Caravel CMS PHP Cross Reference Content Management Systems

Source: /core/Security.php - 2235 lines - 81067 bytes - Summary - Text - Print

   1  <?php
   2  /***************************************************************************
   3   *
   4   * Security.php - Mennonite.net Security class
   5   *
   6   ***************************************************************************
   7   *
   8   * provides methods for setting and retrieving security privileges
   9   *
  10   ***************************************************************************
  11   * $Id: Security.php,v 1.42 2007/10/26 18:56:04 reuvenmh Exp $
  12   ***************************************************************************/
  13  require_once (T_CODE_BASE .'LDAP/mnLDAP.php'); 
  14  
  15  /**
  16  * Security class - API to handle security 
  17  *
  18  * @author   Reuven Hodges <reuvenmh@goshen.edu>
  19  */
  20  class Security
  21      {
  22  
  23      /**
  24      * This function adds a privilege to a group
  25      *
  26      * It takes a group dn and an object dn as parameters, then based on the privilege values
  27      * that are in the block, page, site, and caravel arrays generates a string code that records these
  28      * privileges. The block, page, site, and caravel arrays are generated from getOptions().
  29      *
  30      * @param    string  dn of the object that this permission will pertain to
  31      * @param    string  dn of the group
  32      * @param    object  ldap connection  
  33      * @param    array   (optional) specifies the block privileges of the object 
  34      * @param    array   (optional) specifies the page privileges of the object
  35      * @param    array   (optional) specifies the site privileges of the object
  36      * @param    array   (optional) specifies the caravel privileges of the object
  37      *
  38      * @return   mixed   true on success, mnError on failure
  39      * @access   public
  40      */
  41      function setLdapPrivileges($objectdn, $groupdn, &$ldap, $block = array(), $page = array(), $site = array(), $caravel = array()) 
  42        {
  43        $security    = Security::getOptions('all');
  44  
  45        // first need to find if the object exists in ldap
  46        $find_dn = "objectclass=*";
  47        $res = $ldap->search($find_dn, array('cvpriv'), $groupdn, LDAP_SCOPE_BASE);
  48  
  49        $atleastone = false;
  50        if($res['count'] > 0)
  51          {
  52          for($n = 0; $n < $res[0]['cvpriv']['count']; $n++)
  53            {
  54            if(!(strpos($res[0]['cvpriv'][$n], $objectdn.":") === false) && strpos($res[0]['cvpriv'][$n], $objectdn.":") == 0)
  55              {
  56              $priv_name['cvpriv'] = $res[0]['cvpriv'][$n];
  57              $atleastone = true;
  58              }
  59            }        
  60          }
  61  
  62        if(!$atleastone)
  63          $priv_name = array();
  64        
  65        // delete the old entry
  66        if($priv_name['cvpriv'] != "")
  67          {
  68          $ldap->delete_attributes($groupdn, $priv_name);
  69          }
  70          
  71        $exp = explode(":", $priv_name['cvpriv']);
  72  
  73        $objectdn .= ":";
  74        $match = $objectdn;
  75        
  76        $temp = array();      
  77        foreach($block as $key => $value)
  78          {
  79          $temp[$security['block'][$key]['position']] = $value;        
  80          }
  81        ksort($temp);  
  82        $val = implode("", $temp).":";
  83        if($val != ":")
  84          $objectdn .= $val; 
  85        else
  86          $objectdn .=  $exp[1].":"; 
  87        $temp = array();
  88        
  89        foreach($page as $key => $value)
  90          {
  91          $temp[$security['page'][$key]['position']] = $value;        
  92          }
  93        ksort($temp);  
  94        $val = implode("", $temp).":";
  95        if($val != ":")
  96          $objectdn .= eregi_replace("i", "", $val);
  97        else
  98          $objectdn .=  $exp[2].":";
  99        $temp = array();
 100        
 101        foreach($site as $key => $value)
 102          {
 103          $temp[$security['site'][$key]['position']] = $value;        
 104          }
 105        ksort($temp);  
 106        $val = implode("", $temp).":";
 107        if($val != ":")
 108          $objectdn .= eregi_replace("i", "", $val);
 109        else
 110          $objectdn .=  $exp[3].":";
 111        $temp = array();
 112        
 113        foreach($caravel as $key => $value)
 114          {
 115          $temp[$security['caravel'][$key]['position']] = $value;        
 116          }
 117        ksort($temp);  
 118        $val = implode("", $temp).":";
 119        if($val != ":")
 120          $objectdn .= $val;
 121        else
 122          $objectdn .=  $exp[4].":";
 123        $temp = array();
 124  
 125        //echo $objectdn;
 126        // add the constructed string to ldap
 127        $priv_name2['cvpriv'] = $objectdn; 
 128        $res=$ldap->add_attributes($groupdn, $priv_name2);
 129  
 130        return true;  
 131        }
 132        
 133      /**
 134      * This function returns an array showing what privileges a group has
 135      *
 136      * It takes a group dn, then returns a hashed array with the object dns as 
 137      * the keys. The values will be similar to what getOptions returns.
 138      *
 139      * @param    string  dn of the group thats privileges will be returned
 140      * @param    object  ldap connection
 141      *
 142      * @return   array   hashed array of privileges
 143      * @access   public
 144      */  
 145      function getGroupLdapPrivilege($groupdn, &$ldap)
 146        {
 147        $opts    = Security::getOptions('all');
 148                                                                                         
 149        $find_dn = "(objectClass=cvGroup)";
 150        $res = $ldap->search($find_dn, array('cvpriv'), $groupdn, LDAP_SCOPE_BASE);
 151        if (mnError::isError($res))
 152            return array();
 153        $all_privs = array();
 154        for($i=0;$i < $res[0]['cvpriv']['count']; $i++)
 155           {
 156           $container = explode(":", $res[0]['cvpriv'][$i]);
 157           
 158           $block = array();
 159           foreach($opts['block'] as $key => $value)
 160             {
 161             $block[$key] = substr($container[1], $value['position'], 1);
 162             if($block[$key] == "i")
 163               $block[$key] = "";           
 164               
 165             if($block[$key] === false)
 166               $block[$key] = "";  
 167             }
 168             
 169           $page = array();
 170           foreach($opts['page'] as $key => $value)
 171             {
 172             $page[$key] = substr($container[2], $value['position'], 1);
 173             if($page[$key] === false)
 174               $page[$key] = "";
 175             }
 176             
 177           $site = array();
 178           foreach($opts['site'] as $key => $value)
 179             {
 180             $site[$key] = substr($container[3], $value['position'], 1);
 181             
 182             if($site[$key] === false)
 183               $site[$key] = "";
 184             }
 185             
 186           $caravel = array();
 187           foreach($opts['caravel'] as $key => $value)
 188             {
 189             $caravel[$key] = substr($container[4], $value['position'], 1);
 190             
 191             if($caravel[$key] === false)
 192               $caravel[$key] = "";
 193             }
 194             
 195           $all_privs[$container[0]] = array('block'    => $block,
 196                                             'page'     => $page,
 197                                             'site'     => $site,
 198                                             'caravel'  => $caravel);  
 199           }     
 200        return $all_privs;    
 201        }    
 202  
 203  
 204      function orderLowest($arr)
 205        {
 206        foreach($arr as $key => $value)
 207          {
 208          $num = substr_count($key, ",");
 209          $arr_tmp[$num][$key] = $value;
 210          }
 211  
 212        krsort($arr_tmp);
 213  
 214        foreach($arr_tmp as $order => $value)
 215          {
 216          foreach($value as $key => $v)
 217            {
 218            $final_arr[$key] = $v; 
 219            }
 220          }
 221  
 222        return $final_arr;
 223        }
 224  
 225  
 226      /**
 227      * This function returns an array showing what privileges a user has
 228      *
 229      * It takes a username, then returns finds all the groups that this person is a
 230      * member of and get their overall privileges. It returns a hashed array with
 231      * the object dns as the keys. The values will be similar to what getOptions returns.
