacts.php
@@ -0,0 +1,294 @@
+adldap = $adldap;
+ }
+
+ //*****************************************************************************************************************
+ // CONTACT FUNCTIONS
+ // * Still work to do in this area, and new functions to write
+
+ /**
+ * Create a contact
+ *
+ * @param array $attributes The attributes to set to the contact
+ * @return string|boolean
+ */
+ public function create($attributes)
+ {
+ // Check for compulsory fields
+ if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
+ if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+ if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+ // Translate the schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ // Additional stuff only used for adding contacts
+ $add["cn"][0] = $attributes["display_name"];
+ $add["objectclass"][0] = "top";
+ $add["objectclass"][1] = "person";
+ $add["objectclass"][2] = "organizationalPerson";
+ $add["objectclass"][3] = "contact";
+ if (!isset($attributes['exchange_hidefromlists'])) {
+ $add["msExchHideFromAddressLists"][0] = "TRUE";
+ }
+
+ // Determine the container
+ $attributes["container"] = array_reverse($attributes["container"]);
+ $container = "OU=".implode(",OU=", $attributes["container"]);
+
+ // Add the entry
+ $result = @ldap_add($this->adldap->getLdapConnection(), "CN=".$this->adldap->utilities()->escapeCharacters($add["cn"][0]).", ".$container.",".$this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Determine the list of groups a contact is a member of
+ *
+ * @param string $distinguishedName The full DN of a contact
+ * @param bool $recursive Recursively check groups
+ * @return array
+ */
+ public function groups($distinguishedName, $recursive = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Search the directory for their information
+ $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
+
+ if ($recursive === true) {
+ foreach ($groups as $id => $groupName) {
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * Get contact information. Returned in a raw array format from AD
+ *
+ * @param string $distinguishedName The full DN of a contact
+ * @param array $fields Attributes to be returned
+ * @return array
+ */
+ public function info($distinguishedName, $fields = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = "distinguishedName=".$distinguishedName;
+ if ($fields === NULL) {
+ $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if ($entries[0]['count'] >= 1) {
+ // AD does not return the primary group in the ldap query, we may need to fudge it
+ if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])) {
+ //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+ $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+ } else {
+ $entries[0]["memberof"][] = "CN=Domain Users,CN=Users,".$this->adldap->getBaseDn();
+ }
+ }
+
+ $entries[0]["memberof"]["count"]++;
+ return $entries;
+ }
+
+ /**
+ * Find information about the contacts. Returned in a raw array format from AD
+ *
+ * @param string $distinguishedName The full DN of a contact
+ * @param array $fields Array of parameters to query
+ * @return mixed
+ */
+ public function infoCollection($distinguishedName, $fields = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($distinguishedName, $fields);
+
+ if ($info !== false) {
+ $collection = new adLDAPContactCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if a contact is a member of a group
+ *
+ * @param string $distinguisedName The full DN of a contact
+ * @param string $group The group name to query
+ * @param bool $recursive Recursively check groups
+ * @return bool
+ */
+ public function inGroup($distinguisedName, $group, $recursive = NULL)
+ {
+ if ($distinguisedName === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+
+ // Get a list of the groups
+ $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
+
+ // Return true if the specified group is in the group list
+ if (in_array($group, $groups)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Modify a contact
+ *
+ * @param string $distinguishedName The contact to query
+ * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
+ * @return string|boolean
+ */
+ public function modify($distinguishedName, $attributes) {
+ if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod) {
+ return false;
+ }
+
+ // Do the update
+ $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Delete a contact
+ *
+ * @param string $distinguishedName The contact dn to delete (please be careful here!)
+ * @return boolean
+ */
+ public function delete($distinguishedName)
+ {
+ $result = $this->folder()->delete($distinguishedName);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Return a list of all contacts
+ *
+ * @param bool $includeDescription Include a description of a contact
+ * @param string $search The search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $filter = "(&(objectClass=contact)(cn=".$search."))";
+ $fields = array("displayname", "distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i = 0; $i < $entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+ $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
+ } elseif ($includeDescription) {
+ $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
+ } else {
+ array_push($usersArray, $entries[$i]["distinguishedname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return $usersArray;
+ }
+
+ /**
+ * Mail enable a contact
+ * Allows email to be sent to them through Exchange
+ *
+ * @param string $distinguishedName The contact to mail enable
+ * @param string $emailAddress The email address to allow emails to be sent through
+ * @param string $mailNickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
+ * @return string|boolean
+ */
+ public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL) {
+ return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
+ }
+
+
+}
+?>
diff --git a/functions/adLDAP/src/classes/adLDAPExchange.php b/functions/adLDAP/src/classes/adLDAPExchange.php
new file mode 100644
index 0000000..fdd2b7f
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPExchange.php
@@ -0,0 +1,387 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Create an Exchange account
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+ * If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+ * @param string $emailAddress The primary email address to add to this user
+ * @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used
+ * @param bool $useDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+ * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return string|boolean
+ */
+ public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname = NULL, $useDefaults = TRUE, $baseDn = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
+ if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
+ if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+
+ if ($baseDn === NULL) {
+ $baseDn = $this->adldap->getBaseDn();
+ }
+
+ $container = "CN=".implode(",CN=", $storageGroup);
+
+ if ($mailNickname === NULL) {
+ $mailNickname = $username;
+ }
+ $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
+
+ $attributes = array(
+ 'exchange_homemdb'=>$container.",".$baseDn,
+ 'exchange_proxyaddress'=>'SMTP:'.$emailAddress,
+ 'exchange_mailnickname'=>$mailNickname,
+ 'exchange_usedefaults'=>$mdbUseDefaults
+ );
+ $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add an X400 address to Exchange
+ * See http://tools.ietf.org/html/rfc1685 for more information.
+ * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+ *
+ * @param string $username The username of the user to add the X400 to to
+ * @param string $country Country
+ * @param string $admd Administration Management Domain
+ * @param string $pdmd Private Management Domain (often your AD domain)
+ * @param string $org Organization
+ * @param string $surname Surname
+ * @param string $givenName Given name
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return string|boolean
+ */
+ public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false)
+ {
+ if ($username === NULL){ return "Missing compulsory field [username]"; }
+
+ $proxyValue = 'X400:';
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ // We do not have to demote an email address from the default so we can just add the new proxy address
+ $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
+
+ // Translate the update to the LDAP schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ if (!$add) { return false; }
+
+ // Do the update
+ // Take out the @ to see any errors, usually this error might occur because the address already
+ // exists in the list of proxyAddresses
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Add an address to Exchange
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to add to this user
+ * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return string|boolean
+ */
+ public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ $proxyValue = 'smtp:';
+ if ($default === true) {
+ $proxyValue = 'SMTP:';
+ }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL){ return false; }
+ $userDn = $user[0]["dn"];
+
+ // We need to scan existing proxy addresses and demote the default one
+ if (is_array($user[0]["proxyaddresses"]) && $default === true) {
+ $modAddresses = array();
+ for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ } else {
+ // We do not have to demote an email address from the default so we can just add the new proxy address
+ $attributes['exchange_proxyaddress'] = $proxyValue.$emailAddress;
+
+ // Translate the update to the LDAP schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ if (!$add) {
+ return false;
+ }
+
+ // Do the update
+ // Take out the @ to see any errors, usually this error might occur because the address already
+ // exists in the list of proxyAddresses
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+ }
+
+ /**
+ * Remove an address to Exchange
+ * If you remove a default address the account will no longer have a default,
+ * we recommend changing the default address first
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to add to this user
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return string|boolean
+ */
+ public function deleteAddress($username, $emailAddress, $isGUID=false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ if (is_array($user[0]["proxyaddresses"])) {
+ $mod = array();
+ for ($i=0;$iadldap->getLdapConnection(), $userDn,$mod);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ } else {
+ return false;
+ }
+ }
+ /**
+ * Change the default address
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to make default
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function primaryAddress($username, $emailAddress, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL){ return false; }
+ $userDn = $user[0]["dn"];
+
+ if (is_array($user[0]["proxyaddresses"])) {
+ $modAddresses = array();
+ for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ }
+
+ /**
+ * Mail enable a contact
+ * Allows email to be sent to them through Exchange
+ *
+ * @param string $distinguishedName The contact to mail enable
+ * @param string $emailAddress The email address to allow emails to be sent through
+ * @param string $mailNickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
+ * @return string|boolean
+ */
+ public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
+ {
+ if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+
+ if ($mailNickname !== NULL) {
+ // Find the dn of the user
+ $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
+ if ($user[0]["displayname"] === NULL) { return false; }
+ $mailNickname = $user[0]['displayname'][0];
+ }
+
+ $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod) { return false; }
+
+ // Do the update
+ $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+ *
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @return array
+ */
+ public function servers($attributes = array('cn','distinguishedname','serialnumber'))
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ return $entries;
+ }
+
+ /**
+ * Returns a list of Storage Groups in Exchange for a given mail server
+ *
+ * @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @param bool $recursive If enabled this will automatically query the databases within a storage group
+ * @return array
+ */
+ public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
+
+ $filter = '(&(objectCategory=msExchStorageGroup))';
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if ($recursive === true) {
+ for ($i = 0; $i < $entries['count']; $i++) {
+ $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);
+ }
+ }
+
+ return $entries;
+ }
+
+ /**
+ * Returns a list of Databases within any given storage group in Exchange for a given mail server
+ *
+ * @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @return array
+ */
+ public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
+
+ $filter = '(&(objectCategory=msExchPrivateMDB))';
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ return $entries;
+ }
+}
+?>
\ No newline at end of file
diff --git a/functions/adLDAP/src/classes/adLDAPFolders.php b/functions/adLDAP/src/classes/adLDAPFolders.php
new file mode 100644
index 0000000..67b1474
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPFolders.php
@@ -0,0 +1,179 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Delete a distinguished name from Active Directory
+ * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+ *
+ * @param string $dn The distinguished name to delete
+ * @return bool
+ */
+ public function delete($dn){
+ $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a folder listing for a specific OU
+ * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+ *
+ * @param array $folderName An array to the OU you wish to list.
+ * If set to NULL will list the root, strongly recommended to set
+ * $recursive to false in that instance!
+ * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+ * @param bool $recursive Recursively search sub folders
+ * @param bool $type Specify a type of object to search for
+ * @return array
+ */
+ public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL)
+ {
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = '(&';
+ if ($type !== NULL) {
+ switch ($type) {
+ case 'contact':
+ $filter .= '(objectClass=contact)';
+ break;
+ case 'computer':
+ $filter .= '(objectClass=computer)';
+ break;
+ case 'group':
+ $filter .= '(objectClass=group)';
+ break;
+ case 'folder':
+ $filter .= '(objectClass=organizationalUnit)';
+ break;
+ case 'container':
+ $filter .= '(objectClass=container)';
+ break;
+ case 'domain':
+ $filter .= '(objectClass=builtinDomain)';
+ break;
+ default:
+ $filter .= '(objectClass=user)';
+ break;
+ }
+ }
+ else {
+ $filter .= '(objectClass=*)';
+ }
+ // If the folder name is null then we will search the root level of AD
+ // This requires us to not have an OU= part, just the base_dn
+ $searchOu = $this->adldap->getBaseDn();
+ if (is_array($folderName)) {
+ $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
+ $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
+ $searchOu = $ou . ',' . $this->adldap->getBaseDn();
+ }
+ else {
+ $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
+ }
+
+ if ($recursive === true) {
+ $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (is_array($entries)) {
+ return $entries;
+ }
+ }
+ else {
+ $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (is_array($entries)) {
+ return $entries;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Create an organizational unit
+ *
+ * @param array $attributes Default attributes of the ou
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ if (!is_array($attributes)){ return "Attributes must be an array"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+ if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
+ if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
+
+ $attributes["container"] = array_reverse($attributes["container"]);
+
+ $add=array();
+ $add["objectClass"] = "organizationalUnit";
+ $add["OU"] = $attributes['ou_name'];
+ $containers = "";
+ if (count($attributes['container']) > 0) {
+ $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
+ }
+
+ $containers = "OU=" . implode(",OU=", $attributes["container"]);
+ $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+
+ return true;
+ }
+
+}
+
+?>
\ No newline at end of file
diff --git a/functions/adLDAP/src/classes/adLDAPGroups.php b/functions/adLDAP/src/classes/adLDAPGroups.php
new file mode 100644
index 0000000..94bc048
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPGroups.php
@@ -0,0 +1,631 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Add a group to a group
+ *
+ * @param string $parent The parent group name
+ * @param string $child The child group name
+ * @return bool
+ */
+ public function addGroup($parent,$child){
+
+ // Find the parent group's dn
+ $parentGroup = $this->ginfo($parent, array("cn"));
+ if ($parentGroup[0]["dn"] === NULL){
+ return false;
+ }
+ $parentDn = $parentGroup[0]["dn"];
+
+ // Find the child group's dn
+ $childGroup = $this->info($child, array("cn"));
+ if ($childGroup[0]["dn"] === NULL){
+ return false;
+ }
+ $childDn = $childGroup[0]["dn"];
+
+ $add = array();
+ $add["member"] = $childDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add a user to a group
+ *
+ * @param string $group The group to add the user to
+ * @param string $user The user to add to the group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addUser($group, $user, $isGUID = false)
+ {
+ // Adding a user is a bit fiddly, we need to get the full DN of the user
+ // and add it using the full DN of the group
+
+ // Find the user's dn
+ $userDn = $this->adldap->user()->dn($user, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ // Find the group's dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $add = array();
+ $add["member"] = $userDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add a contact to a group
+ *
+ * @param string $group The group to add the contact to
+ * @param string $contactDn The DN of the contact to add
+ * @return bool
+ */
+ public function addContact($group, $contactDn)
+ {
+ // To add a contact we take the contact's DN
+ // and add it using the full DN of the group
+
+ // Find the group's dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $add = array();
+ $add["member"] = $contactDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Create a group
+ *
+ * @param array $attributes Default attributes of the group
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ if (!is_array($attributes)){ return "Attributes must be an array"; }
+ if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
+ if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+ if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
+ if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+ $attributes["container"] = array_reverse($attributes["container"]);
+
+ //$member_array = array();
+ //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+ //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+
+ $add = array();
+ $add["cn"] = $attributes["group_name"];
+ $add["samaccountname"] = $attributes["group_name"];
+ $add["objectClass"] = "Group";
+ $add["description"] = $attributes["description"];
+ //$add["member"] = $member_array; UNTESTED
+
+ $container = "OU=" . implode(",OU=", $attributes["container"]);
+ $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Delete a group account
+ *
+ * @param string $group The group to delete (please be careful here!)
+ *
+ * @return array
+ */
+ public function delete($group) {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($group === null){ return "Missing compulsory field [group]"; }
+
+ $groupInfo = $this->info($group, array("*"));
+ $dn = $groupInfo[0]['distinguishedname'][0];
+ $result = $this->adldap->folder()->delete($dn);
+ if ($result !== true) {
+ return false;
+ } return true;
+ }
+
+ /**
+ * Remove a group from a group
+ *
+ * @param string $parent The parent group name
+ * @param string $child The child group name
+ * @return bool
+ */
+ public function removeGroup($parent , $child)
+ {
+
+ // Find the parent dn
+ $parentGroup = $this->info($parent, array("cn"));
+ if ($parentGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $parentDn = $parentGroup[0]["dn"];
+
+ // Find the child dn
+ $childGroup = $this->info($child, array("cn"));
+ if ($childGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $childDn = $childGroup[0]["dn"];
+
+ $del = array();
+ $del["member"] = $childDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a user from a group
+ *
+ * @param string $group The group to remove a user from
+ * @param string $user The AD user to remove from the group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function removeUser($group, $user, $isGUID = false)
+ {
+
+ // Find the parent dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL){
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ // Find the users dn
+ $userDn = $this->adldap->user()->dn($user, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ $del = array();
+ $del["member"] = $userDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a contact from a group
+ *
+ * @param string $group The group to remove a user from
+ * @param string $contactDn The DN of a contact to remove from the group
+ * @return bool
+ */
+ public function removeContact($group, $contactDn)
+ {
+
+ // Find the parent dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $del = array();
+ $del["member"] = $contactDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Return a list of groups in a group
+ *
+ * @param string $group The group to query
+ * @param bool $recursive Recursively get groups
+ * @return array
+ */
+ public function inGroup($group, $recursive = NULL)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+
+ // Search the directory for the members of a group
+ $info = $this->info($group, array("member","cn"));
+ $groups = $info[0]["member"];
+ if (!is_array($groups)) {
+ return false;
+ }
+
+ $groupArray = array();
+
+ for ($i=0; $i<$groups["count"]; $i++){
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+ $fields = array("samaccountname", "distinguishedname", "objectClass");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // not a person, look for a group
+ if ($entries['count'] == 0 && $recursive == true) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+ $fields = array("distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (!isset($entries[0]['distinguishedname'][0])) {
+ continue;
+ }
+ $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);
+ if (is_array($subGroups)) {
+ $groupArray = array_merge($groupArray, $subGroups);
+ $groupArray = array_unique($groupArray);
+ }
+ continue;
+ }
+
+ $groupArray[] = $entries[0]['distinguishedname'][0];
+ }
+ return $groupArray;
+ }
+
+ /**
+ * Return a list of members in a group
+ *
+ * @param string $group The group to query
+ * @param bool $recursive Recursively get group members
+ * @return array
+ */
+ public function members($group, $recursive = NULL)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+ // Search the directory for the members of a group
+ $info = $this->info($group, array("member","cn"));
+ $users = $info[0]["member"];
+ if (!is_array($users)) {
+ return false;
+ }
+
+ $userArray = array();
+
+ for ($i=0; $i<$users["count"]; $i++){
+ $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+ $fields = array("samaccountname", "distinguishedname", "objectClass");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // not a person, look for a group
+ if ($entries['count'] == 0 && $recursive == true) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+ $fields = array("samaccountname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (!isset($entries[0]['samaccountname'][0])) {
+ continue;
+ }
+ $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);
+ if (is_array($subUsers)) {
+ $userArray = array_merge($userArray, $subUsers);
+ $userArray = array_unique($userArray);
+ }
+ continue;
+ }
+ else if ($entries['count'] == 0) {
+ continue;
+ }
+
+ if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
+ $userArray[] = $entries[0]['distinguishedname'][0];
+ }
+ else if ($entries[0]['samaccountname'][0] !== NULL) {
+ $userArray[] = $entries[0]['samaccountname'][0];
+ }
+ }
+ return $userArray;
+ }
+
+ /**
+ * Group Information. Returns an array of raw information about a group.
