lilik-users/user.php

<?
session_start();
$response=array();
if (isset($_POST['username'])) {
	$_SESSION['username']=$_POST['username'];
	$_SESSION['password']=$_POST['password'];
}

if (!isset($_SESSION['username'])) {
	$response['error']='Credenziali non valide';
	echo json_encode($response);
	exit;
}
if (isset($_GET['logout'])){
	session_destroy();
	$response['info']='Logout effettuato';
	$response['loggedin']=False;
	echo json_encode($response);
	exit;
}
include 'config.php';
include 'lilikuser.php';

$u=new LilikUser($_SESSION['username']);

if (!$u->get_bind_status()){
	$response['error']='Errore di connessione a ldap';
	echo json_encode($response);
	exit;
}

#bind ldap or exit
$loggedin=$u->check_password($_SESSION['password']);
$response['loggedin']=$loggedin;
if (!$loggedin){
	$response['error']='Credenziali non valide';
	echo json_encode($response);
	exit;
}

$admin=$u->is_admin();
$response['admin']=$admin;
$user=$_SESSION['username'];
if (isset($_GET['user']) and $_GET['user']!=$_SESSION['username']){
	if ($admin){
		$user=$_GET['user'];
	}else{
		$response['error']='Permessi non sufficienti per visualizzare l\'utente';
		echo json_encode($response);
		exit;
	}
}

if (isset($_POST['new_user'])){
	if($admin){
		$u3=new LilikUser($user);
		$u3->create($_POST['new_name'],$_POST['new_surname'],$_POST['new_passwd']);
		$response['success']='Utente creato <a href="/users/'.$user.'/">vai alla pagina</a>';
		echo json_encode($response);
		exit;
	}else{
		$response['error']='Permessi non sufficienti per creare l\'utente';
	}
}

$u2=new LilikUser($user);
if (!$u2->exist()){
	$response['error']='Utente inesistente';
	$response['exist']=false;
	echo json_encode($response);
	exit;
}
$response['avaible_services']=$u2->get_services();

if (isset($_POST['new_password'])) {
	if(!$admin and !$u2->check_password($_POST['old_password'])){
		$response['error']='Password errata';
	}else{
		if ($_POST['new_password']==$_POST['new_password2'] and $_POST['new_password']!=''){
			$u2->set_attr('userPassword', $_POST['new_password']);
			$response['edit']=True;
			if ($user==$_SESSION['username']){
				$_SESSION['password']=$_POST['new_password'];
			}
		}else{
			$response['error']='La password non coincide';
		}
	}
}

if (isset($_POST['services'])) {
	if($admin){
		$response['edit']=True;
		$actual=$u2->get_enabled_services();
		$to_disable=array_diff($actual, $_POST['services']);
		$to_enable=array_diff($_POST['services'], $actual);
		foreach (["enable"=>$to_enable, "disable"=>$to_disable] as $function=>$services){
			foreach ($services as $service){
				try {
					$u2->$function($service);
				} catch (Exception $e) {
					if ($e->getMessage()=="Service not found"){
						$response['error']="Servizio sconosciuto: $service";
					}else{
						throw $e;
					}
				}
			}
		}
	}else{
		$response['error']='Permessi non sufficienti';
	}
}


if (isset($_POST['cn'])) {
	if($admin){
		$response['edit']=True;
		if ($u2->get_attr('cn')!=$_POST['cn']){
			$u2->set_attr('cn', $_POST['cn']);
			
		}
	}else{
		$response['error']='Permessi non sufficienti';
	}
}

if ($response['edit']==True and !isset($response['error'])){
	$response['success']='Salvataggio effettuato';
}

$response['services']=$u2->get_enabled_services();
$response['username']=$user;
$response['cn']=$u2->get_attr('cn');

echo json_encode($response);

?>