 232      *
 233      * @param    string  username of the user whose privileges will be returned
 234      *
 235      * @return   array   hashed array of privileges
 236      * @access   public
 237      */ 
 238      function getUserPrivilege($username, &$ldap, $mode="default")
 239        {
 240        $security = Security::getOptions('all');
 241        
 242        if($mode != "inherit")
 243        {
 244        if(T_EXTERNAL_AUTH)
 245          $user = T_LDAP_AUTH_USER_ATTR."=".$username.",".T_LDAP_AUTH_USER_BASE;
 246        else
 247          $user = T_LDAP_USER_ATTR."=".$username.",".T_LDAP_USER_BASE;
 248                   
 249        if($username)
 250          {
 251          $user_dn = $user;
 252          $res = Security::getUserSiteGroups($user_dn, T_LDAP_BASE, $ldap, "no_profile");
 253          }
 254        else
 255          {
 256          $res = Security::getUserSiteGroups("", T_LDAP_BASE, $ldap, "no_profile");
 257          $mode = "no_profile";  
 258          }
 259  
 260        $init = 1;
 261        // loop through each group      
 262        foreach($res as $groupdn => $groupname)
 263          {
 264  
 265          if($init)
 266            {
 267            $overall_priv = Security::getGroupLdapPrivilege($groupdn, $ldap);
 268            $init = 0;
 269            continue;
 270            }
 271  
 272          $tmp_priv = Security::getGroupLdapPrivilege($groupdn, $ldap);
 273  
 274          // order from lowest to highest (if this is not done the new privileges overwrite each other)
 275          $tmp_priv = Security::orderLowest($tmp_priv);
 276  
 277          //echo "<br>".$groupdn."<br>";        
 278  
 279          foreach($tmp_priv as $key => $value)
 280            {
 281            //echo "<br>Temp Key: ".$key."<br>";
 282            
 283            $types = array('block', 'page', 'site', 'caravel');
 284            
 285            foreach($types as $type)
 286            {
 287            $options = Security::getOptions($type);
 288            foreach($options as $b_key => $b_value)
 289              {
 290              // if this entry is blank then we are done
 291              if($tmp_priv[$key][$type][$b_key] != "")
 292                {  
 293                // first find out whether this can be a permanent entry or just temporary entry
 294                $num = substr_count($key, ",");
 295                $tmp_key = $key;
 296                $parent_priv = "";
 297                for($k=0; $k < $num; $k++)
 298                  {
 299                  if(@$overall_priv[$tmp_key][$type][$b_key] != "") 
 300                    $parent_priv = $overall_priv[$tmp_key][$type][$b_key];
 301                  else
 302                    $tmp_key = substr($tmp_key, strpos($tmp_key, ",") + 1);
 303                  }
 304  
 305                if($parent_priv == "")
 306                  $parent_priv = -1;
 307  
 308                // if the parent privilege is less then we must set this afterward
 309                if($parent_priv <= $tmp_priv[$key][$type][$b_key])
 310                  {
 311                  $set = true;
 312                  //echo "set";
 313                  }
 314                else
 315                  {
 316                  $set = false;
 317                  $parent_value = $parent_priv;
 318                  }
 319  
 320                // now deal with children
 321                // the best way to do this is to loop though all the current privs
 322                foreach($overall_priv as $overall_key => $overall_value)
 323                  {
 324                  //echo "Overall Key: ".$overall_key."<br>";
 325                  if((strstr($overall_key, $key) !== false) && $overall_key != $key && $overall_priv[$overall_key][$type][$b_key] != "")
 326                    {
 327                    //echo "child<br>";
 328                    // we now know that this is a child of the temp privilege
 329                    // we need to move up the tree and make sure that no other
 330                    // of the current groups privileges are in between this one and
 331                    // the temp privilege
 332                    $num = substr_count($overall_key, ",");
 333                    $tmp_overall_key = $overall_key;
 334                    $clear = 1;
 335                    for($k=0; $k < $num; $k++)
 336                      {
 337                      if($tmp_priv[$tmp_overall_key][$type][$b_key] != "")
 338                        {
 339                        if($tmp_overall_key != $key)
 340                          {
 341                          $clear = 0;
 342                          //echo "Group in between<br>";
 343                          }
 344                        }
 345                      else
 346                       $tmp_overall_key = substr($tmp_overall_key, strpos($tmp_overall_key, ",") + 1);
 347                      }
 348  
 349                    // if there were no other groups in between then change the privilege
 350                    if($clear)
 351                      {
 352                      //echo "No Groups Between<br>";
 353                      if($tmp_priv[$key][$type][$b_key] > $overall_priv[$overall_key][$type][$b_key])
 354                        {
 355                        $overall_priv[$overall_key][$type][$b_key] = $tmp_priv[$key][$type][$b_key];
 356                        //echo "Privilege $overall_key set by $key<br>";
 357                        }
 358                      }
 359                    }
 360                  } 
 361                // now we need to set this if it is not temporary
 362                if($set)
 363                  {
 364                  $overall_priv[$key][$type][$b_key] = $tmp_priv[$key][$type][$b_key];
 365                  //echo "Temp Privilege $key set by $key<br>";
 366                  }
 367                else
 368                  {
 369                  $overall_priv[$key][$type][$b_key] = $parent_value;
 370                  }
 371                  
 372                }
 373              }
 374            }
 375            }
 376          }
 377          
 378          if($mode != "no_profile")
 379            {
 380            $profile_group_dn = "cn=cvProfileGroup." . $username . ",ou=cvgroups," . T_LDAP_BASE;
 381            
 382            $res = Security::getGroupLdapPrivilege($profile_group_dn, $ldap);
 383            foreach($res as $dn => $val)
 384              {
 385              $types = array('block', 'page', 'site', 'caravel');
 386              foreach($types as $type)
 387                {
 388                $options = Security::getOptions($type);
 389                $add = true;
 390                foreach($options as $op_key => $op_val)
 391                  {
 392                  if($res[$dn][$type][$op_key] == "")
 393                    {
 394                    $add = false;
 395                    //echo $op_key."<br>";
 396                    }
 397                  }
 398                  
 399                if($add)  
 400                  $overall_priv[$dn][$type] = $res[$dn][$type];              
 401                }
 402              }
 403            }
 404        }
 405        return @$overall_priv;    
 406        }   
 407  
 408      /**
 409      * Returns a flat array of the privileges the current user has to a specific object, based on the privileges loaded in the Auth object
 410      *
 411      * @param    string    object dn
 412      * @return    array    the privileges effective on the object
 413      * @access    public
 414      **/ 
 415      function getObjectPrivilege($dn, $user_privs = null)
 416          {
 417          if (!isset($user_privs))
 418              $user_privs =& $_SESSION['auth']->user_perms; 
 419  
 420          // create the array of DNs to check against in $_SESSION['auth']->user_perms
 421          $tmpDN = $dn;
 422          $dn_levels = array();
 423          while ($tmpDN)
 424              {
 425              if (isset($user_privs[$tmpDN]))
 426                  $dn_levels[] = $tmpDN;
 427              $tmpDN = DN::dnToBase($tmpDN);
 428              }
 429          // if we didn't find any applicable groups (shouldn't happen), just return
 430          if (!count($dn_levels))
 431              return array();
 432          
 433          // make a list of the types of privileges we're interested in for this object
 434          $type = DN::dnToType($dn);
 435          switch ($type)
 436              {
 437              case 'mnTB':    $priv_scopes = array('block', 'page', 'site');    break;
 438              case 'mnTS':    $priv_scopes = array('block', 'page', 'site');    break;
 439              case 'mnT':        $priv_scopes = array('site');                    break;
 440              default:        return array();
 441              }
 442  
 443          // build the list of privileges for this object:
 444          // This takes each of the privilege sets from above, gets the actual privilege names using Security::getOptions,
 445          // and then for each of those it walks up $dn_levels until it finds an actual setting (rather than an inherited one)
 446          $priv_settings = Security::getOptions('all');
 447          $privs = array();
 448          foreach ($priv_scopes as $scope)
 449              {
 450              foreach ($priv_settings[$scope] as $option => $info)
 451                  {
 452                  foreach ($dn_levels as $dn_level)
 453                      {
 454                      if ($user_privs[$dn_level][$scope][$option] == '')
 455                          // this priv is set to inherit...continue up the dn list
 456                          continue;
 457                      else
 458                          {
 459                          $privs[$option] = $user_privs[$dn_level][$scope][$option];
 460                          break;
 461                          }
 462                          
 463                      // catchall, if none of the dn's had a setting for this privilege (shouldn't happen)
 464                      // ... default to deny (0)
 465                      $privs[$option] = 0;
 466                      }
 467                  }
 468              }
 469          
 470          // if this is a block or a section, rename the 'rights' priv setting to make it a little more usable
 471          if ($type == 'mnTB')
 472              {
 473              $privs['allow'] = ($privs['rights'] >= 1);
 474              $privs['config'] = ($privs['rights'] == 2);
 475              unset ($privs['rights']);
 476              }
 477              
 478          return $privs;
 479          }
 480          
 481      /**
 482      * Tests the current user's privilege on a specific object
 483      *
 484      * Note: This is intended for testing privileges on objects that, for one reason or another, won't actually be loaded.