+ * The group name is case sensitive
+ *
+ * @param string $groupName The group name to retrieve info about
+ * @param array $fields Fields to retrieve
+ * @return array
+ */
+ public function info($groupName, $fields = NULL)
+ {
+ if ($groupName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ if (stristr($groupName, '+')) {
+ $groupName = stripslashes($groupName);
+ }
+
+ $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
+ if ($fields === NULL) {
+ $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ return $entries;
+ }
+
+ /**
+ * Group Information. Returns an collection
+ * The group name is case sensitive
+ *
+ * @param string $groupName The group name to retrieve info about
+ * @param array $fields Fields to retrieve
+ * @return adLDAPGroupCollection
+ */
+ public function infoCollection($groupName, $fields = NULL)
+ {
+ if ($groupName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($groupName, $fields);
+ if ($info !== false) {
+ $collection = new adLDAPGroupCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Return a complete list of "groups in groups"
+ *
+ * @param string $group The group to get the list from
+ * @return array
+ */
+ public function recursiveGroups($group)
+ {
+ if ($group === NULL) { return false; }
+
+ $stack = array();
+ $processed = array();
+ $retGroups = array();
+
+ array_push($stack, $group); // Initial Group to Start with
+ while (count($stack) > 0) {
+ $parent = array_pop($stack);
+ array_push($processed, $parent);
+
+ $info = $this->info($parent, array("memberof"));
+
+ if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
+ $groups = $info[0]["memberof"];
+ if ($groups) {
+ $groupNames = $this->adldap->utilities()->niceNames($groups);
+ $retGroups = array_merge($retGroups, $groupNames); //final groups to return
+ foreach ($groupNames as $id => $groupName) {
+ if (!in_array($groupName, $processed)) {
+ array_push($stack, $groupName);
+ }
+ }
+ }
+ }
+ }
+
+ return $retGroups;
+ }
+
+ /**
+ * Returns a complete list of the groups in AD based on a SAM Account Type
+ *
+ * @param string $sAMAaccountType The account type to return
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = '(&(objectCategory=group)';
+ if ($sAMAaccountType !== null) {
+ $filter .= '(samaccounttype='. $sAMAaccountType .')';
+ }
+ $filter .= '(cn=' . $search . '))';
+ // Perform the search and grab all their details
+ $fields = array("samaccountname", "description");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $groupsArray = array();
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
+ $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
+ }
+ else if ($includeDescription){
+ $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ }
+ else {
+ array_push($groupsArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($groupsArray);
+ }
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of all groups in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true){
+ $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of security groups in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
+ $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of distribution lists in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
+ $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Coping with AD not returning the primary group
+ * http://support.microsoft.com/?kbid=321360
+ *
+ * This is a re-write based on code submitted by Bruce which prevents the
+ * need to search each security group to find the true primary group
+ *
+ * @param string $gid Group ID
+ * @param string $usersid User's Object SID
+ * @return mixed
+ */
+ public function getPrimaryGroup($gid, $usersid)
+ {
+ if ($gid === NULL || $usersid === NULL) { return false; }
+ $sr = false;
+
+ $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
+ $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
+ $fields = array("samaccountname","distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if (isset($entries[0]['distinguishedname'][0])) {
+ return $entries[0]['distinguishedname'][0];
+ }
+ return false;
+ }
+
+ /**
+ * Coping with AD not returning the primary group
+ * http://support.microsoft.com/?kbid=321360
+ *
+ * For some reason it's not possible to search on primarygrouptoken=XXX
+ * If someone can show otherwise, I'd like to know about it :)
+ * this way is resource intensive and generally a pain in the @#%^
+ *
+ * @deprecated deprecated since version 3.1, see get get_primary_group
+ * @param string $gid Group ID
+ * @return string
+ */
+ public function cn($gid){
+ if ($gid === NULL) { return false; }
+ $sr = false;
+ $r = '';
+
+ $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
+ $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($entries[$i]["primarygrouptoken"][0] == $gid) {
+ $r = $entries[$i]["distinguishedname"][0];
+ $i = $entries["count"];
+ }
+ }
+
+ return $r;
+ }
+}
+?>
diff --git a/functions/adLDAP/src/classes/adLDAPUsers.php b/functions/adLDAP/src/classes/adLDAPUsers.php
new file mode 100644
index 0000000..8a63318
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPUsers.php
@@ -0,0 +1,688 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $prevent_rebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ return $this->adldap->authenticate($username, $password, $preventRebind);
+ }
+
+ /**
+ * Create a user
+ *
+ * If you specify a password here, this can only be performed over SSL
+ *
+ * @param array $attributes The attributes to set to the user account
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ // Check for compulsory fields
+ if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
+ if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
+ if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
+ if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
+ if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+ if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+
+ if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){
+ throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ if (!array_key_exists("display_name", $attributes)) {
+ $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"];
+ }
+
+ // Translate the schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ // Additional stuff only used for adding accounts
+ $add["cn"][0] = $attributes["display_name"];
+ $add["samaccountname"][0] = $attributes["username"];
+ $add["objectclass"][0] = "top";
+ $add["objectclass"][1] = "person";
+ $add["objectclass"][2] = "organizationalPerson";
+ $add["objectclass"][3] = "user"; //person?
+ //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+ // Set the account control attribute
+ $control_options = array("NORMAL_ACCOUNT");
+ if (!$attributes["enabled"]) {
+ $control_options[] = "ACCOUNTDISABLE";
+ }
+ $add["userAccountControl"][0] = $this->accountControl($control_options);
+
+ // Determine the container
+ $attributes["container"] = array_reverse($attributes["container"]);
+ $container = "OU=" . implode(", OU=",$attributes["container"]);
+
+ // Add the entry
+ $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Account control options
+ *
+ * @param array $options The options to convert to int
+ * @return int
+ */
+ protected function accountControl($options)
+ {
+ $val=0;
+
+ if (is_array($options)) {
+ if (in_array("SCRIPT",$options)){ $val=$val+1; }
+ if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
+ if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
+ if (in_array("LOCKOUT",$options)){ $val=$val+16; }
+ if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
+ //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+ //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+ if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
+ if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
+ if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
+ if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
+ if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
+ if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
+ if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+ if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
+ if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
+ if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
+ if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
+ if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
+ if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; }
+ if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
+ if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
+ }
+ return $val;
+ }
+
+ /**
+ * Delete a user account
+ *
+ * @param string $username The username to delete (please be careful here!)
+ * @param bool $isGUID Is the username a GUID or a samAccountName
+ * @return array
+ */
+ public function delete($username, $isGUID = false)
+ {
+ $userinfo = $this->info($username, array("*"), $isGUID);
+ $dn = $userinfo[0]['distinguishedname'][0];
+ $result = $this->adldap->folder()->delete($dn);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Groups the user is a member of
+ *
+ * @param string $username The username to query
+ * @param bool $recursive Recursive list of groups
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return array
+ */
+ public function groups($username, $recursive = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Search the directory for their information
+ $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+ if ($recursive === true){
+ foreach ($groups as $id => $groupName){
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * Find information about the users. Returned in a raw array format from AD
+ *
+ * @param string $username The username to query
+ * @param array $fields Array of parameters to query
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return array
+ */
+ public function info($username, $fields = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ if ($isGUID === true) {
+ $username = $this->adldap->utilities()->strGuidToHex($username);
+ $filter = "objectguid=" . $username;
+ }
+ else if (strstr($username, "@")) {
+ $filter = "userPrincipalName=" . $username;
+ }
+ else {
+ $filter = ($type == "NetIQ")? "cn=" . $username:"samaccountname=" . $username;
+ }
+ $filter = ($type == "NetIQ")? "(&(objectClass=person)({$filter}))":"(&(objectCategory=person)({$filter}))";
+ if ($fields === NULL) {
+ $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid");
+ }
+ if (!in_array("objectsid", $fields)) {
+ $fields[] = "objectsid";
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if($type == "NetIQ" && sizeof(@$entries)>0 && isset($entries)) {
+ foreach($entries as $key => $u) {
+ @$entries[@$key]['displayname'] = $u['fullname'];
+ @$entries[@$key]['samaccountname'] = $u['cn'];
+ }
+ }
+ if (isset($entries[0])) {
+ if ($entries[0]['count'] >= 1) {
+ if (in_array("memberof", $fields)) {
+ // AD does not return the primary group in the ldap query, we may need to fudge it
+ if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
+ //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+ $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+ } else {
+ $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+ }
+ if (!isset($entries[0]["memberof"]["count"])) {
+ $entries[0]["memberof"]["count"] = 0;
+ }
+ $entries[0]["memberof"]["count"]++;
+ }
+ }
+
+ return $entries;
+ }
+ return false;
+ }
+
+ /**
+ * Find information about the users. Returned in a raw array format from AD
+ *
+ * @param string $username The username to query
+ * @param array $fields Array of parameters to query
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return mixed
+ */
+ public function infoCollection($username, $fields = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($username, $fields, $isGUID);
+
+ if ($info !== false) {
+ $collection = new adLDAPUserCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if a user is in a specific group
+ *
+ * @param string $username The username to query
+ * @param string $group The name of the group to check against
+ * @param bool $recursive Check groups recursively
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+
+ // Get a list of the groups
+ $groups = $this->groups($username, $recursive, $isGUID);
+
+ // Return true if the specified group is in the group list
+ if (in_array($group, $groups)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Determine a user's password expiry date
+ *
+ * @param string $username The username to query
+ * @param book $isGUID Is the username passed a GUID or a samAccountName
+ * @requires bcmath http://www.php.net/manual/en/book.bc.php
+ * @return array
+ */
+ public function passwordExpiry($username, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
+
+ $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+ $pwdLastSet = $userInfo[0]['pwdlastset'][0];
+ $status = array();
+
+ if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
+ // Password does not expire
+ return "Does not expire";
+ }
+ if ($pwdLastSet === '0') {
+ // Password has already expired
+ return "Password has expired";
+ }
+
+ // Password expiry in AD can be calculated from TWO values:
+ // - User's own pwdLastSet attribute: stores the last time the password was changed
+ // - Domain's maxPwdAge attribute: how long passwords last in the domain
+ //
+ // Although Microsoft chose to use a different base and unit for time measurements.
+ // This function will convert them to Unix timestamps
+ $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
+ if (!$sr) {
+ return false;
+ }
+ $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ $maxPwdAge = $info[0]['maxpwdage'][0];
+
+
+ // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+ //
+ // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC),
+ // stored in a 64 bit integer.
+ //
+ // The number of seconds between this date and Unix epoch is 11644473600.
+ //
+ // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+ // intervals from the time the password was set before the password expires.
+ //
+ // We also need to scale this to seconds but also this value is a _negative_ quantity!
+ //
+ // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+ //
+ // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+ // BCMath functions to work with arbitrary precision numbers.
+ if (bcmod($maxPwdAge, 4294967296) === '0') {
+ return "Domain does not expire passwords";
+ }
+
+ // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+ // time units. Because maxpwd age is negative we need to subtract it.
