From d58523a04850fb872d477af40303f726b5c4fad2 Mon Sep 17 00:00:00 2001
From: Geuten Edouard <thegrima@altern.org>
Date: Mon, 11 Sep 2006 12:43:27 +0200
Subject: [PATCH] login requirement and LDAP v3 support

This patch implements two new features:

required user login - this can be configured trough a new option
$conf['userlogreq']

darcs-hash:20060911104327-93f98-a5cfd56def8350e5758b263aa8fe6a2a404fe546.gz
---
 config.php         | 14 ++++++++++----
 functions.php      | 12 +++++++-----
 index.php          | 12 +++++++++---
 templates/list.tpl | 16 ++++++++++++----
 4 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/config.php b/config.php
index 84cd10d..349a116 100644
--- a/config.php
+++ b/config.php
@@ -9,6 +9,9 @@
   // Which LDAP Port Server to use? (389 is standard, 636 for ssl)
   $conf['ldapport']    = 389;
 
+  // Use LDAP protocol version 3? (0|1)
+  $conf['ldapv3'] = 1;
+
   // What is the root dn on this Server?
   $conf['ldaprootdn']  = 'o=cosmocode, c=de';
 
@@ -31,17 +34,20 @@
   // Where to store private contacts (relative to $conf['usertree'])
   $conf['privatebook'] = 'ou=contacts';
 
+  // Should the public address book be viewable by logged in users only? (0|1)
+  $conf['userlogreq']  = 0;
+
   // Should the additional schema ldapab.schema be used? (0|1)
   // Note: openxchange and extended are currently exclusive, do not use both at the same time!
   $conf['extended']    = 1;
-  
+
   // Should we use some parts of the openxchange.schema? (0|1)
   // Note: openxchange and extended are currently exclusive, do not use both at the same time!
   $conf['openxchange'] = 0;
- 
+
   // Should we try to login using the username and password provided by httpd? (0|1)
   $conf['httpd_auth']  = 0;
- 
+
   // Dateformat for birthdays when using extended schema
   // see http://www.php.net/manual/en/function.strftime.php
   #$conf['dateformat']  = '%Y/%m/%d';
@@ -50,4 +56,4 @@
   // Force recompilation of smarty templates?
   $conf['smartycompile'] = 0;
 
-?>
+
diff --git a/functions.php b/functions.php
index 5250b84..3f68561 100644
--- a/functions.php
+++ b/functions.php
@@ -23,8 +23,8 @@ function ldap_login(){
     }
   } elseif ($conf['httpd_auth'] && !empty($_SERVER['PHP_AUTH_USER'])) {
     // use HTTP auth if wanted and possible
-  	$_SESSION['ldapab']['username'] = $_SERVER['PHP_AUTH_USER'];
-  	$_SESSION['ldapab']['password'] = $_SERVER['PHP_AUTH_PW'];
+    $_SESSION['ldapab']['username'] = $_SERVER['PHP_AUTH_USER'];
+    $_SESSION['ldapab']['password'] = $_SERVER['PHP_AUTH_PW'];
   } elseif ($_COOKIE['ldapabauth']) {
     // check persistent cookie
     $cookie = base64_decode($_COOKIE['ldapabauth']);
@@ -48,7 +48,7 @@ function ldap_login(){
 function do_ldap_bind($user,$pass,$dn=""){
   global $conf;
   global $LDAP_CON;
-  
+
   //create global connection to LDAP if necessary
   if(!$LDAP_CON){
     if (!empty($conf['ldapurl'])){
@@ -61,13 +61,15 @@ function do_ldap_bind($user,$pass,$dn=""){
     }
   }
 
+  if($conf['ldapv3']) ldap_set_option($LDAP_CON, LDAP_OPT_PROTOCOL_VERSION, 3);
+
   if(empty($dn)){
     //anonymous bind to lookup users
     //blank binddn or blank bindpw will result in anonymous bind
     if(!ldap_bind($LDAP_CON,$conf['anonbinddn'],$conf['anonbindpw'])){
       die("can not bind for user lookup");
     }
-  
+
     //when no user was given stay connected anonymous
     if(empty($user)){
       set_session('','','');
@@ -343,7 +345,7 @@ function get_users(){
       }
     }
   }
-  return $users; 
+  return $users;
 }
 
 /**
diff --git a/index.php b/index.php
index 128bd3d..8649ec6 100644
--- a/index.php
+++ b/index.php
@@ -51,9 +51,15 @@
   $smarty->assign('search',$_REQUEST['search']);
   //display templates
   if($_REQUEST['export'] == 'csv'){
-    header("Content-Type: text/csv");
-    header('Content-Disposition: Attachement; filename="ldapabexport.csv"');
-    $smarty->display('export_list_csv.tpl');
+    if ($conf['userlogreq'] == 1 && $user == '')
+    {
+      header("HTTP/1.1 401 ACCESS DENIED");
+      exit();
+    } else {
+      header("Content-Type: text/csv");
+      header('Content-Disposition: Attachement; filename="ldapabexport.csv"');
+      $smarty->display('export_list_csv.tpl');
+    }
   }else{
     //save location in session
     $_SESSION['ldapab']['lastlocation']=$_SERVER["REQUEST_URI"];
diff --git a/templates/list.tpl b/templates/list.tpl
index 9c3b02e..99acd01 100644
--- a/templates/list.tpl
+++ b/templates/list.tpl
@@ -1,15 +1,23 @@
 {include file="header.tpl"}
 
 <table cellspacing="0" cellpadding="0" width="100%" align="center">
-  {if $list == ''}
+  {if $conf.userlogreq == 1 && $user == ''}
     <tr>
       <td align="center">
-        {$lang.err_noentries}
+      {* include un truc *} {$lang.msg_login}
       </td>
     </tr>
   {else}
-    {* $list is a concatenation of multiple list_entry.tpl *}
-    {$list}
+    {if $list == ''}
+      <tr>
+        <td align="center">
+          {$lang.err_noentries}
+        </td>
+      </tr>
+    {else}
+      {* $list is a concatenation of multiple list_entry.tpl *}
+      {$list}
+    {/if}
   {/if}
 </table>
 
-- 
2.39.2