 485      * For instance, we use it in Navigator to test a page's 'visible' flag to see whether we should display a tab.
 486      * If you want to test privilege on a *loaded* app or page, use $this->can($priv) on that object rather than Security::can($dn, $priv).
 487      *
 488      * @param    string    object dn
 489      * @param    string    privilege to test
 490      * @return    boolean    true if allowed, false if not
 491      * @access    public
 492      **/
 493      function can($dn, $priv, $user_privs = null)
 494          {
 495          if (is_array($GLOBALS['CV_SUBSCRIBING']) && DN::dnToOrg($dn) == DN::dnToOrg($GLOBALS['CV_SUBSCRIPTION']))
 496              $user_privs =& $GLOBALS['CV_SUBSCRIBING'];
 497          
 498          $privs = Security::getObjectPrivilege($dn, $user_privs);  
 499  
 500          if (defined('T_PREVIEW') and T_PREVIEW == 1)
 501            {
 502            if($priv == "allow" || $priv == "visible")
 503              return @$privs[$priv];
 504            else
 505              return false;
 506            }
 507          if (@$GLOBALS['CV_PUBLISHING'])
 508            {
 509            if($priv == "allow" || $priv == "visible")
 510              return @$privs[$priv];
 511            else
 512              return false;
 513            }
 514          return (T_SUPERUSER or @$privs[$priv]);
 515          }
 516  
 517      /**
 518      * This function hides or shows a page for the public group
 519      *
 520      * It takes a the page dn as a parameter and a parameter that is the mode, hide or show
 521      *
 522      * @param    string  page dn
 523      * @param    string  object dn
 524      * @param    object  ldap connection
 525      *
 526      * @return   number  success or failure
 527      * @access   public
 528      */
 529      function showHidePublicPage($page_dn, &$ldap, $mode)
 530        {
 531        $public_priv = Security::getGroupLdapPrivilege("cn=public,ou=cvgroups,".T_ORG_DN, $ldap);
 532        $inherited_public_priv = Security::getSingleTypePrivilege($public_priv, $page_dn, 'page');
 533        
 534        $opt = Security::getOptions('page');
 535        foreach($opt as $key => $value)
 536          {
 537          if($key != "visible")
 538            {
 539            if(@is_array($public_priv[$page_dn]['page']))
 540              $page_sec[$key] = $public_priv[$page_dn]['page'][$key];
 541            else
 542              $page_sec[$key] = $inherited_public_priv[$key];
 543            }
 544          else
 545            {
 546            if($mode == "hide")
 547              $page_sec[$key] = 0;
 548            else if($mode == "show")
 549              $page_sec[$key] = 1;
 550            }
 551  
 552          if($page_sec[$key] == "")
 553            $page_sec[$key] = 0;
 554          }
 555  
 556        $parent = substr($page_dn, strpos($page_dn, ",") + 1);
 557        $parent_priv = Security::getSingleTypePrivilege($public_priv, $parent, 'page');
 558        
 559        //jasonay 1-11-06
 560        //fixes a warning that causes pages not to load correctly when first creating a page
 561        if ( $parent_priv == null  )
 562        {
 563            $parent_priv = array();
 564        }
 565          
 566        // if the new permissions and the permission it is inheriting from is the same then we can remove the lower
 567        if(array_diff_assoc($page_sec, $parent_priv) == array() &&
 568           Security::getSingleBlockPrivilege($public_priv, $page_dn) == Security::getSingleBlockPrivilege($public_priv, $parent))
 569           $remove = true;
 570  
 571        if($remove)
 572          {
 573          $res = $ldap->search('(objectclass=cvgroup)', array('cvpriv'), "cn=public,ou=cvgroups,".T_ORG_DN, 0);
 574          for($p = 0; $p < $res[0]['cvpriv']['count']; $p++)
 575            {
 576            if(strpos($res[0]['cvpriv'][$p], $page_dn) === 0)
 577              $ldap->delete_attributes("cn=public,ou=cvgroups,".T_ORG_DN, array('cvpriv' => $res[0]['cvpriv'][$p]));
 578            }
 579          }
 580        else 
 581          Security::setLdapPrivileges($page_dn, "cn=public,ou=cvgroups,".T_ORG_DN, $ldap, array(), $page_sec);  
 582        }
 583  
 584      /**
 585      * This function returns an number showing what privileges a single group has to a specific object
 586      *
 587      * It takes a privilege array that is returned by getGroupLdapPrivilege
 588      * then returns a number indicating what privileges the given object has
 589      *
 590      * @param    array   privileges array
 591      * @param    string  object dn
 592      * @param    object  ldap connection
 593      *
 594      * @return   number  the privilege level
 595      * @access   public
 596      */  
 597      function getSingleBlockPrivilege($privs, $objectdn)
 598        {
 599        $fin = 0;
 600        $priv_find = $objectdn;
 601        while($fin == 0)
 602          {
 603          if(@$privs[$priv_find]['block']['rights'] != "")
 604            {
 605            $the_priv = $privs[$priv_find]['block']['rights'];
 606            $fin = 1;
 607            }
 608          else
 609            {
 610            if(strpos($priv_find, ",") === false)
 611              $fin = 1;
 612            else
 613              $priv_find = substr($priv_find, strpos($priv_find, ",")+1);
 614            }
 615          }
 616        return $the_priv;
 617        }
 618   
 619      /**
 620      * This function returns an number showing what privileges a single group has to a specific object at the page level
 621      *
 622      * It takes a privilege array that is returned by getGroupLdapPrivilege
 623      * then returns a number indicating what privileges the given object has
 624      *
 625      * @param    array   privileges array
 626      * @param    string  object dn
 627      * @param    object  ldap connection
 628      *
 629      * @return   number  the privilege level
 630      * @access   public
 631      */  
 632      function getSingleTypePrivilege($privs, $objectdn, $type)
 633        {
 634        $options = Security::getOptions($type);
 635        
 636        foreach($options as $key => $value)
 637          {
 638          $fin = 0;
 639          $priv_find = $objectdn;
 640          while($fin == 0)
 641            {
 642            if(@$privs[$priv_find][$type][$key] != "")
 643              {
 644              $the_priv[$key] = $privs[$priv_find][$type][$key];
 645              $fin = 1;
 646              }
 647            else
 648              {
 649              if(strpos($priv_find, ",") === false)
 650                $fin = 1;
 651              else
 652                $priv_find = substr($priv_find, strpos($priv_find, ",")+1);
 653              }
 654            }
 655          }  
 656        return @$the_priv;
 657        }
 658   
 659     /**
 660      * This function modifies a sites groups privileges so that when a page is moved privileges remain the same
 661      *
 662      * It takes the old page name and the new site name.