+ $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
+
+ // Convert MS's time to Unix time
+ $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
+ $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
+
+ return $status;
+ }
+
+ /**
+ * Modify a user
+ *
+ * @param string $username The username to query
+ * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function modify($username, $attributes, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
+ throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ // Find the dn of the user
+ $userDn = $this->dn($username, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod && !array_key_exists("enabled", $attributes)){
+ return false;
+ }
+
+ // Set the account control attribute (only if specified)
+ if (array_key_exists("enabled", $attributes)){
+ if ($attributes["enabled"]){
+ $controlOptions = array("NORMAL_ACCOUNT");
+ }
+ else {
+ $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE");
+ }
+ $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
+ }
+
+ // Do the update
+ $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Disable a user account
+ *
+ * @param string $username The username to disable
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function disable($username, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ $attributes = array("enabled" => 0);
+ $result = $this->modify($username, $attributes, $isGUID);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Enable a user account
+ *
+ * @param string $username The username to enable
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function enable($username, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ $attributes = array("enabled" => 1);
+ $result = $this->modify($username, $attributes, $isGUID);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Set the password of a user - This must be performed over SSL
+ *
+ * @param string $username The username to modify
+ * @param string $password The new password
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function password($username, $password, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if ($password === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
+ throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ $userDn = $this->dn($username, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ $add=array();
+ $add["unicodePwd"][0] = $this->encodePassword($password);
+
+ $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result === false){
+ $err = ldap_errno($this->adldap->getLdapConnection());
+ if ($err) {
+ $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
+ if($err == 53) {
+ $msg .= ' Your password might not match the password policy.';
+ }
+ throw new adLDAPException($msg);
+ }
+ else {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Encode a password for transmission over LDAP
+ *
+ * @param string $password The password to encode
+ * @return string
+ */
+ public function encodePassword($password)
+ {
+ $password="\"".$password."\"";
+ $encoded="";
+ for ($i=0; $i info($username, array("cn"), $isGUID);
+ if ($user[0]["dn"] === NULL) {
+ return false;
+ }
+ $userDn = $user[0]["dn"];
+ return $userDn;
+ }
+
+ /**
+ * Return a list of all users in AD
+ *
+ * @param bool $includeDescription Return a description of the user
+ * @param string $search Search parameter
+ * @param bool $sorted Sort the user accounts
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true)
+ {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
+ $fields = array("samaccountname","displayname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+ } elseif ($includeDescription){
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ } else {
+ array_push($usersArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return $usersArray;
+ }
+
+ /**
+ * Converts a username (samAccountName) to a GUID
+ *
+ * @param string $username The username to query
+ * @return string
+ */
+ public function usernameToGuid($username)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($username === null){ return "Missing compulsory field [username]"; }
+
+ $filter = "samaccountname=" . $username;
+ $fields = array("objectGUID");
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) {
+ $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr);
+ $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID');
+ $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);
+ return $strGUID;
+ }
+ return false;
+ }
+
+ /**
+ * Return a list of all users in AD that have a specific value in a field
+ *
+ * @param bool $includeDescription Return a description of the user
+ * @param string $searchField Field to search search for
+ * @param string $searchFilter Value to search for in the specified field
+ * @param bool $sorted Sort the user accounts
+ * @return array
+ */
+ public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ // Perform the search and grab all their details
+ $searchParams = "";
+ if ($searchField) {
+ $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
+ }
+ $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
+ $fields = array("samaccountname","displayname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i < $entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+ }
+ else if ($includeDescription) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ }
+ else {
+ array_push($usersArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted){
+ asort($usersArray);
+ }
+ return ($usersArray);
+ }
+
+ /**
+ * Move a user account to a different OU
+ *
+ * @param string $username The username to move (please be careful here!)
+ * @param array $container The container or containers to move the user to (please be careful here!).
+ * accepts containers in 1. parent 2. child order
+ * @return array
+ */
+ public function move($username, $container)
+ {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($username === null) { return "Missing compulsory field [username]"; }
+ if ($container === null) { return "Missing compulsory field [container]"; }
+ if (!is_array($container)) { return "Container must be an array"; }
+
+ $userInfo = $this->info($username, array("*"));
+ $dn = $userInfo[0]['distinguishedname'][0];
+ $newRDn = "cn=" . $username;
+ $container = array_reverse($container);
+ $newContainer = "ou=" . implode(",ou=",$container);
+ $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
+ $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
+ if ($result !== true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Get the last logon time of any user as a Unix timestamp
+ *
+ * @param string $username
+ * @return long $unixTimestamp
+ */
+ public function getLastLogon($username) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($username === null) { return "Missing compulsory field [username]"; }
+ $userInfo = $this->info($username, array("lastLogonTimestamp"));
+ $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
+ return $lastLogon;
+ }
+
+}
+?>
diff --git a/functions/adLDAP/src/classes/adLDAPUtils.php b/functions/adLDAP/src/classes/adLDAPUtils.php
new file mode 100644
index 0000000..5e86441
--- /dev/null
+++ b/functions/adLDAP/src/classes/adLDAPUtils.php
@@ -0,0 +1,264 @@
+adldap = $adldap;
+ }
+
+
+ /**
+ * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+ *
+ * @param array $groups
+ * @return array
+ */
+ public function niceNames($groups)
+ {
+
+ $groupArray = array();
+ for ($i=0; $i<$groups["count"]; $i++){ // For each group
+ $line = $groups[$i];
+
+ if (strlen($line)>0) {
+ // More presumptions, they're all prefixed with CN=
+ // so we ditch the first three characters and the group
+ // name goes up to the first comma
+ $bits=explode(",", $line);
+ $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
+ }
+ }
+ return $groupArray;
+ }
+
+ /**
+ * Escape characters for use in an ldap_create function
+ *
+ * @param string $str
+ * @return string
+ */
+ public function escapeCharacters($str) {
+ $str = str_replace(",", "\,", $str);
+ return $str;
+ }
+
+ /**
+ * Escape strings for the use in LDAP filters
+ *
+ * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+ * Ported from Perl's Net::LDAP::Util escape_filter_value
+ *
+ * @param string $str The string the parse
+ * @author Port by Andreas Gohr
+ * @return string
+ */
+ public function ldapSlashes($str){
+ return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+ '"\\\\\".join("",unpack("H2","$1"))',
+ $str);
+ }
+
+ /**
+ * Converts a string GUID to a hexdecimal value so it can be queried
+ *
+ * @param string $strGUID A string representation of a GUID
+ * @return string
+ */
+ public function strGuidToHex($strGUID)
+ {
+ $strGUID = str_replace('-', '', $strGUID);
+
+ $octet_str = '\\' . substr($strGUID, 6, 2);
+ $octet_str .= '\\' . substr($strGUID, 4, 2);
+ $octet_str .= '\\' . substr($strGUID, 2, 2);
+ $octet_str .= '\\' . substr($strGUID, 0, 2);
+ $octet_str .= '\\' . substr($strGUID, 10, 2);
+ $octet_str .= '\\' . substr($strGUID, 8, 2);
+ $octet_str .= '\\' . substr($strGUID, 14, 2);
+ $octet_str .= '\\' . substr($strGUID, 12, 2);
+ //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+ for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+ if (($i % 2) == 0) {
+ $octet_str .= '\\' . substr($strGUID, $i, 2);
+ }
+ }
+
+ return $octet_str;
+ }
+
+ /**
+ * Convert a binary SID to a text SID
+ *
+ * @param string $binsid A Binary SID
+ * @return string
+ */
+ public function getTextSID($binsid) {
+ $hex_sid = bin2hex($binsid);
+ $rev = hexdec(substr($hex_sid, 0, 2));
+ $subcount = hexdec(substr($hex_sid, 2, 2));
+ $auth = hexdec(substr($hex_sid, 4, 12));
+ $result = "$rev-$auth";
+
+ for ($x=0;$x < $subcount; $x++) {
+ $subauth[$x] =
+ hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
+ $result .= "-" . $subauth[$x];
+ }
+
+ // Cheat by tacking on the S-
+ return 'S-' . $result;
+ }
+
+ /**
+ * Converts a little-endian hex number to one that hexdec() can convert
+ *
+ * @param string $hex A hex code
+ * @return string
+ */
+ public function littleEndian($hex)
+ {
+ $result = '';
+ for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+ $result .= substr($hex, $x, 2);
+ }
+ return $result;
+ }
+
+ /**
+ * Converts a binary attribute to a string
+ *
+ * @param string $bin A binary LDAP attribute
+ * @return string
+ */
+ public function binaryToText($bin)
+ {
+ $hex_guid = bin2hex($bin);
+ $hex_guid_to_guid_str = '';
+ for($k = 1; $k <= 4; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-';
+ for($k = 1; $k <= 2; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-';
+ for($k = 1; $k <= 2; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
+ $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+ return strtoupper($hex_guid_to_guid_str);
+ }
+
+ /**
+ * Converts a binary GUID to a string GUID
+ *
+ * @param string $binaryGuid The binary GUID attribute to convert
+ * @return string
+ */
+ public function decodeGuid($binaryGuid)
+ {
+ if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
+
+ $strGUID = $this->binaryToText($binaryGuid);
+ return $strGUID;
+ }
+
+ /**
+ * Convert a boolean value to a string
+ * You should never need to call this yourself
+ *
+ * @param bool $bool Boolean value
+ * @return string
+ */
+ public function boolToStr($bool)
+ {
+ return ($bool) ? 'TRUE' : 'FALSE';
