You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

138 lines
3.3 KiB

12 years ago
12 years ago
  1. <?
  2. session_start();
  3. $response=array();
  4. if (isset($_POST['username'])) {
  5. $_SESSION['username']=$_POST['username'];
  6. $_SESSION['password']=$_POST['password'];
  7. }
  8. if (!isset($_SESSION['username'])) {
  9. $response['error']='Credenziali non valide';
  10. echo json_encode($response);
  11. exit;
  12. }
  13. if (isset($_GET['logout'])){
  14. session_destroy();
  15. $response['info']='Logout effettuato';
  16. $response['loggedin']=False;
  17. echo json_encode($response);
  18. exit;
  19. }
  20. include 'config.php';
  21. include 'lilikuser.php';
  22. $u=new LilikUser($_SESSION['username']);
  23. if (!$u->get_bind_status()){
  24. $response['error']='Errore di connessione a ldap';
  25. echo json_encode($response);
  26. exit;
  27. }
  28. #bind ldap or exit
  29. $loggedin=$u->check_password($_SESSION['password']);
  30. $response['loggedin']=$loggedin;
  31. if (!$loggedin){
  32. $response['error']='Credenziali non valide';
  33. echo json_encode($response);
  34. exit;
  35. }
  36. $admin=$u->is_admin();
  37. $response['admin']=$admin;
  38. $user=$_SESSION['username'];
  39. if (isset($_GET['user']) and $_GET['user']!=$_SESSION['username']){
  40. if ($admin){
  41. $user=$_GET['user'];
  42. }else{
  43. $response['error']='Permessi non sufficienti per visualizzare l\'utente';
  44. echo json_encode($response);
  45. exit;
  46. }
  47. }
  48. if (isset($_POST['new_user'])){
  49. if($admin){
  50. $u3=new LilikUser($user);
  51. $u3->create($_POST['new_name'],$_POST['new_surname'],$_POST['new_passwd']);
  52. $response['success']='Utente creato <a href="/users/'.$user.'/">vai alla pagina</a>';
  53. echo json_encode($response);
  54. exit;
  55. }else{
  56. $response['error']='Permessi non sufficienti per creare l\'utente';
  57. }
  58. }
  59. $u2=new LilikUser($user);
  60. if (!$u2->exist()){
  61. $response['error']='Utente inesistente';
  62. $response['exist']=false;
  63. echo json_encode($response);
  64. exit;
  65. }
  66. $response['avaible_services']=$u2->get_services();
  67. if (isset($_POST['new_password'])) {
  68. if(!$admin and !$u2->check_password($_POST['old_password'])){
  69. $response['error']='Password errata';
  70. }else{
  71. if ($_POST['new_password']==$_POST['new_password2'] and $_POST['new_password']!=''){
  72. $u2->set_attr('userPassword', $_POST['new_password']);
  73. $response['edit']=True;
  74. if ($user==$_SESSION['username']){
  75. $_SESSION['password']=$_POST['new_password'];
  76. }
  77. }else{
  78. $response['error']='La password non coincide';
  79. }
  80. }
  81. }
  82. if (isset($_POST['services'])) {
  83. if($admin){
  84. $response['edit']=True;
  85. $actual=$u2->get_enabled_services();
  86. $to_disable=array_diff($actual, $_POST['services']);
  87. $to_enable=array_diff($_POST['services'], $actual);
  88. foreach (["enable"=>$to_enable, "disable"=>$to_disable] as $function=>$services){
  89. foreach ($services as $service){
  90. try {
  91. $u2->$function($service);
  92. } catch (Exception $e) {
  93. if ($e->getMessage()=="Service not found"){
  94. $response['error']="Servizio sconosciuto: $service";
  95. }else{
  96. throw $e;
  97. }
  98. }
  99. }
  100. }
  101. }else{
  102. $response['error']='Permessi non sufficienti';
  103. }
  104. }
  105. if (isset($_POST['cn'])) {
  106. if($admin){
  107. $response['edit']=True;
  108. if ($u2->get_attr('cn')!=$_POST['cn']){
  109. $u2->set_attr('cn', $_POST['cn']);
  110. }
  111. }else{
  112. $response['error']='Permessi non sufficienti';
  113. }
  114. }
  115. if ($response['edit']==True and !isset($response['error'])){
  116. $response['success']='Salvataggio effettuato';
  117. }
  118. $response['services']=$u2->get_enabled_services();
  119. $response['username']=$user;
  120. $response['cn']=$u2->get_attr('cn');
  121. echo json_encode($response);
  122. ?>