 663      *
 664      * @param    object  ldap object
 665      * @param    string  the old page name
 666      * @param    string  the new page name
 667      * @param    string  the base dn
 668      *
 669      * @return   boolean   success or fail
 670      * @access   public
 671      */
 672   
 673     function pageRenameChange(&$ldap, $newName, $oldName, $base, $newbase="none")
 674        {
 675        if($newbase == "none")
 676          $newbase = $base;      
 677  
 678        $sitebase = Utility::getDcBase($base);
 679        $num = substr_count($sitebase, ",");
 680        for($k=0; $k < $num; $k++)
 681          {
 682          $groups = Security::getSiteGroups($sitebase, $ldap);
 683          if(is_array($groups))
 684            {
 685            // iterate through all the groups for this site
 686            foreach($groups as $key => $val)
 687              {
 688              $privs = Security::getGroupLdapPrivilege($key, $ldap);
 689              
 690              if(is_array($privs))
 691                {
 692                // if there are privs associated with this group then iterate through them and check for  
 693                $replace = false;
 694                foreach($privs as $pkey => $pval)
 695                  {
 696                  if(strpos($pkey, "mnTS=".$oldName.",".$base) !== false)
 697                    {
 698                    $replace = true;
 699                    }
 700                  }
 701                if($replace)
 702                  {
 703                  $res = $ldap->search("objectclass=*", array('cvpriv'), $key, 0);
 704  
 705                  for($i=0; $i < $res[0]['cvpriv']['count']; $i++)
 706                    {
 707                    // if this was one of the matches replace it
 708                    if(strpos($res[0]['cvpriv'][$i], "mnTS=".$oldName.",".$base) !== false)
 709                      $res[0]['cvpriv'][$i] = str_replace("mnTS=".$oldName.",".$base, "mnTS=".$newName.",".$newbase, $res[0]['cvpriv'][$i]);
 710                    $replace_attr['cvpriv'][] = $res[0]['cvpriv'][$i];
 711                    }
 712  
 713                  $ldap->replace($key, $replace_attr);
 714                  unset($replace_attr);
 715                  }
 716  
 717                }
 718              }
 719            }
 720          $sitebase = substr($sitebase, strpos($sitebase, ",") + 1);
 721          }
 722      
 723        return true;    
 724        } 
 725      
 726  
 727      /**
 728      * This function modifies a sites groups privileges so that when a page is deleted privileges are removed so we don't get junk in the cvgroups
 729      *
 730      * It takes the deleted pages' dn.
 731      *
 732      * @param    object  ldap object
 733      * @param    string  the deleted page dn
 734      *
 735      * @return   boolean   success or fail
 736      * @access   public
 737      */
 738   
 739     function pageDeleteChange(&$ldap, $pagedn)
 740        {
 741        $sitebase = Utility::getDcBase($pagedn);
 742        $num = substr_count($sitebase, ",");
 743        for($k=0; $k < $num; $k++)
 744          {
 745          $groups = Security::getSiteGroups($sitebase, $ldap);
 746          if(is_array($groups))
 747            {
 748            // iterate through all the groups for this site
 749            foreach($groups as $key => $val)
 750              {
 751              $privs = Security::getGroupLdapPrivilege($key, $ldap);
 752              
 753              if(is_array($privs))
 754                {
 755                // if there are privs associated with this group then iterate through them and check for  
 756                $delete = false;
 757                foreach($privs as $pkey => $pval)
 758                  {
 759                  if(strpos($pkey, $pagedn) !== false)
 760                    {
 761                    $delete = true;
 762                    }
 763                  }
 764                if($delete)
 765                  {
 766                  $res = $ldap->search("objectclass=*", array('cvpriv'), $key, 0);
 767  
 768                  for($i=0; $i < $res[0]['cvpriv']['count']; $i++)
 769                    {
 770                    // if this was one of the matches replace it
 771                    if(strpos($res[0]['cvpriv'][$i], $pagedn) === false)
 772                      $replace_attr['cvpriv'][] = $res[0]['cvpriv'][$i];
 773                    }
 774  
 775                  $ldap->replace($key, $replace_attr);
 776                  unset($replace_attr);
 777                  }
 778  
 779                }
 780              }
 781            }
 782          $sitebase = substr($sitebase, strpos($sitebase, ",") + 1);
 783          }
 784      
 785        return true;      
 786        } 
 787  
 788  
 789  
 790      /**
 791      * This function returns a boolean as to whether an account has been activated or deactivated through 'cvaccountstatus'
 792      * True is active, false is inactive. 6/8/06
 793      *
 794      * @param    string  user dn
 795      * @param    object  ldap connection
 796      *
 797      * @return   boolean   account status, true is active
 798      * @access   public
 799      */
 800      function userIsActive($user_dn, &$ldap)
 801        {
 802        $active = true;
 803        $res = $ldap->search('(objectclass=*)', array('cvaccountstatus'), $user_dn, LDAP_SCOPE_BASE);
 804        if (mnError::isError($res))
 805            $res = array();
 806        if ($res[0]['cvaccountstatus'][0] == 'inactive')
 807           $active = false;    
 808        return $active;        
 809        }    
 810  
 811       
 812      /**
 813      * This function returns a hashed array of all the groups that the given user is
 814      * associated with at the given site, as well as cvInclusionRule groups
 815      *
 816      * If you'd like to get *all* of the user's groups, pass T_LDAP_BASE as the $site_dn
 817      *
 818      * It takes the user dn, site dn and a ldap objects and uses these to find the associated groups 
 819      * The return is an array with the dns as the keys of the array pointing to the names
 820      *
 821      * @param    string  user dn
 822      * @param    string  site dn
 823      * @param    object  ldap connection
 824      * @param    string  options (if options is set to "no_profile" then no profile groups
 825                                   will be returned by this function)
 826      *
 827      * @return   array   array of groups
 828      * @access   public
 829      */
 830      function getUserSiteGroups($user_dn, $site_dn, &$ldap, $option="default")
 831        {
 832        $find_dn = "member=" . $user_dn;
 833        $find_dn = "(& (" . $find_dn . ") (objectClass=cvGroup))";
 834  
 835        $res = $ldap->search($find_dn, array('dn', 'cn'), $site_dn, LDAP_SCOPE_SUBTREE);
 836        if (mnError::isError($res))
 837            $res = array();
 838        $groups = array();
 839        for($i = 0; $i < $res['count']; $i++)
 840          {
 841          if($option == "no_profile")
 842            {
 843            if((strstr($res[$i]['dn'], "cvProfileGroup.") === false))
 844              $groups[$res[$i]['dn']] = $res[$i]['cn'][0];
 845            }
 846          else
 847            $groups[$res[$i]['dn']] = $res[$i]['cn'][0];  
 848          }
 849  
 850        return array_merge($groups, Security::getAltInclusionRuleGroups($user_dn, $groups));
 851        }    
 852        
 853     /**
 854      * This function checks whether a given user is a member of any of a number of given groups
 855      *
 856      * @param    string    user dn
 857      * @param    array    array of groups to check
 858      * @param    object    ldap connection
 859      *
 860      * @return    boolean    true if there was a match
 861      * @access    public
 862      */
 863      function isUserInGroups($userDN, $groups, &$ldap)
 864          {
 865          static $user_groups;
 866          if (!isset($user_groups))
 867              $user_groups = array();
 868              
 869          if (!isset($user_groups[$userDN]))
 870              {
 871              if (isset($GLOBALS['CV_TEMPLATE'])) {
 872                  $cv_template = $GLOBALS['CV_TEMPLATE'];
 873                  unset($GLOBALS['CV_TEMPLATE']);
 874              }
 875              $user_groups[$userDN] = Security::getUserSiteGroups($userDN, T_LDAP_BASE, $ldap);
 876              if (isset($cv_template))
 877                  $GLOBALS['CV_TEMPLATE'] = $cv_template;
 878              }
 879              
 880          $found = false;
 881          foreach((array)$groups as $testGroup)
 882              {
 883              if (isset($user_groups[$userDN][$testGroup]))
 884                  {
 885                  $found = true;
 886                  break;
 887                  }
 888              }
 889          return $found;
 890          }
 891     
 892     /**
 893      * This function returns a hashed array of all the groups that are associated with a particular site
 894      *
 895      * It takes the site dn and a ldap object and uses these to find the associated groups 
