/***

 * LDAP Access

 *

 * --

 * Alain Reguera Delgado <alain.reguera@gmail.com>

 ***/

class LDAP

{

    public $this_conn;

    public $this_host;

    public $this_port;

    public $this_rootdn;

    public $this_rootpw;

    public $this_authschema;

    public $this_basedn;

   /*** 

    * Class initialization

    */

    function __construct()

    {

        // Initialize configuration values

        $this->ldap_host       = 'localhost';

        $this->ldap_port       = '389';

        $this->ldap_rootdn     = 'cn=manager,dc=example,dc=com';

        $this->ldap_rootpw     = '';

        $this->ldap_authschema = '{MD5}';

        $this->ldap_basedn     = 'ou=people,dc=example,dc=com'; 

        // Reinitialize configuration values

        $config = array('ldap_host',   'ldap_port',      'ldap_rootdn', 

                        'ldap_rootpw', 'ldap_authschema','ldap_basedn');

        foreach ( $config as $param )

        {

            if ( ! isset($_SESSION[$param] ) )

            {

                $_SESSION[$param] = $this->$param;

            }   

            $_SESSION[$param] = isset($_POST[$param])?$_POST[$param]:$_SESSION[$param];

            $this->$param = $_SESSION[$param];

        }

        // Open connection against ldap server

        if ( $this->ldap_host && $this->ldap_port )

        {

            $this->ldap_conn = ldap_connect( $this->ldap_host, $this->ldap_port );

        }

        // Set protocol version to use LDAPv3 

        ldap_set_option( $this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);

    }

   /***

    * LDAP configuration

    */

    function get_configForm( $disabled = "" )

    {

        $htmlblock = array();

        array_push( $htmlblock, 

        '
LDAP configuration:
', '
',

        '
Host:
',

        '
<input type="text" name="ldap_host" value="'. $this->ldap_host . '" ' . $disabled . ' />
',

        '
Port:
',

        '
<input type="text" name="ldap_port" value="' . $this->ldap_port.'" ' . $disabled . ' />
',

        '
Bind DN:
',

        '
<input type="text" name="ldap_rootdn" value="'. $this->ldap_rootdn .'" size="50" ' . $disabled . ' />
',

        '
Base DN: 
',

        '
<input type="text" name="ldap_basedn" value="' . $this->ldap_basedn . '" size="50" ' . $disabled . ' />
',

        '
Bind Password: 
',

        '
<input type="password" name="ldap_rootpw" value="' . $this->ldap_rootpw.'" ' . $disabled . ' />
',

        '
Schema: 
',

        '
',

        '<select name="ldap_authschema" ' . $disabled . '>',

        '<option value="{MD5}">{MD5}</option>',

        '<option value="{SHA}">{SHA}</option>',

        '</select>',

        '',

        '');

        return $htmlblock;

    }

   /***

    * Verify configuration

    */

    function verify_configuration()

    {

    }

   /***

    * Bind to LDAP server

    */

    function do_bind()

    {

        return ldap_bind( $this->ldap_conn, $this->ldap_rootdn, $this->ldap_rootpw );

    }

   /*** 

    * Verify LDAP uid's value uniqness

    */

    function is_uid_present( $uid )

    {

        $filter     = 'uid=' . $uid;

        $result     = ldap_search( $this->ldap_conn, $this->ldap_basedn, $filter);

        $entry      = ldap_get_entries( $this->ldap_conn, $result);

        if ( $uid != '' && $entry['count'] == 1 )

        {

            return true;

        }

        else

        {

            return false;

        }

    }

   /*** 

    * Prepare LDAP userPassword attribute

    */

    function prepare_userpassword( $userpassword )

    {

        $dirty['userpassword'] = $userpassword;

        $clean['userpassword'] = '';

        switch ( $this->ldap_authschema )

        {

            case '{MD5}':

            $clean['userpassword'] = '{MD5}' . base64_encode( pack( 'H*', md5( $dirty['userpassword'] ) ) );

            break;

            case '{SHA}':

            $clean['userpassword'] = '{SHA}' . base64_encode( pack( 'H*', sha1( $dirty['userpassword'] ) ) );

            break;

        }

        return $clean['userpassword'];

    }

   /*** 

    * Add User

    */

    function add_User( $entry )

    {

        $this_entry = array();

        // Define user DN

        $dn = 'uid=' . $entry['email'] . ',' . $this->ldap_basedn;

        // Remove user if exists

        if ( $this->is_uid_present( $entry['uname'] ) === true )

        {

            $this->delete_User( $entry );

        }

        // Prepare userPassword and other attributes for insertion in LDAP directory.