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ public function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i=0; $i> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Get the current class version number
+ *
+ * @return string
+ */
+ public function getVersion() {
+ return self::ADLDAP_VERSION;
+ }
+
+ /**
+ * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
+ *
+ * @param long $windowsTime
+ * @return long $unixTime
+ */
+ public static function convertWindowsTimeToUnixTime($windowsTime) {
+ $unixTime = round($windowsTime / 10000000) - 11644477200;
+ return $unixTime;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/functions/adLDAP/src/collections/adLDAPCollection.php b/functions/adLDAP/src/collections/adLDAPCollection.php
new file mode 100644
index 0000000..433d39f
--- /dev/null
+++ b/functions/adLDAP/src/collections/adLDAPCollection.php
@@ -0,0 +1,137 @@
+setInfo($info);
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Set the raw info array from Active Directory
+ *
+ * @param array $info
+ */
+ public function setInfo(array $info)
+ {
+ if ($this->info && sizeof($info) >= 1) {
+ unset($this->info);
+ }
+ $this->info = $info;
+ }
+
+ /**
+ * Magic get method to retrieve data from the raw array in a formatted way
+ *
+ * @param string $attribute
+ * @return mixed
+ */
+ public function __get($attribute)
+ {
+ if (isset($this->info[0]) && is_array($this->info[0])) {
+ foreach ($this->info[0] as $keyAttr => $valueAttr) {
+ if (strtolower($keyAttr) == strtolower($attribute)) {
+ if ($this->info[0][strtolower($attribute)]['count'] == 1) {
+ return $this->info[0][strtolower($attribute)][0];
+ }
+ else {
+ $array = array();
+ foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
+ if ((string)$key != 'count') {
+ $array[$key] = $value;
+ }
+ }
+ return $array;
+ }
+ }
+ }
+ }
+ else {
+ return NULL;
+ }
+ }
+
+ /**
+ * Magic set method to update an attribute
+ *
+ * @param string $attribute
+ * @param string $value
+ * @return bool
+ */
+ abstract public function __set($attribute, $value);
+
+ /**
+ * Magic isset method to check for the existence of an attribute
+ *
+ * @param string $attribute
+ * @return bool
+ */
+ public function __isset($attribute) {
+ if (isset($this->info[0]) && is_array($this->info[0])) {
+ foreach ($this->info[0] as $keyAttr => $valueAttr) {
+ if (strtolower($keyAttr) == strtolower($attribute)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+}
+?>
diff --git a/functions/adLDAP/src/collections/adLDAPComputerCollection.php b/functions/adLDAP/src/collections/adLDAPComputerCollection.php
new file mode 100644
index 0000000..09f82ca
--- /dev/null
+++ b/functions/adLDAP/src/collections/adLDAPComputerCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/functions/adLDAP/src/collections/adLDAPContactCollection.php b/functions/adLDAP/src/collections/adLDAPContactCollection.php
new file mode 100644
index 0000000..a9efad5
--- /dev/null
+++ b/functions/adLDAP/src/collections/adLDAPContactCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/functions/adLDAP/src/collections/adLDAPGroupCollection.php b/functions/adLDAP/src/collections/adLDAPGroupCollection.php
new file mode 100644
index 0000000..ef4af8d
--- /dev/null
+++ b/functions/adLDAP/src/collections/adLDAPGroupCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/functions/adLDAP/src/collections/adLDAPUserCollection.php b/functions/adLDAP/src/collections/adLDAPUserCollection.php
new file mode 100644
index 0000000..63fce5f
--- /dev/null
+++ b/functions/adLDAP/src/collections/adLDAPUserCollection.php
@@ -0,0 +1,46 @@
+
diff --git a/functions/classes/class.Common.php b/functions/classes/class.Common.php
new file mode 100644
index 0000000..43e527b
--- /dev/null
+++ b/functions/classes/class.Common.php
@@ -0,0 +1,349 @@
+
+ */
+class Common_functions {
+
+ /**
+ * settings
+ *
+ * (default value: null)
+ *
+ * @var mixed
+ * @access public
+ */
+ public $settings = null;
+
+ /**
+ * Cache file to store all results from queries to
+ *
+ * structure:
+ *
+ * [table][index] = (object) $content
+ *
+ *
+ * (default value: array())
+ *
+ * @var array
+ * @access public
+ */
+ public $cache = array();
+
+ /**
+ * cache_check_exceptions
+ *
+ * (default value: array())
+ *
+ * @var array
+ * @access private
+ */
+ private $cache_check_exceptions = array();
+
+ /**
+ * Database
+ *
+ * @var mixed
+ * @access protected
+ */
+ protected $Database;
+
+ /**
+ * Result
+ *
+ * @var mixed
+ * @access public
+ */
+ public $Result;
+
+ /**
+ * Log
+ *
+ * @var mixed
+ * @access public
+ */
+ public $Log;
+
+ /**
+ * Net_IPv4
+ *
+ * @var mixed
+ * @access protected
+ */
+ protected $Net_IPv4;
+
+ /**
+ * Net_IPv6
+ *
+ * @var mixed
+ * @access protected
+ */
+ protected $Net_IPv6;
+
+ /**
+ * NET_DNS object
+ *
+ * @var mixed
+ * @access protected
+ */
+ protected $DNS2;
+
+ /**
+ * debugging flag
+ *
+ * @var mixed
+ * @access protected
+ */
+ protected $debugging;
+
+
+
+
+ /**
+ * fetches settings from database
+ *
+ * @access private
+ * @return none
+ */
+ public function get_settings () {
+ # constant defined
+ if (defined('SETTINGS')) {
+ if ($this->settings === null || $this->settings === false) {
+ $this->settings = json_decode(SETTINGS);
+ }
+ }
+ else {
+ # cache check
+ if($this->settings === null) {
+ try { $settings = $this->Database->getObject("settings", 1); }
+ catch (Exception $e) { $this->Result->show("danger", _("Database error: ").$e->getMessage()); }
+ # save
+ if ($settings!==false) {
+ $this->settings = $settings;
+ }
+ }
+ }
+ }
+
+ /**
+ * get_settings alias
+ *
+ * @access public
+ * @return void
+ */
+ public function settings () {
+ return $this->get_settings();
+ }
+
+
+
+
+
+ /**
+ * Sets debugging
+ *
+ * @access private
+ * @return void
+ */
+ public function set_debugging () {
+ include( dirname(__FILE__) . '/../../config.php' );
+ $this->debugging = $debugging ? true : false;
+ }
+
+ /**
+ * Strip tags from array or field to protect from XSS
+ *
+ * @access public
+ * @param array|string $input
+ * @return array|string
+ */
+ public function strip_input_tags ($input) {
+ if(is_array($input)) {
+ foreach($input as $k=>$v) {
+ $input[$k] = strip_tags($v);
+ }
+ }
+ else {
+ $input = strip_tags($input);
+ }
+ # stripped
+ return $input;
+ }
+
+ /**
+ * Changes empty array fields to specified character
+ *
+ * @access public
+ * @param array|object $fields
+ * @param string $char (default: "/")
+ * @return array
+ */
+ public function reformat_empty_array_fields ($fields, $char = "/") {
+ $out = array();
+ // loop
+ foreach($fields as $k=>$v) {
+ if(is_null($v) || strlen($v)==0) {
+ $out[$k] = $char;
+ } else {
+ $out[$k] = $v;
+ }
+ }
+ # result
+ return $out;
+ }
+
+ /**
+ * Removes empty array fields
+ *
+ * @access public
+ * @param array $fields
+ * @return array
+ */
+ public function remove_empty_array_fields ($fields) {
+ // init
+ $out = array();
+ // loop
+ foreach($fields as $k=>$v) {
+ if(is_null($v) || strlen($v)==0) {
+ }
+ else {
+ $out[$k] = $v;
+ }
+ }
+ # result
+ return $out;
+ }
+
+ /**
+ * Function to verify checkbox if 0 length
+ *
+ * @access public
+ * @param mixed $field
+ * @return void
+ */
+ public function verify_checkbox ($field) {
+ return @$field==""||strlen(@$field)==0 ? 0 : $field;
+ }
+
+ /**
+ * Transforms array to log format
+ *
+ * @access public
+ * @param mixed $logs
+ * @param bool $changelog
+ * @return void
+ */
+ public function array_to_log ($logs, $changelog = false) {
+ $result = "";
+ # reformat
+ if(is_array($logs)) {
+ // changelog
+ if ($changelog===true) {
+ foreach($logs as $key=>$req) {
+ # ignore __ and PHPSESSID
+ if( (substr($key,0,2) == '__') || (substr($key,0,9) == 'PHPSESSID') || (substr($key,0,4) == 'pass') || $key=='plainpass' ) {}
+ else { $result .= "[$key]: $req "; }
+ }
+
+ }
+ else {
+ foreach($logs as $key=>$req) {
+ # ignore __ and PHPSESSID
+ if( (substr($key,0,2) == '__') || (substr($key,0,9) == 'PHPSESSID') || (substr($key,0,4) == 'pass') || $key=='plainpass' ) {}
+ else { $result .= " ". $key . ": " . $req . " "; }
+ }
+ }
+ }
+ return $result;
+ }
+
+ /**
+ * Create URL for base
+ *
+ * @access public
+ * @return void
+ */
+ public function createURL () {
+ # reset url for base
+ if($_SERVER['SERVER_PORT'] == "443") { $url = "https://$_SERVER[HTTP_HOST]"; }
+ // reverse proxy doing SSL offloading
+ elseif(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $url = "https://$_SERVER[SERVER_NAME]"; }
+ elseif(isset($_SERVER['HTTP_X_SECURE_REQUEST']) && $_SERVER['HTTP_X_SECURE_REQUEST'] == 'true') { $url = "https://$_SERVER[SERVER_NAME]"; }
+ // custom port
+ elseif($_SERVER['SERVER_PORT']!="80") { $url = "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]"; }
+ // normal http
+ else { $url = "http://$_SERVER[HTTP_HOST]"; }
+
+ //result
+ return $url;
+ }
+
+ /**
+ * create link function
+ *
+ * if rewrite is enabled in settings use rewrite, otherwise ugly links
+ *
+ * @access public
+ * @param mixed $l0 (default: null)
+ * @param mixed $l1 (default: null)
+ * @param mixed $l2 (default: null)
+ * @return void
+ */
+ public function create_link ($l0 = null, $l1 = null, $l2 = null) {
+ # get settings
+ global $User;
+
+ # set normal link array
+ $el = array("app", "page", "id");
+
+ # set rewrite
+ if($User->settings->prettyLinks=="Yes") {
+ if(!is_null($l2)) { $link = "$l0/$l1/$l2/"; }
+ elseif(!is_null($l1)) { $link = "$l0/$l1/"; }
+ elseif(!is_null($l0)) { $link = "$l0/"; }
+ else { $link = ""; }
+ }
+ # normal
+ else {
+ if(!is_null($l2)) { $link = "?$el[0]=$l0&$el[1]=$l1&$el[2]=$l2"; }
+ elseif(!is_null($l1)) { $link = "?$el[0]=$l0&$el[1]=$l1"; }
+ elseif(!is_null($l0)) { $link = "?$el[0]=$l0"; }
+ else { $link = ""; }
+ }
+ # prepend base
+ $link = BASE.$link;
+
+ # result
+ return $link;
+ }
+
+ /**
+ * Creates links from text fields if link is present
+ *
+ * source: https://css-tricks.com/snippets/php/find-urls-in-text-make-links/
+ *
+ * @access public
+ * @param mixed $field_type
+ * @param mixed $text
+ * @return void
+ */
+ public function create_links ($text, $field_type = "varchar") {
+ // create links only for varchar fields
+ if (strpos($field_type, "varchar")!==false) {
+ // regular expression
+ $reg_exUrl = "#(http|https|ftp|ftps|telnet|ssh)://\S+[^\s.,>)\];'\"!?]#";
+
+ // Check if there is a url in the text
+ if(preg_match($reg_exUrl, $text, $url)) {
+ // make the urls hyper links
+ $text = preg_replace($reg_exUrl, "{$url[0]} ", $text);
+ }
+ }
+ // return text
+ return $text;
+ }
+
+}
+?>
diff --git a/functions/classes/class.Database.php b/functions/classes/class.Database.php
new file mode 100644
index 0000000..ba4261b
--- /dev/null
+++ b/functions/classes/class.Database.php
@@ -0,0 +1,1260 @@
+username = $username;
+ if (isset($password)) $this->password = $password;
+ if (isset($charset)) $this->charset = $charset;
+ # ssl
+ if ($ssl) {
+ $this->ssl = $ssl;
+ }
+ }
+
+ /**
+ * convert a date object/string ready for use in sql
+ *
+ * @access public
+ * @static
+ * @param mixed $date (default: null)
+ * @return void
+ */
+ public static function toDate($date = null) {
+ if (is_int($date)) {
+ return date('Y-m-d H:i:s', $date);
+ } else if (is_string($date)) {
+ return date('Y-m-d H:i:s', strtotime($date));
+ } else {
+ return date('Y-m-d H:i:s');
+ }
+ }
+
+ /**
+ * Connect to the database
+ * Call whenever a connection is needed to be made
+ *
+ * @access public
+ * @return void
+ */
+ public function connect() {
+ $dsn = $this->makeDsn();
+
+ try {
+ # ssl?