 896      * The return is an array with the dns as the keys of the array pointing to the names
 897      *
 898      * @param    string  site dn
 899      * @param    object  ldap connection
 900      *
 901      * @return   array   array of groups
 902      * @access   public
 903      */
 904      function getSiteGroups($site_dn, &$ldap)
 905        {
 906        $find_dn = "member=*";
 907        $res = $ldap->search($find_dn, array('dn', 'cn'), "ou=cvgroups,".$site_dn, 2);
 908        if (!mnError::isError($res))
 909            {
 910            $groups = array();
 911            for($i = 0; $i < $res['count']; $i++)
 912              {
 913              $groups[$res[$i]['dn']] = $res[$i]['cn'][0];
 914              }
 915            return $groups;        
 916            }
 917        }
 918      
 919     
 920      /**
 921      * This function returns a hashed array showing what privileges are available for
 922      * certain security level 
 923      *
 924      * It takes string parameter(either bloack, page, site or caravel), then returns a hashed 
 925      * detailing which option are available
 926      *
 927      * @param    string  privilege level that is wanted
 928      *
 929      * @return   array   hashed array of privileges for the requested level
 930      * @access   public
 931      */
 932      function getOptions($type)
 933        {
 934        $security    = array('block'   => array('rights'    => array('position' => 0)),
 935                             'page'    => array('layout'    => array('text' => 'Add/Remove Blocks', 'position' => 0),
 936                                                'customize' => array('text' => 'Customize Stylesheets', 'position' => 1),
 937                                                'publish'   => array('text' => 'Publish Pages', 'position' => 2),
 938                                                'visible'   => array('text' => 'View Page', 'position' => 3)),                            
 939                             'site'    => array('security'  => array('text' => 'Manage Security', 'position' => 0),
 940                                                'sitelayout'=> array('text' => 'Add/Remove Pages', 'position' => 1),
 941                                                'admin'     => array('text' => 'Manage miscellaneous site settings', 'position' => 2),
 942                                                'rss'       => array('text' => 'Manage RSS newsfeeds', 'position' => 3),
 943                                                'file'      => array('text' => 'Access Filemanager/Upload Files', 'position' => 4)),
 944                             'caravel' => array('superuser' => array('text' => 'Super User', 'position' => 0)));
 945                                                                                         
 946        if($type == "block" || $type == "page" || $type == "site" || $type == "caravel")
 947          {
 948          return $security[$type];       
 949          }
 950        else if($type == "all")
 951          return $security;  
 952        }
 953        
 954        
 955      /**
 956      * This function returns a hashed array showing what rules are available for
 957      * inclusion in groups. For example one option is edupersonaffiliation. If a person has an edupersonaffiliation 
 958      * that is specified by the user then they are considerred part of a group 
 959      *
 960      * It takes no parameters 
 961      *
 962      * @return   array   hashed array of rules
 963      * @access   public
 964      */
 965      function getRuleOptions()
 966        {      
 967        $rules = array('edupersonaffiliation' => 'eduPersonAffiliation',
 968                       'edupersonprimaryaffiliation' => 'eduPersonPrimaryAffiliation',
 969                       'deptprimaryaffiliation' => 'deptPrimaryAffiliation',
 970                       'custom2' => 'custom2');
 971        return $rules;
 972        }
 973        
 974      
 975      function getAltInclusionRuleGroups($user_dn, $regular_groups) {
 976          $ldap =& cv_getLDAP();
 977          $auth_ldap =& cv_getAuthLDAP();
 978          $auth_ldap->bind($_SESSION['auth']->userDN, $_SESSION['auth']->password);
 979  
 980        // first thing we do is grab all fields associated with the userdn      
 981        if($user_dn != "")
 982          $ares = $auth_ldap->search("objectclass=*", array(), $user_dn, LDAP_SCOPE_BASE);
 983        else
 984          $ares = array();  
 985  
 986        // next get all groups with alternate inclusion rules
 987        $k = 0;
 988        if (isset($GLOBALS['CV_TEMPLATE']))
 989            $rorg = DN::dnToOrg($GLOBALS['CV_TEMPLATE']);
 990        else
 991              $rorg = T_ORG_DN;
 992  
 993        $org = $rorg;      
 994        while((strpos($org, ",") !== false) && $k < 20 && $org != "")
 995          {
 996          $gdn_base = "ou=cvgroups,".$org; 
 997          $gres = $ldap->search("cvinclusionrule=*", array('cvinclusionrule'), $gdn_base, LDAP_SCOPE_ONELEVEL);
 998          if (!mnError::isError($gres))
 999              {
1000              for($z = 0; $z < $gres['count']; $z++)
1001                  $alt_groups[$gres[$z]['dn']] = $gres[$z]['cvinclusionrule'];
1002              }
1003          
1004          $org = substr($org, strpos($org, ",") + 1);
1005          $k++;
1006          }
1007          
1008        $count_local_groups = 0;
1009        foreach($regular_groups as $grp => $name)
1010            {
1011            if (DN::dnToOrg($grp) == $rorg)
1012                $count_local_groups++;
1013            }
1014            
1015        // now that we have all the groups we need to find if any of the conditions are met
1016        $valid_alt_groups = $poss_valid_alt_groups = array();
1017        $valid_count = $count_local_groups;
1018  
1019        if(is_array($alt_groups))
1020          {
1021          foreach($alt_groups as $key => $val)
1022            {
1023            for($g = 0;$g < $val['count']; $g++)
1024              {
1025              if(substr($val[$g], 0, 10) == "iprange0::" && ($user_dn == ""))
1026                {
1027                // check if the current ip is in this range
1028                $string = substr($val[$g], 10);
1029                $ips = explode("-", $string);
1030                if(Security::checkContainIpRange($ips[0], $ips[1], $_SERVER['REMOTE_ADDR']))
1031                    {
1032                    $valid_alt_groups[$key] = substr($key, 3, strpos($key, ",") - 3);
1033                    $valid_count++;
1034                    }
1035                }
1036              if(substr($val[$g], 0, 10) == "iprange0::" && ($user_dn == "" || $count_local_groups == 0))
1037                {
1038                // check if the current ip is in this range
1039                $string = substr($val[$g], 10);
1040                $ips = explode("-", $string);
1041                if(Security::checkContainIpRange($ips[0], $ips[1], $_SERVER['REMOTE_ADDR']))
1042                    $poss_valid_alt_groups[$key] = substr($key, 3, strpos($key, ",") - 3);
1043                }  
1044              if(substr($val[$g], 0, 10) == "iprange1::" && $user_dn != "")
1045                {
1046                // check if the current ip is in this range
1047                $string = substr($val[$g], 10);
1048                $ips = explode("-", $string);
1049                if(Security::checkContainIpRange($ips[0], $ips[1], $_SERVER['REMOTE_ADDR'])) 
1050                    {
1051                    $valid_alt_groups[$key] = substr($key, 3, strpos($key, ",") - 3);
1052                    $valid_count++;
1053                    }
1054                }  
1055              else if(substr($val[$g], 0, 9) == "ldapval::")          
1056                {
1057                // check if the specified ldap entry condition is met
1058                $string = substr($val[$g], 9);
1059                $field = substr($string, 0, strpos($string, "="));
1060                $data = substr($string, strpos($string, "=") + 1);
1061                if($ares[0][$field] == $data || @in_array($data, $ares[0][$field]))
1062                    {
1063                    $valid_alt_groups[$key] = substr($key, 3, strpos($key, ",") - 3); 
1064                    $valid_count++;
1065                    }
1066                }
1067              else if(substr($val[$g], 0, 9) == 'grpname::')
1068                {
1069                // check if any of the regular groups have the given name
1070                $name = substr($val[$g], 9);
1071                $found = false;
1072                foreach($regular_groups as $grpname)
1073                  if ($grpname == $name)
1074                      $found = true;
1075                if ($found)
1076                  $valid_alt_groups[$key] = substr($key, 3, strpos($key, ',') - 3);
1077                }
1078              }
1079            }
1080          }
1081  
1082        if($valid_count == 0)
1083          $valid_alt_groups = $poss_valid_alt_groups;
1084  
1085        return $valid_alt_groups;
1086        }
1087    
1088      /**
1089      * This function takes an ip address as a parameter and returns whether this ip address
1090      * is of the correct format. 
