X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=index.php;h=17240acffdd52721e427600539cb6f852143d700;hb=e76806d154863dcaae69a8a509d7d5c8c4e4b40c;hp=8fdc91cb3752524e9ae4458c9c65d33beb09cd47;hpb=3d0fc02bdedf33a6746db23b34bce6a58d9b75bb;p=contagged

diff --git a/index.php b/index.php
index 8fdc91c..17240ac 100644
--- a/index.php
+++ b/index.php
@@ -25,7 +25,7 @@
   $list = '';
   if(count($result)==1 && $_REQUEST['search']){
     //only one result on a search -> display page
-    header("Location: entry.php?dn=".$result[0]['dn']);
+    header("Location: entry.php?dn=".rawurlencode($result[0]['dn']));
     exit;
   }elseif(count($result)){
     $keys = array_keys($result);
@@ -48,8 +48,9 @@
   $smarty->assign('org',$_REQUEST['org']);
   //display templates
   if(!empty($_REQUEST['export'])){
-    if ($conf['userlogreq'] == 1 && $user == ''){
-      header("HTTP/1.1 401 ACCESS DENIED");
+    if ($conf['userlogreq'] && $user == ''){
+      header("HTTP/1.1 401 Access Denied");
+      echo '<h1>Access Denied</h1>';
       exit();
     }
 
@@ -93,6 +94,7 @@
    */
   function _makeldapfilter(){
     global $FIELDS;
+    global $conf;
 
     //handle given filter
 
@@ -100,6 +102,7 @@
     if (empty($_REQUEST['search'])) { $_REQUEST['search']=''; }
     if (empty($_REQUEST['org'])) { $_REQUEST['org']=''; }
     if (empty($_REQUEST['marker'])) { $_REQUEST['marker']=''; }
+    if(is_numeric($_REQUEST['search'])) $number = $_REQUEST['search'];
     $filter = ldap_filterescape($_REQUEST['filter']);
     $search = ldap_filterescape($_REQUEST['search']);
     $org    = ldap_filterescape($_REQUEST['org']);
@@ -116,15 +119,39 @@
         $ldapfilter .= '('.$FIELDS['_marker'].'='.$m.')';
       }
       $ldapfilter .= ')';
+    }elseif($number){
+      // Search by telephone number
+      $filter = '';
+      // add wildcards between digits to compensate for any formatting
+      $length = strlen($number);
+      for($i=0; $i <$length; $i++){
+        $filter .= '*'.$number{$i};
+      }
+      $filter .= '*';
+      $ldapfilter = '(&'.
+                        '(objectClass=inetOrgPerson)'.
+                        '(|'.
+                            '(|'.
+                                '('.$FIELDS['phone'].'='.$filter.')'.
+                                '('.$FIELDS['homephone'].'='.$filter.')'.
+                            ')'.
+                            '('.$FIELDS['mobile'].'='.$filter.')'.
+                        ')'.
+                    ')';
     }elseif(!empty($search)){
       // Search name and organization
       $search = trim($search);
       $words=preg_split('/\s+/',$search);
       $filter='';
       foreach($words as $word){
-        $filter .= '(|(|('.$FIELDS['name'].'=*'.$word.'*)('.
-                   $FIELDS['givenname'].'=*'.$word.'*))('.
-                   $FIELDS['organization'].'=*'.$word.'*))';
+	$wordfilter='';
+        foreach($conf['searchfields'] as $field) {
+          $wordfilter .= '('.$field.'=*'.$word.'*)';
+	}
+        for($i=0; $i <count($conf['searchfields']); $i++){
+          $wordfilter = '(|'.$wordfilter.')';
+	}
+        $filter .= '(&'.$wordfilter.')';
       }
       $ldapfilter = "(&(objectClass=inetOrgPerson)$filter)";
     }elseif(!empty($org)){