+ if ($this->ssl) {
+ $this->pdo = new \PDO($dsn, $this->username, $this->password, $this->ssl);
+ }
+ else {
+ $this->pdo = new \PDO($dsn, $this->username, $this->password);
+ }
+
+ $this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
+
+ } catch (\PDOException $e) {
+ throw new Exception ("Could not connect to database! ".$e->getMessage());
+ }
+
+ @$this->pdo->query('SET NAMES \'' . $this->charset . '\';');
+ }
+
+ /**
+ * makeDsn function.
+ *
+ * @access protected
+ * @return void
+ */
+ protected function makeDsn() {
+ return ':charset=' . $this->charset;
+ }
+
+ /**
+ * resets conection.
+ *
+ * @access public
+ * @return void
+ */
+ public function resetConn() {
+ unset($this->pdo);
+ $this->install = false;
+ }
+
+ /**
+ * logs queries to file
+ *
+ * @access private
+ * @param mixed $query
+ * @return void
+ */
+ private function log_query ($query) {
+ if($this->debug) {
+
+ $myFile = "/tmp/queries.txt";
+ $fh = fopen($myFile, 'a') or die("can't open file");
+ fwrite($fh, $query->queryString."\n");
+ fclose($fh);
+ }
+ }
+
+ /**
+ * Remove outer quotes from a string
+ *
+ * @access public
+ * @static
+ * @param mixed $str
+ * @return void
+ */
+ public static function unquote_outer($str) {
+ $len = strlen($str);
+
+ if ($len>1) {
+ if ($str[0] == "'" && $str[$len-1] == "'") {
+ return substr($str, 1, -1);
+ } else if ($str[0] == "'") {
+ return substr($str, 1);
+ } else if ($str[$len-1] == "'") {
+ return substr($str, 0, -1);
+ }
+ } else if ($len>0) {
+ if ($str[0] == "'") {
+ return '';
+ }
+ }
+
+ return $str;
+ }
+
+ /**
+ * Are we currently connected to the database
+ *
+ * @access public
+ * @return void
+ */
+ public function isConnected() {
+ return ($this->pdo !== null);
+ }
+
+ /**
+ * Returns last insert ID
+ *
+ * @access public
+ * @return void
+ */
+ public function lastInsertId() {
+ return $this->pdo->lastInsertId();
+ }
+
+ /**
+ * Run a statement on the database
+ * Note: no objects are fetched
+ *
+ * @access public
+ * @param mixed $query
+ * @param array $values (default: array())
+ * @return void
+ */
+ public function runQuery($query, $values = array()) {
+ if (!$this->isConnected()) $this->connect();
+
+ $statement = $this->pdo->prepare($query);
+ //debuq
+ $this->log_query ($statement);
+ return $statement->execute((array)$values); //this array cast allows single values to be used as the parameter
+ }
+
+ /**
+ * Allow a value to be escaped, ready for insertion as a mysql parameter
+ * Note: for usage as a value (rather than prepared statements), you MUST manually quote around.
+ *
+ * @access public
+ * @param mixed $str
+ * @return void
+ */
+ public function escape($str) {
+ if (!$this->isConnected()) $this->connect();
+
+ return $this->unquote_outer($this->pdo->quote((string)$str));
+ }
+
+ /**
+ * Get a quick number of objects in a table
+ *
+ * @access public
+ * @param mixed $tableName
+ * @return void
+ */
+ public function numObjects($tableName) {
+ if (!$this->isConnected()) $this->connect();
+
+ $tableName = $this->escape($tableName);
+ $statement = $this->pdo->prepare('SELECT COUNT(*) as `num` FROM `'.$tableName.'`;');
+
+ //debuq
+ $this->log_query ($statement);
+ $statement->execute();
+
+ return $statement->fetchColumn();
+ }
+
+ /**
+ * Get a quick number of objects in a table for filtered field
+ *
+ * @access public
+ * @param mixed $tableName
+ * @param mixed $method
+ * @param boolean $like (default: false)
+ * @param mixed $value
+ * @return void
+ */
+ public function numObjectsFilter($tableName, $method, $value, $like = false) {
+ if (!$this->isConnected()) $this->connect();
+
+ $like === true ? $operator = "LIKE" : $operator = "=";
+
+ $tableName = $this->escape($tableName);
+ $statement = $this->pdo->prepare('SELECT COUNT(*) as `num` FROM `'.$tableName.'` where `'.$method.'` '.$operator.' ?;');
+
+ //debuq
+ $this->log_query ($statement);
+ $statement->execute(array($value));
+
+ return $statement->fetchColumn();
+ }
+
+ /**
+ * Update an object in a table with values given
+ *
+ * Note: the id of the object is assumed to be in.
+ *
+ * @access public
+ * @param mixed $tableName
+ * @param mixed $obj
+ * @param string $primarykey (default: 'id')
+ * @param mixed $primarykey2 (default: null)
+ * @return void
+ */
+ public function updateObject($tableName, $obj, $primarykey = 'id', $primarykey2 = null) {
+ if (!$this->isConnected()) $this->connect();
+
+ $obj = (array)$obj;
+
+ //we cannot update an object without an id specified so quit
+ if (!isset($obj[$primarykey])) {
+ throw new Exception('Missing primary key');
+ return false;
+ }
+
+ $tableName = $this->escape($tableName);
+
+ //get the objects id from the provided object and knock it off from the object so we dont try to update it
+ $objId[] = $obj[$primarykey];
+ unset($obj[$primarykey]);
+
+ //secondary primary key?
+ if(!is_null($primarykey2)) {
+ $objId[] = $obj[$primarykey2];
+ unset($obj[$primarykey2]);
+ }
+
+ //TODO: validate given object parameters with that of the table (this validates parameters names)
+
+ //formulate an update statement based on the object parameters
+ $objParams = array_keys($obj);
+
+ $preparedParamArr = array();
+ foreach ($objParams as $objParam) {
+ $preparedParamArr[] = '`' . $this->escape($objParam) . '`=?';
+ }
+
+ $preparedParamStr = implode(',', $preparedParamArr);
+
+ //primary key 2?
+ if(!is_null($primarykey2))
+ $statement = $this->pdo->prepare('UPDATE `' . $tableName . '` SET ' . $preparedParamStr . ' WHERE `' . $primarykey . '`=? AND `' . $primarykey2 . '`=?;');
+ else
+ $statement = $this->pdo->prepare('UPDATE `' . $tableName . '` SET ' . $preparedParamStr . ' WHERE `' . $primarykey . '`=?;');
+
+ //merge the parameters and values
+ $paramValues = array_merge(array_values($obj), $objId);
+
+ //debuq
+ $this->log_query ($statement);
+ //run the update on the object
+ return $statement->execute($paramValues);
+ }
+
+ /**
+ * Update multiple objects at once.
+ *
+ * @access public
+ * @param string $tableName
+ * @param array $ids
+ * @param array $values
+ * @return void
+ */
+ public function updateMultipleObjects($tableName, $ids, $values) {
+ $tableName = $this->escape($tableName);
+ //set ids
+ $num = count($ids);
+ $idParts = array_fill(0, $num, '`id`=?');
+ //set values
+ $objParams = array_keys($values);
+ $preparedParamArr = array();
+ foreach ($objParams as $objParam) {
+ $preparedParamArr[] = '`' . $this->escape($objParam) . '`=?';
+ }
+ //set values
+ $all_values = array_merge(array_values($values),$ids);
+ //execute
+ return $this->runQuery('UPDATE `'.$tableName.'` SET '.implode(',', $preparedParamArr).' WHERE '.implode(' OR ', $idParts), $all_values);
+ }
+
+ /**
+ * Insert an object into a table
+ * Note: an id field is ignored if specified.
+ *
+ * @access public
+ * @param string $tableName
+ * @param object|array $obj
+ * @param bool $raw (default: false)
+ * @param bool $replace (default: false)
+ * @return void
+ */
+ public function insertObject($tableName, $obj, $raw = false, $replace = false) {
+ if (!$this->isConnected()) $this->connect();
+
+ $obj = (array)$obj;
+
+ $tableName = $this->escape($tableName);
+
+ if (!$raw && array_key_exists('id', $obj)) {
+ unset($obj['id']);
+ }
+
+ if (count($obj)<1) {
+ return true;
+ }
+
+ //formulate an update statement based on the object parameters
+ $objValues = array_values($obj);
+
+ $preparedParamsArr = array();
+ foreach ($obj as $key => $value) {
+ $preparedParamsArr[] = '`' . $this->escape($key) . '`';
+ }
+
+ $preparedParamsStr = implode(', ', $preparedParamsArr);
+ $preparedValuesStr = implode(', ', array_fill(0, count($objValues), '?'));
+
+ if ($replace) {
+ $statement = $this->pdo->prepare('REPLACE INTO `' . $tableName . '` (' . $preparedParamsStr . ') VALUES (' . $preparedValuesStr . ');');
+ } else {
+ $statement = $this->pdo->prepare('INSERT INTO `' . $tableName . '` (' . $preparedParamsStr . ') VALUES (' . $preparedValuesStr . ');');
+ }
+
+ //run the update on the object
+ if (!$statement->execute($objValues)) {
+ $errObj = $statement->errorInfo();
+
+ //return false;
+ throw new Exception($errObj[2]);
+ }
+
+ return $this->pdo->lastInsertId();
+ }
+
+
+ /**
+ * Check if an object exists.
+ *
+ * @access public
+ * @param string $tableName
+ * @param string $query (default: null)
+ * @param array $values (default: array())
+ * @param mixed $id (default: null)
+ * @return void
+ */
+ public function objectExists($tableName, $query = null, $values = array(), $id = null) {
+ return is_object($this->getObject($tableName, $query, $values, $id));
+ }
+
+ /**
+ * Get a filtered list of objects from the database.