1091      *
1092      * @param    string  the ip address being checked
1093      *
1094      * @return   boolean true if this is a valid ip, otherwise false
1095      * @access   public
1096      */
1097      function checkValidIp($ip)
1098        {
1099        // get rid of all characters except numbers and the decimals
1100        $ip2 = ereg_replace("[^0-9.]", "", $ip);
1101        $iparr = explode(".", $ip2);
1102        $valid = ($ip2 == $ip);
1103        foreach($iparr as $val)
1104          if($val == "" || !($val >= 0 && $val <= 255))
1105            $valid = false;
1106  
1107        return (((count($iparr) == 4) || (count($iparr) == 6)) && $valid);
1108        }
1109  
1110      /**
1111      * This function takes two ip addresses as parameters and returns whether this is a valid ip range
1112      *
1113      * @param    string  the first ip address in the range
1114      * @param    string  the last ip address in the range
1115      *
1116      * @return   boolean true if this is a valid ip range, otherwise false
1117      * @access   public
1118      */
1119      function checkValidIpRange($ipfirst, $iplast)
1120        {
1121        $ipfirstarr = explode(".", $ipfirst);
1122        $iplastarr = explode(".", $iplast);
1123        if(count($ipfirstarr) != count($iplastarr))
1124          return false;
1125  
1126        for($i = 0; $i < count($ipfirstarr); $i++)
1127          {
1128          if($ipfirstarr[$i] < $iplastarr[$i])
1129            return true;
1130          else if($ipfirstarr[$i] == $iplastarr[$i])
1131            continue;
1132          else
1133            return false;
1134          }
1135  
1136        //this would mean they are the same ip which is ok
1137        return true;
1138        }
1139  
1140  
1141  
1142  
1143      /**
1144      * This function takes three ip addresses as parameters. The first two are expected to be an ip range,
1145      * the third parameter is a valid ip that the function will check to see if it is in the range.
1146      *
1147      * @param    string  the first ip address in the range
1148      * @param    string  the last ip address in the range
1149      * @param    string  the ip address that is being tested                
1150      *
1151      * @return   boolean true if the third ip is in the range, otherwise false
1152      * @access   public
1153      */
1154      function checkContainIpRange($ipfirst, $iplast, $checkip)
1155        {
1156        $ipfirstarr = explode(".", $ipfirst);
1157        $iplastarr = explode(".", $iplast);
1158        $checkiparr = explode(".", $checkip);
1159  
1160        for($i = 0; $i < count($ipfirstarr); $i++)
1161          {
1162          if($ipfirstarr[$i] <= $checkiparr[$i] && $checkiparr[$i] <= $iplastarr[$i])
1163            continue;
1164          else
1165            return false;
1166          }
1167  
1168        // if it got to here then it was in between and we can return false
1169        return true;
1170        }
1171  
1172      /**
1173      * This function adds a group with initial privileges and users
1174      *
1175      * Given a group name(this is the desired dn) it creates a new group. $privs and $users are group dns that
1176      * will be used to generate the new groups initial privileges and users.
1177      *
1178      * @param    string  desired dn for the new group
1179      * @param    string  dn of the group whose privileges will be the new groups initial privileges
1180      * @param    string  dn of the group whose privileges will be the new groups initial privileges
1181      * @param    object  ldap connection
1182      *
1183      * @return   boolean true on success
1184      * @access   public
1185      */
1186      function add_group($group_name, $privs, $users, &$ldap, $profile="default")
1187        {
1188        // first thing to do is to make sure the ou=cvgroups branch exists for this site      
1189        $ou = substr($group_name, strpos($group_name, ",") + 1);
1190        if(!$ldap->dnExists($ou))
1191          {
1192          $atr['objectclass'][0] = 'top'; 
1193          $atr['objectclass'][1] = 'organizationalUnit';
1194          $atr['ou'] = "cvgroups";
1195          $ldap->add($ou, $atr);
1196          }
1197        
1198        if(!$ldap->dnExists($group_name))
1199          {
1200          $attrib['objectclass'][0] = 'top';
1201          $attrib['objectclass'][1] = 'groupofnames';
1202          $attrib['objectclass'][2] = 'cvgroup';
1203        
1204          $tmp = explode(",", $group_name);
1205          $attrib['cn'][0] = substr($tmp[0], strpos($tmp[0], "=")+1);
1206          if($privs == "default")
1207            $attrib['cvpriv'][0] = T_LDAP_BASE.":::::";
1208          else
1209            {  
1210            $res=$ldap->search("objectclass=*", array('cvpriv'), $privs, 2);
1211            for($i=0; $i<$res[0]['cvpriv']['count']; $i++)
1212              {
1213              $attrib['cvpriv'][$i] = $res[0]['cvpriv'][$i];        
1214              }
1215            }
1216            
1217          if($users == "default")
1218            {
1219            if(T_USER == '')
1220                {
1221                $attrib['member'][0] = 'uid=blank';
1222                }
1223            else
1224                {    
1225                if(T_EXTERNAL_AUTH)
1226                  $attrib['member'][0] = T_LDAP_AUTH_USER_ATTR."=".$_SESSION['auth']->username.",".T_LDAP_AUTH_USER_BASE;
1227                else
1228                  $attrib['member'][0] = T_LDAP_USER_ATTR."=".$_SESSION['auth']->username.",".T_LDAP_USER_BASE;
1229                }
1230            }
1231          else if($users == "profile")
1232            {
1233            $attrib['member'][0] = $profile;
1234            $attrib['objectclass'][] = 'personalProfile';
1235            }  
1236          else
1237            {  
1238            $res = $ldap->search("objectclass=*", array('member'), $users, 2);
1239            for($i=0; $i<$res[0]['member']['count']; $i++)
1240              {
1241              $attrib['member'][$i] = $res[0]['member'][$i];
1242              }
1243            }          
1244            $ldap->add($group_name, $attrib);
1245          }
1246          return true;
1247        }
1248        
1249      /**
1250      * This function removes an existing group
1251      *
1252      * @param    string  desired dn to be removed
1253      * @param    object  ldap connection
1254      *
1255      * @return   mixed   true on success, mnLDAPError obj on failure or not modifiable
1256      * @access   public
1257      */
1258      function remove_group($group_dn, &$ldap)
1259        {
1260        $res = $ldap->search("objectClass=*", array('cvRequiredGroup'), $group_dn, 2);
1261  
1262        if($res[0]['cvrequiredgroup'][0] != "1" && $res[0]['cvrequiredgroup'][0] != "2")
1263          return $ldap->delete($group_dn);
1264        else
1265          {
1266          new mnLDAPError($ldap, 'This group is not modifiable.',__FILE__, __LINE__);  
1267          return false;
1268          }
1269        }  
1270  
1271      /**
1272      * This function renames an existing group
1273      *
1274      * @param    string  old dn
1275      * @param    string  new group name
1276      * @param    object  ldap connection
1277      *
1278      * @return   boolean true on success, false on failure
1279      * @access   public
1280      */
1281      function rename_group($old_dn, $new_name, &$ldap)
1282        {
1283        // first make sure that the new name does not already exist
1284        $tmp_arr = explode(",", $old_dn);
1285        $tmp_arr[0] = "cn=".$new_name;      
1286        $new_group_dn = implode(",", $tmp_arr);
1287        
1288        // get the base
1289        $base = substr($new_group_dn, strpos($new_group_dn, ',')+1);
1290  
1291        //get the old name
1292        $cn = explode(",", $old_dn);
1293        if(!$ldap->dnExists($new_group_dn))
1294          {
1295          $res = $ldap->search("objectClass=*", array('cvRequiredGroup'), $old_dn, 2);
1296          
1297          if($res[0]['cvrequiredgroup'][0] != "1" && $res[0]['cvrequiredgroup'][0] != "2")
1298            {
1299            $ldap->rename($cn[0], "cn=".$new_name, $base);
1300            return $new_group_dn;
1301            }
1302          else
1303            {
1304            new mnLDAPError($ldap, 'This group is not modifiable.',__FILE__, __LINE__);
1305            return false;