        $this_entry['objectclass']  = 'inetOrgPerson';

        $this_entry['cn']           = $entry['name'];

        $this_entry['mail']         = $entry['email'];

        $this_entry['userpassword'] = $this->prepare_userpassword($entry['pass']);

        $this_entry['sn']           = preg_replace('/^([a-zA-Z0-9_]+ ?)/','', $this_entry['cn']);

        $this_entry['uid'][0]       = $this_entry['mail'];

        $this_entry['uid'][1]       = $entry['uname'];

        $this_entry['displayname']  = $entry['uname'];

        $this_entry['employeetype'] = 'writer';

        $this_entry['preferredlanguage'] = 'en';

        if ( $this->do_bind() && ldap_add( $this->ldap_conn, $dn, $this_entry ))

        {

            return true; 

        } 

        else

        {

            return false;

        }

    }

   /*** 

    * Delete User 

    */

    function delete_User( $entry )

    {

        // Define user DN

        $dn = 'uid=' . $entry['email'] . ',' . $this->ldap_basedn;

        if ( $this->do_bind() && ldap_delete( $this->ldap_conn, $dn ) ) 

        {

            return true;

        }

        else

        {

            return false;

        }

    }

   /*** 

    * Update LDAP userPassword only.

    */

    function update_userPassword( $dn, $userPassword )

    {

        $entry = array('userpassword' => $userPassword ); 

        if ( $this->do_bind() && ldap_modify( $this->ldap_conn, $dn, $entry) ) 

        {

            return true; 

        }

        else

        {

            return false; 

        }

    }

   /*** 

    * Get LDAP user list 

    * ----------------------------------------------------

    * 1. Show a form with a list of all users inserted from xoops.users table.

    * 2.  Generate random passwords for each user and codify them into

    * userPassword format. 

    * 3. Real passwords are not displayed.

    */

    function get_userList()

    {

        global $newbb_to_phpbb;

        global $mail;

        // Get users from LDAP server

        $filter = 'objectclass=inetorgperson';

        $result = ldap_search( $this->ldap_conn, $this->ldap_basedn, $filter);

        $users = ldap_get_entries( $this->ldap_conn, $result );

        $htmlblock = array('
'.$users['count'].' password(s) reset under: '.$this->ldap_basedn.'
',

                           '',

                           '',

                           'DN',

                           'CN',

                           'NewPass',

                           'userPassword',

                           'Password Updated',

                           'Email Notification',

                           '');

        for ($i = 0; $i < $users['count']; $i++)

        {

            // Reset userPassword value in a random manner

            $newPassword = $newbb_to_phpbb->get_randomPass();

            $userPassword = $this->prepare_userpassword($newPassword);

            array_push($htmlblock, '',

                                   '' . $users[$i]['dn'] . '',

                                   '' . $users[$i]['cn'][0] . '',

                                   '' . $newPassword . '',

                                   '' . $userPassword . '');

            // Update LDAP userPassword field

            if ( $this->update_userPassword( $users[$i]['dn'], $userPassword ) === true )

            {

                array_push($htmlblock,'YES');

            }

            else

            {

                array_push($htmlblock,'NO');

            }

            // Send email notification

            $info = array('mailto'              => $users[$i]['mail'][0],

                          'cn'                  => $users[$i]['cn'][0],

                          'dn'                  => $users[$i]['dn'],

                          'uid1'                => $users[$i]['uid'][0],

                          'uid2'                => $users[$i]['uid'][1],

                          'sn'                  => $users[$i]['sn'][0],

                          'employeetype'        => $users[$i]['employeetype'][0],

                          'preferredlanguage'   => $users[$i]['preferredlanguage'][0],

                          'displayname'         => $users[$i]['displayname'][0],

                          'userpassword'        => $newPassword);

            if ( $mail->send( $info ) === true )

            {

                array_push($htmlblock,'SENT');

            }

            else

            {

                array_push($htmlblock,'NOT SENT');

            }

            array_push($htmlblock,'');

        }

        array_push($htmlblock,'');

        return $htmlblock;

    }

   /*** 

    * Class destruct

    */

    function __destruct()

    {

        if ( isset( $this->ldap_conn ) ) 

        {

            ldap_unbind( $this->ldap_conn );

        }

    }

}

$ldap = new LDAP;

?>