+ *
+ * @access public
+ * @param string $tableName
+ * @param string $sortField (default: 'id')
+ * @param bool $sortAsc (default: true)
+ * @param mixed $numRecords (default: null)
+ * @param int $offset (default: 0)
+ * @param string $class (default: 'stdClass')
+ * @return void
+ */
+ public function getObjects($tableName, $sortField = 'id', $sortAsc = true, $numRecords = null, $offset = 0, $class = 'stdClass') {
+ if (!$this->isConnected()) $this->connect();
+
+ $sortStr = '';
+ if (!$sortAsc) {
+ $sortStr = 'DESC';
+ }
+
+ //we should escape all of the params that we need to
+ $tableName = $this->escape($tableName);
+ $sortField = $this->escape($sortField);
+
+ if ($numRecords === null) {
+ //get all (no limit)
+ $statement = $this->pdo->query('SELECT * FROM `'.$tableName.'` ORDER BY `'.$sortField.'` '.$sortStr.';');
+ } else {
+ //get a limited range of objects
+ $statement = $this->pdo->query('SELECT * FROM `'.$tableName.'` ORDER BY `'.$sortField.'` '.$sortStr.' LIMIT '.$numRecords.' OFFSET '.$offset.';');
+ }
+
+ $results = array();
+
+ if (is_object($statement)) {
+ while ($newObj = $statement->fetchObject($class)) {
+ $results[] = $newObj;
+ }
+ }
+
+ return $results;
+ }
+
+
+ /**
+ * use this function to conserve memory and read rows one by one rather than reading all of them
+ *
+ * @access public
+ * @param mixed $query (default: null)
+ * @param array $values (default: array())
+ * @param mixed $callback (default: null)
+ * @return void
+ */
+ public function getObjectsQueryIncremental($query = null, $values = array(), $callback = null) {
+ if (!$this->isConnected()) $this->connect();
+
+ $statement = $this->pdo->prepare($query);
+
+ //debuq
+ $this->log_query ($statement);
+ $statement->execute((array)$values);
+
+ if (is_object($statement)) {
+ if ($callback) {
+ while ($newObj = $statement->fetchObject('stdClass')) {
+ if ($callback($newObj)===false) {
+ return false;
+ }
+ }
+ }
+ }
+
+ return true;
+ }
+
+
+ /**
+ * Get all objects matching values
+ *
+ * @access public
+ * @param mixed $query (default: null)
+ * @param array $values (default: array())
+ * @param string $class (default: 'stdClass')
+ * @return void
+ */
+ public function getObjectsQuery($query = null, $values = array(), $class = 'stdClass') {
+ if (!$this->isConnected()) $this->connect();
+
+ $statement = $this->pdo->prepare($query);
+
+ //debug
+ $this->log_query ($statement);
+ $statement->execute((array)$values);
+
+ $results = array();
+
+ if (is_object($statement)) {
+ while ($newObj = $statement->fetchObject($class)) {
+ $results[] = $newObj;
+ }
+ }
+
+ return $results;
+ }
+
+ /**
+ * Get a single object from the database
+ *
+ * @access public
+ * @param mixed $tableName
+ * @param mixed $id (default: null)
+ * @param string $class (default: 'stdClass')
+ * @return void
+ */
+ public function getObject($tableName, $id = null, $class = 'stdClass') {
+ if (!$this->isConnected()) $this->connect();
+ $id = intval($id);
+
+ //has a custom query been provided?
+ $tableName = $this->escape($tableName);
+
+ //prepare a statement to get a single object from the database
+ if ($id !== null) {
+ $statement = $this->pdo->prepare('SELECT * FROM `'.$tableName.'` WHERE `id`=? LIMIT 1;');
+ $statement->bindParam(1, $id, \PDO::PARAM_INT);
+ } else {
+ $statement = $this->pdo->prepare('SELECT * FROM `'.$tableName.'` LIMIT 1;');
+ }
+
+ //debuq
+ $this->log_query ($statement);
+ $statement->execute();
+
+ //we can then extract the single object (if we have a result)
+ $resultObj = $statement->fetchObject($class);
+
+ if ($resultObj === false) {
+ return null;
+ } else {
+ return $resultObj;
+ }
+ }
+
+ /**
+ * Fetches single object from provided query
+ *
+ * @access public
+ * @param mixed $query (default: null)
+ * @param array $values (default: array())
+ * @param string $class (default: 'stdClass')
+ * @return void
+ */
+ public function getObjectQuery($query = null, $values = array(), $class = 'stdClass') {
+ if (!$this->isConnected()) $this->connect();
+
+ $statement = $this->pdo->prepare($query);
+ //debuq
+ $this->log_query ($statement);
+ $statement->execute((array)$values);
+
+ $resultObj = $statement->fetchObject($class);
+
+ if ($resultObj === false) {
+ return null;
+ } else {
+ return $resultObj;
+ }
+ }
+
+ /**
+ * Get single value
+ *
+ * @access public
+ * @param mixed $query (default: null)
+ * @param array $values (default: array())
+ * @param string $class (default: 'stdClass')
+ * @return void
+ */
+ public function getValueQuery($query = null, $values = array(), $class = 'stdClass') {
+ $obj = $this->getObjectQuery($query, $values, $class);
+
+ if (is_object($obj)) {
+ $obj = (array)$obj;
+ return reset($obj);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Searches for object in database
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $field
+ * @param mixed $value
+ * @param string $sortField (default: 'id')
+ * @param bool $sortAsc (default: true)
+ * @param bool $like (default: false)
+ * @param bool $negate (default: false)
+ * @return void
+ */
+ public function findObjects($table, $field, $value, $sortField = 'id', $sortAsc = true, $like = false, $negate = false, $limit = false) {
+ $table = $this->escape($table);
+ $field = $this->escape($field);
+ $sortField = $this->escape($sortField);
+ $like === true ? $operator = "LIKE" : $operator = "=";
+ $negate === true ? $negate_operator = "NOT " : $negate_operator = "";
+ $limit===false ? $limit_q = "" : $limit_q = " limit ".$limit;
+
+ return $this->getObjectsQuery('SELECT * FROM `' . $table . '` WHERE `'. $field .'`'.$negate_operator. $operator .'? ORDER BY `'.$sortField.'` ' . ($sortAsc ? '' : 'DESC') . ' '.$limit_q.';', array($value));
+ }
+
+ /**
+ * Searches for single object.
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $field
+ * @param mixed $value
+ * @return void
+ */
+ public function findObject($table, $field, $value) {
+ $table = $this->escape($table);
+ $field = $this->escape($field);
+
+ return $this->getObjectQuery('SELECT * FROM `' . $table . '` WHERE `' . $field . '` = ? LIMIT 1;', array($value));
+ }
+
+ /**
+ * Get list of items.
+ *
+ * @access public
+ * @param mixed $query (default: null)
+ * @param array $values (default: array())
+ * @param string $class (default: 'stdClass')
+ * @return void
+ */
+ public function getList($query = null, $values = array(), $class = 'stdClass') {
+ $objs = $this->getObjectsQuery($query, $values, $class);
+
+ $list = array();
+ foreach ($objs as $obj) {
+ $columns = array_values((array)$obj);
+ $list[] = $columns[0];
+ }
+
+ return $list;
+ }
+
+ /**
+ * Delete an object from the database
+ *
+ * @param {string} table name
+ * @param {int} object id
+ * @return {boolean} success
+ */
+ public function deleteObject($tableName, $id) {
+ $tableName = $this->escape($tableName);
+
+ return $this->runQuery('DELETE FROM `'.$tableName.'` WHERE `id`=?;', array($id));
+ }
+
+ /**
+ * Delete a list of objects from the database
+ *
+ * @param {string} table name
+ * @param {array} list of ids
+ * @return {boolean} success
+ */
+ public function deleteObjects($tableName, $ids) {
+ $tableName = $this->escape($tableName);
+ $num = count($ids);
+ $idParts = array_fill(0, $num, '`id`=?');
+
+ return $this->runQuery('DELETE FROM `'.$tableName.'` WHERE ' . implode(' OR ', $idParts), $ids);
+ }
+
+ /**
+ * Delete specified row
+ *
+ * @access public
+ * @param {string} $tableName
+ * @param {string $field
+ * @param {string $value
+ * @return void
+ */
+ public function deleteRow($tableName, $field, $value, $field2=null, $value2 = null) {
+ $tableName = $this->escape($tableName);
+ $field = $this->escape($field);
+
+ //multiple
+ if(!is_null($field2))
+ return $this->runQuery('DELETE FROM `'.$tableName.'` WHERE `'.$field.'`=? and `'.$field2.'`=?;', array($value, $value2));
+ else
+ return $this->runQuery('DELETE FROM `'.$tableName.'` WHERE `'.$field.'`=?;', array($value));
+ }
+
+ /**
+ * truncate specified table
+ *
+ * @access public
+ * @param {string} $tableName
+ * @return void
+ */
+ public function emptyTable($tableName) {
+ //escape talbe name
+ $tableName = $this->escape($tableName);
+ //execute
+ return $this->runQuery('TRUNCATE TABLE `'.$tableName.'`;');
+ }
+
+ /**
+ * Returns table definition.
+ *
+ * @access public
+ * @param mixed $tableName
+ * @return void
+ */
+ public function getTableDefinition($tableName) {
+ //escape talbe name
+ $tableName = $this->escape($tableName);
+ //execute
+ return $this->getObjectsQuery('DESCRIBE `'.$tableName.'`;');
+ }
+}
+
+
+/**
+*
+* PDO class wrapper
+* Database class
+*
+*/
+class Database_PDO extends DB {
+
+
+ /**
+ * SSL options for db connection
+ *
+ * (default value: array ())
+ *
+ * @var array
+ * @access protected
+ */
+ protected $pdo_ssl_opts = array ();
+
+ /**
+ * flag if installation is happenig!
+ *
+ * (default value: false)
+ *
+ * @var bool
+ * @access public
+ */
+ public $install = false;
+
+ /**
+ * Debugging flag
+ *
+ * (default value: false)
+ *
+ * @var bool
+ * @access protected
+ */
+ protected $debug = false;
+
+ /**
+ * Result
+ *
+ * @var obj
+ * @access private
+ */
+ public $Result;
+
+
+
+
+
+ /**
+ * __construct function.