1306            }
1307            
1308          }
1309        else
1310          return false;
1311        }
1312      
1313      /**
1314      * This function removes a member from a group
1315      *
1316      * @param    string  uid(username) of the person that will be removed
1317      * @param    string  dn of the group the person is being removed from
1318      * @param    object  ldap connection
1319      *
1320      * @return   boolean true on success, false on failure
1321      * @access   public
1322      */  
1323      function remove_member($person_uid, $group_dn, &$ldap)
1324        {
1325        // get the dn of this uid
1326        if(T_EXTERNAL_AUTH)
1327          $userdn = T_LDAP_AUTH_USER_ATTR."=".$person_uid.",".T_LDAP_AUTH_USER_BASE;
1328        else
1329          $userdn = T_LDAP_USER_ATTR."=".$person_uid.",".T_LDAP_USER_BASE;
1330  
1331        $attrs['member'] = $userdn; 
1332       
1333        // delete the id
1334        $res = $ldap->search("objectClass=*", array('cvRequiredGroup', 'member'), $group_dn, 2);
1335        
1336        if($res[0]['cvrequiredgroup'][0] != 2)
1337          {
1338          if($res[0]['member']['count'] <= 1)
1339            {
1340            if($res[0]['member'][0] != "uid=blank")
1341              $ldap->add_attributes($group_dn, array('member' => 'uid=blank'));
1342              
1343            $ldap->delete_attributes($group_dn, $attrs);
1344            return true;  
1345            }
1346          else
1347            {  
1348            $ldap->delete_attributes($group_dn, $attrs);
1349            return true;
1350            }
1351          }
1352        else
1353          {
1354          new mnLDAPError($ldap, 'You can not change the members of this group.',__FILE__, __LINE__);
1355          return false;
1356          }  
1357        }
1358   
1359      /**
1360      * This function adds a member to a group
1361      *
1362      * @param    string  uid(username) of the person that will be added
1363      * @param    string  dn of the group the person is being added to
1364      * @param    object  ldap connection
1365      *
1366      * @return   boolean true on success, false on failure
1367      * @access   public
1368      */
1369      function add_member($person_uid, $group_dn, &$ldap)
1370        {
1371        // get the dn of this uid
1372        if(T_EXTERNAL_AUTH)
1373          {
1374          $search_ldap = mnLDAP::create(T_LDAP_AUTH_URI);
1375          $search_ldap->bind("", "");
1376          $user = T_LDAP_AUTH_USER_ATTR."=".$person_uid;
1377          $search_base = T_LDAP_AUTH_USER_BASE;
1378          }
1379        else
1380          {
1381          $search_ldap = $this->ldap;
1382          $user = T_LDAP_USER_ATTR."=".$person_uid;
1383          $search_base = T_LDAP_USER_BASE;
1384          }
1385  
1386        $res = $search_ldap->search($user, array('dn'), $search_base, 2);
1387        if($res[0]['dn'] != "")
1388          {
1389          $attrs['member'] = $res[0]['dn'];
1390          
1391          // delete the id
1392          $find_dn = "member=".$res[0]['dn'];
1393          $res2 = $ldap->search($find_dn, array('dn'), $group_dn, 2);
1394          if($res2['count'] == 0)
1395            {
1396            $res = $ldap->search("objectClass=*", array('cvRequiredGroup'), $group_dn, 2);
1397            
1398            if($res[0]['cvrequiredgroup'][0] != 2)
1399              {
1400              $ldap->add_attributes($group_dn, $attrs);
1401              }
1402            else
1403              {
1404              new mnLDAPError($ldap, 'You can not change the members of this group.',__FILE__, __LINE__);
1405              return false;
1406              }  
1407            }
1408          else
1409            return false;
1410    
1411          return true;
1412          }
1413        else
1414          return false;          
1415        }        
1416  
1417      /**
1418      * This function creates a user profile group based upon a given dn
1419      *
1420      * @param    string  dn of the person whose profile will be created
1421      * @param    object  ldap connection
1422      *
1423      * @return   none
1424      * @access   public
1425      */
1426      function createUserProfileGroup($user_dn, &$ldap)
1427        {
1428        $profile_name = substr($user_dn, strpos($user_dn, "=")+1, strpos($user_dn, ",") - (strpos($user_dn, "=")+1));
1429        $profile_name = "cvProfileGroup." . $profile_name;
1430        
1431        $profile_dn = "cn=" . $profile_name . ",ou=cvgroups," . T_LDAP_BASE;
1432        
1433        if(!$ldap->dnExists($profile_dn))
1434          Security::add_group($profile_dn, 'default', 'profile', $ldap, $user_dn);
1435        else
1436          {
1437          // check to make sure that the user has the new profile objectclass
1438          $res = $ldap->search("(objectclass=*)", array('objectclass', 'cvpriv', 'member', 'cn'), $profile_dn, LDAP_SCOPE_BASE);
1439  
1440          if(!in_array('personalProfile', $res[0]['objectclass']))
1441            {
1442            unset($res[0]['objectclass']['count']);
1443            unset($res[0]['cvpriv']['count']);
1444            // we need to add the personalProfile objectClass
1445            $attr['objectclass'][] = 'top';
1446            $attr['objectclass'][] = 'groupofnames';
1447            $attr['objectclass'][] = 'cvgroup';
1448            $attr['objectclass'][] = 'personalprofile';
1449            $attr['member'] = $res[0]['member'][0];
1450            $attr['cn'] = $res[0]['cn'][0];
1451  
1452            foreach($res[0]['cvpriv'] as $v)
1453              $attr['cvpriv'][] = $v;
1454  
1455            $ldap->delete($profile_dn);
1456            $ldap->add($profile_dn, $attr);
1457            }
1458          }
1459        }
1460  
1461      /**
1462      * This function gets the data associated with a userProfile
1463      *
1464      * @param    string  dn of the person whose profile will be loaded
1465      * @param    object  ldap connection
1466      *
1467      * @return   none
1468      * @access   public
1469      */
1470      function storeUserProfileGroupData($user_dn, &$ldap, $data)
1471        {
1472        $profile_name = substr($user_dn, strpos($user_dn, "=")+1, strpos($user_dn, ",") - (strpos($user_dn, "=")+1));
1473        $profile_name = "cvProfileGroup." . $profile_name;
1474  
1475        $profile_dn = "cn=".$profile_name . ",ou=cvgroups," . T_LDAP_BASE;
1476  
1477        $attr['cvuserparam'] = Utility::packageParams($data);
1478        $ldap->replace($profile_dn, $attr);
1479        
1480        $_SESSION['userVars'] = $data;
1481        }   
1482   
1483  
1484      /**
1485      * This function gets the data associated with a userProfile
1486      *
1487      * @param    string  dn of the person whose profile will be loaded
1488      * @param    object  ldap connection
1489      *
1490      * @return   none
1491      * @access   public
1492      */
1493      function getUserProfileGroupData($user_dn, &$ldap)
1494        {
1495        $profile_name = substr($user_dn, strpos($user_dn, "=")+1, strpos($user_dn, ",") - (strpos($user_dn, "=")+1));
1496        $profile_name = "cvProfileGroup." . $profile_name;
1497  
1498        $profile_dn = "cn=" . $profile_name . ",ou=cvgroups," . T_LDAP_BASE;
1499  
1500        $res = $ldap->search("(objectclass=*)", array('cvUserParam'), $profile_dn, LDAP_SCOPE_BASE);
1501        if (mnError::isError($res))
1502        $res = array();
1503        else
1504        $res = $res[0]['cvuserparam'];
1505        unset($res['count']);
1506        if(count($res) > 0)
1507          return Utility::processParams($res);
1508        else
1509          return array();  
1510        }
1511          
1512        
1513        
1514      /**
1515      * This function removes all privileges in this users profile that are associated with the given site
1516      *
1517      * @param    string  dn of the person whose profile will be modified
1518      * @param    string  dn of the site
1519      * @param    object  ldap connection
1520      *
1521      * @return   boolean true on success, false on failure
1522      * @access   public
1523      */
1524      function removeUserProfilePrivileges($user_dn, $site_dn, &$ldap)
1525        {
1526        $profile_name = substr($user_dn, strpos($user_dn, "=")+1, strpos($user_dn, ",") - (strpos($user_dn, "=")+1));