+ *
+ * @access public
+ * @param mixed $host (default: null)
+ * @param mixed $port (default: null)
+ * @param mixed $dbname (default: null)
+ * @param mixed $username (default: null)
+ * @param mixed $password (default: null)
+ * @param mixed $charset (default: null)
+ */
+ public function __construct($username=null, $password=null, $host=null, $port=null, $dbname=null, $charset=null) {
+ # set parameters
+ $this->set_db_params ();
+ # rewrite user/pass if requested - for installation
+ $username==null ? : $this->username = $username;
+ $password==null ? : $this->password = $password;
+ $host==null ? : $this->host = $host;
+ $port==null ? : $this->port = $port;
+ $dbname==null ? : $this->dbname = $dbname;
+
+ $this->Result = new Result ;
+
+ # construct
+ parent::__construct($this->username, $this->password, $this->charset, $this->ssl);
+ }
+
+
+ /**
+ * get database parameters from config.php
+ *
+ * @access private
+ * @return void
+ */
+ private function set_db_params () {
+ # use config file
+ require( dirname(__FILE__) . '/../../config.php' );
+ # set
+ $this->host = $db['host'];
+ $this->port = $db['port'];
+ $this->username = $db['user'];
+ $this->password = $db['pass'];
+ $this->dbname = $db['name'];
+
+ $this->ssl = false;
+ if ($db['ssl']===true) {
+
+ $this->pdo_ssl_opts = array (
+ 'ssl_key' => PDO::MYSQL_ATTR_SSL_KEY,
+ 'ssl_cert' => PDO::MYSQL_ATTR_SSL_CERT,
+ 'ssl_ca' => PDO::MYSQL_ATTR_SSL_CA,
+ 'ssl_cipher' => PDO::MYSQL_ATTR_SSL_CIPHER,
+ 'ssl_capath' => PDO::MYSQL_ATTR_SSL_CAPATH
+ );
+
+ $this->ssl = array();
+
+ foreach ($this->pdo_ssl_opts as $key => $pdoopt) {
+ if ($db[$key]) {
+ $this->ssl[$pdoopt] = $db[$key];
+ }
+ }
+
+ }
+
+ }
+
+ /**
+ * connect function.
+ *
+ * @access public
+ * @return void
+ */
+ public function connect() {
+ parent::connect();
+ //@$this->pdo->query('SET NAMES \'' . $this->charset . '\';');
+ }
+
+ /**
+ * makeDsn function
+ *
+ * @access protected
+ * @return void
+ */
+ protected function makeDsn() {
+ # for installation
+ if($this->install) { return 'mysql:host=' . $this->host . ';port=' . $this->port . ';charset=' . $this->charset; }
+ else { return 'mysql:host=' . $this->host . ';port=' . $this->port . ';dbname=' . $this->dbname . ';charset=' . $this->charset; }
+ }
+
+ /**
+ * more generic static useful methods
+ *
+ * @access public
+ * @return void
+ */
+ public function getColumnInfo() {
+ $columns = $this->getObjectsQuery("
+ SELECT `table_name`, `column_name`, `column_default`, `is_nullable`, `data_type`,`column_key`, `extra`
+ FROM `columns`
+ WHERE `table_schema`='" . $this->dbname . "';
+ ");
+
+ $columnsByTable = array();
+ foreach ($columns as $column) {
+ if (!isset($columnsByTable[$column->table_name])) {
+ $columnsByTable[$column->table_name] = array();
+ }
+
+ $columnsByTable[$column->table_name][$column->column_name] = $column;
+ }
+
+ return $columnsByTable;
+ }
+
+ /**
+ * getForeignKeyInfo function.
+ *
+ * @access public
+ * @return void
+ */
+ public function getForeignKeyInfo() {
+ $foreignLinks = $this->getObjectsQuery("
+ SELECT i.`table_name`, k.`column_name`, i.`constraint_type`, i.`constraint_name`, k.`referenced_table_name`, k.`referenced_column_name`
+ FROM `table_constraints` i
+ LEFT JOIN `key_column_usage` k ON i.`constraint_name` = k.`constraint_name`
+ WHERE i.`constraint_type` = 'FOREIGN KEY' AND i.`table_schema`='" . $this->dbname . "';
+ ");
+
+ $foreignLinksByTable = array();
+ $foreignLinksByRefTable = array();
+ foreach ($foreignLinks as $foreignLink) {
+ if (!isset($foreignLinksByTable[$foreignLink->table_name])) {
+ $foreignLinksByTable[$foreignLink->table_name] = array();
+ }
+
+ if (!isset($foreignLinksByRefTable[$foreignLink->referenced_table_name])) {
+ $foreignLinksByRefTable[$foreignLink->referenced_table_name] = array();
+ }
+
+ $foreignLinksByTable[$foreignLink->table_name][$foreignLink->column_name] = $foreignLink;
+ $foreignLinksByRefTable[$foreignLink->referenced_table_name][$foreignLink->table_name] = $foreignLink;
+ }
+
+ return array($foreignLinksByTable, $foreignLinksByRefTable);
+ }
+}
+
+
+
+
+
+/**
+ * Database_wrapper class
+ *
+ * try/catch for database connections
+ *
+ * @extends Database_PDO
+ */
+class Database_wrapper extends Database_PDO {
+
+ /**
+ * @general fetch methods
+ * --------------------------------
+ */
+
+
+ /**
+ * Fetch all objects from specified table in database
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $sortField (default:id)
+ * @param mixed bool (default:true)
+ * @return void
+ */
+ public function fetch_all_objects ($table=null, $sortField="id", $sortAsc=true) {
+ # null table
+ if(is_null($table)||strlen($table)==0) return false;
+ # fetch
+ try { $res = $this->getObjects($table, $sortField, $sortAsc); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ # result
+ return sizeof($res)>0 ? $res : false;
+ }
+
+ /**
+ * Fetches specified object specified table in database
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $method (default: null)
+ * @param mixed $value
+ * @return void
+ */
+ public function fetch_object ($table=null, $method=null, $value) {
+ # null table
+ if(is_null($table)||strlen($table)==0) return false;
+
+ // checks
+ if(is_null($table)) return false;
+ if(strlen($table)==0) return false;
+ if(is_null($method)) return false;
+ if(is_null($value)) return false;
+ if($value==0) return false;
+
+ # null method
+ $method = is_null($method) ? "id" : $this->escape($method);
+
+ try { $res = $this->getObjectQuery("SELECT * from `$table` where `$method` = ? limit 1;", array($value)); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ return sizeof($res)>0 ? $res : false;
+ }
+
+ /**
+ * Fetches multiple objects in specified table in database
+ *
+ * doesnt cache
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $field
+ * @param mixed $value
+ * @param string $sortField (default: 'id')
+ * @param bool $sortAsc (default: true)
+ * @param bool $like (default: false)
+ * @return void
+ */
+ public function fetch_multiple_objects ($table, $field, $value, $sortField = 'id', $sortAsc = true, $like = false) {
+ # null table
+ if(is_null($table)||strlen($table)==0) return false;
+ else {
+ try { $res = $this->findObjects($table, $field, $value, $sortField, $sortAsc, $like); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ # result
+ return sizeof($res)>0 ? $res : false;
+ }
+ }
+
+ /**
+ * Fetches unique items from database.
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $field
+ * @return void
+ */
+ public function fetch_unique_items ($table, $field) {
+ # escape $table
+ $table = $this->escape($table);
+ $field = $this->escape($field);
+
+ try { $res = $this->getObjectsQuery("select distinct(`$field`) from `$table`;", array()); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ # result
+ return sizeof($res)>0 ? $res : false;
+ }
+
+ /**
+ * Creates new database object.
+ *
+ * @access public
+ * @param mixed $table (default: null)
+ * @param mixed $values
+ * @return void
+ */
+ public function create_object ($table=null, $values) {
+ # null table
+ if(is_null($table)||strlen($table)==0) return false;
+ if(is_null($table)) return false;
+ if(strlen($table)==0) return false;
+
+ # prepare values
+ $fields = $this->get_table_definition ($table, false);
+ foreach ($values as $k=>$v) {
+ if (!in_array($k, $fields) || strlen($v)==0) {
+ unset($values[$k]);
+ }
+ }
+ // execute
+ try { $res = $this->insertObject($table, $values); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Update existing database object.
+ *
+ * @access public
+ * @param mixed $table (default: null)
+ * @param mixed $values
+ * @return void
+ */
+ public function update_object ($table=null, $values) {
+ # null table
+ if(is_null($table)||strlen($table)==0) return false;
+ if(is_null($table)) return false;
+ if(strlen($table)==0) return false;
+ if(sizeof($values)==0) return false;
+
+ # prepare values
+ $fields = $this->get_table_definition ($table, false);
+ foreach ($values as $k=>$v) {
+ if (!in_array($k, $fields) || strlen($v)==0) {
+ unset($values[$k]);
+ }
+ }
+ // execute
+ try { $res = $this->updateObject($table, $values, "id"); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove object.
+ *
+ * @access public
+ * @param mixed $table (default: null)
+ * @param mixed $id
+ * @return void
+ */
+ public function remove_object ($table=null, $id) {
+ # null table
+ if(is_null($table)||strlen($table)==0) return false;
+
+ // checks
+ if(is_null($table)) return false;
+ if(strlen($table)==0) return false;
+ if(is_null($id)) return false;
+ if($id==0) return false;
+ // execute
+ try { $res = $this->deleteObject($table, $id); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Count objects in database.
+ *
+ * @access public
+ * @param mixed $table
+ * @param mixed $field
+ * @param mixed $val (default: null)
+ * @param bool $like (default: false)
+ * @return void
+ */
+ public function count_database_objects ($table, $field, $val=null, $like = false) {
+ # if null
+ try { $cnt = $this->numObjectsFilter($table, $field, $val, $like); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+ return $cnt;
+ }
+
+ /**
+ * Returns table definition.
+ *
+ * @access public
+ * @param mixed $table
+ * @param bool $full
+ * @return void
+ */
+ public function get_table_definition ($table, $full=true) {
+ # if null
+ try { $definition = $this->getTableDefinition($table); }
+ catch (Exception $e) {
+ $this->Result->show("danger", _("Error: ").$e->getMessage());
+ return false;
+ }
+
+ # full or array of names
+ if ($full===true) {
+ return $definition;
+ }
+ else {
+ $out = array();
+ foreach ($definition as $d) {
+ $out[] = $d->Field;
+ }
+ // result
+ return $out;
+ }
+ }
+
+}
+
+
+?>
diff --git a/functions/classes/class.Modal.php b/functions/classes/class.Modal.php
new file mode 100644
index 0000000..981bc9c
--- /dev/null
+++ b/functions/classes/class.Modal.php
@@ -0,0 +1,136 @@
+modal_header ($header);
+ $html[] = $this->modal_body ($content);
+ $html[] = $this->modal_footer ($footer_text, $action_script);
+ $html[] = $this->modal_action ($action_script);
+ // print
+ print implode("\n", $html);
+ }
+
+ /**
+ * Set modal header.
+ *
+ * @access private
+ * @param mixed $header (default: null)
+ * @return void
+ */
+ private function modal_header ($header = null) {
+ // define
+ $html = array();
+ // null
+ if(is_null($header)) { $header = "Naslov"; }
+ // set html
+ $html[] = "