1527        $profile_name = "cvProfileGroup." . $profile_name;
1528  
1529        $profile_dn = "cn=" . $profile_name . ",ou=cvgroups," . T_LDAP_BASE;
1530  
1531        if($ldap->dnExists($profile_dn))
1532          {
1533          // need to get all privileges from this profile group that are associated with this site dn
1534          $res = $ldap->search("objectclass=*", array('cvpriv'), $profile_dn, 2);
1535  
1536          for($i=0; $i < $res[0]['cvpriv']['count']; $i++)
1537            {
1538            if(!(strpos($res[0]['cvpriv'][$i], $site_dn) === false))
1539              {
1540              $remove_attr['cvpriv'][] = $res[0]['cvpriv'][$i];
1541              }          
1542            }
1543          if($remove_attr == "")
1544            $remove_attr = array();  
1545          $ldap->delete_attributes($profile_dn, $remove_attr);  
1546          return true;
1547          }
1548        else
1549          {
1550          return false; 
1551          }  
1552        }  
1553        
1554      /**
1555      * This function removes a person from all groups of a particular site
1556      *
1557      * @param    string  dn of the person who will be removed
1558      * @param    string  dn of the site
1559      * @param    object  ldap connection
1560      *
1561      * @return   boolean true on success, false on failure
1562      * @access   public
1563      */
1564      function removeUserSiteGroups($user_dn, $site_dn, &$ldap)
1565        {
1566        // find out what groups this person belongs to
1567        $res = $ldap->search("(& (member=" . $user_dn . ") (objectClass=cvGroup))", array('member'), $site_dn, 2);
1568  
1569        for($i=0; $i<$res['count'];$i++)
1570          {
1571          if($res[$i]['member']['count'] > 1)
1572            {
1573            $rm['member'] = $user_dn; 
1574            $ldap->delete_attributes($res[$i]['dn'], $rm);
1575            }
1576          }      
1577        }
1578  
1579      function find_pages_dn($dn, &$ldap, $libraries)
1580        {
1581        if(strpos($dn, "dc=") === 0 )
1582          $dn = "mnT=index,".$dn;
1583        
1584        $search = $ldap->search("(objectclass=mennotemplatesection)", array('mnTS', 'mennoStatus', 'mennoDisplayName'), $dn, LDAP_SCOPE_ONELEVEL);
1585        if (mnError::isError($search))
1586            $search = array();
1587         
1588        for($i=0;$i<$search['count'];$i++)
1589          {
1590          //$name = @$search[$i]['mennodisplayname'][0] ? $search[$i]['mennodisplayname'][0] : $search[$i]['mnts'][0];
1591          $name = $search[$i]['mnts'][0];
1592          if(!$libraries && $search[$i]['mennostatus'][0] != 'library')
1593            $page_search[$search[$i]['dn']] = $name;
1594          else if($libraries && ($search[$i]['mennostatus'][0] == 'library' || (DN::dnToParent($search[$i]['dn']) != "mnT=index," . DN::dnToOrg($search[$i]['dn']))))  
1595            $page_search[$search[$i]['dn']] = $name;
1596          }
1597  
1598        return @$page_search;  
1599        }
1600      
1601      function find_pages_dn_recursive($dn, $navigation, $b=0, $checking_children=1, &$ldap, $libraries)
1602        {
1603        $pages = Security::find_pages_dn($dn, $ldap, $libraries);
1604        if(is_array($pages))
1605          {
1606          asort($pages);
1607          foreach($pages as $key => $val)
1608            {
1609            $final[$key]['page']   = $pages[$key];
1610            $final[$key]['indent'] = $b;
1611            if($checking_children)
1612              {
1613              if(T_SPEED_HACK != 1 || $navigation[$key] == 1)
1614                {
1615                $tmp = Security::find_pages_dn_recursive($key, $navigation, $b+1, @$navigation[$key], $ldap, $libraries);
1616           
1617                if(is_array($tmp))
1618                  {
1619                  $final[$key]['children'] = 1;
1620                  if(@$navigation[$key] == 1)
1621                    {
1622                    foreach($tmp as $k => $v)
1623                      {
1624                      $final[$k]['page']   = $tmp[$k]['page'];
1625                      $final[$k]['indent'] = $tmp[$k]['indent'];
1626                      $final[$k]['children'] = $tmp[$k]['children'];
1627                      }
1628                    }  
1629                  }
1630                }
1631              else
1632                {
1633                $final[$key]['children'] = 1;
1634                }  
1635              }        
1636            }      
1637          }
1638        return @$final;  
1639        }
1640  
1641  
1642      function find_sites_dn($dn, &$ldap)
1643        {
1644        $search = $ldap->search("(objectclass=dcobject)", array('dc', 'objectclass'), $dn, LDAP_SCOPE_ONELEVEL);
1645        for($i=0;$i<$search['count'];$i++)
1646          {
1647          if(!in_array('mennoOrganization', $search[$i]['objectclass']))
1648            $new_site_search[$search[$i]['dn']] = "folder:".$search[$i]['dc'][0];
1649          else
1650            $new_site_search[$search[$i]['dn']] = $search[$i]['dc'][0];
1651          }
1652  
1653        return @$new_site_search;  
1654        }  
1655        
1656      function find_tree_sites_recursive($dn, $navigation, $b=0, $site_mode = 0, $checking_children = 1, &$ldap, $lite_mode=false)
1657        {
1658        if(!$site_mode)
1659          $sites = Security::find_sites_dn($dn, $ldap);
1660        else
1661          $sites[T_ORG_DN] = DN::dnToSiteDomain(T_ORG_DN);   
1662        
1663        if(is_array($sites))
1664          {
1665          asort($sites);
1666          foreach($sites as $key => $val)
1667            {
1668            $final[$key]['site'] = $sites[$key]; 
1669            $final[$key]['type'] = 'site';
1670            $final[$key]['indent'] = $b;
1671            if($checking_children)
1672              {
1673              if(T_SPEED_HACK != 1 || $navigation[$key] == 1)
1674                {
1675                if(!$lite_mode)
1676                  {
1677                  $tmp = Security::find_tree_sites_recursive($key, $navigation, $b+1, 0, $navigation[$key] == 1, $ldap);
1678             
1679                  if(is_array($tmp))
1680                    {
1681                    $final[$key]['children'] = 1;
1682                    if($navigation[$key] == 1)
1683                      {
1684                      foreach($tmp as $k => $v)
1685                        {
1686                        $final[$k]['site'] = $tmp[$k]['site'];         
1687                        $final[$k]['indent'] = $tmp[$k]['indent'];
1688                        $final[$k]['type'] = $tmp[$k]['type'];
1689                        $final[$k]['children'] = $tmp[$k]['children'];
1690                        }
1691                      }  
1692                    }
1693                  }
1694                  
1695                $tmp2 = Security::find_pages_dn_recursive($key, $navigation, 0, $navigation[$key] == 1, $ldap, 0);
1696                if(is_array($tmp2))
1697                  {
1698                  if($navigation[$key] == 1 && $lite_mode)
1699                    {
1700                    $final["mnT=Libraries," . $key]['site'] = "Libraries";
1701                    $final["mnT=Libraries," . $key]['indent'] = $b + 1;
1702                    $final["mnT=Libraries," . $key]['type'] = 'page';
1703                    $final["mnT=Libraries," . $key]['children'] = 1;
1704                    
1705                    if($navigation["mnT=Libraries," . $key])
1706                      {
1707                      $libs = Security::find_pages_dn_recursive($key, $navigation, 0, $navigation[$key] == 1, $ldap, 1);
1708                      if (is_array($libs)) {
1709                          foreach($libs as $libkey => $libval)
1710                              {
1711                              $final[$libkey]['site'] = $libs[$libkey]['page'];
1712                              $final[$libkey]['indent'] = ($b+2)+$libs[$libkey]['indent'];
1713                              $final[$libkey]['children'] = @$libs[$libkey]['children'];
1714                              $final[$libkey]['type'] = 'page';
1715                              }
1716                          }
1717                      }
1718                    }
1719                  else if($navigation[$key] == 1)
1720                    {
1721                    $libs = Security::find_pages_dn_recursive($key, $navigation, 0, $navigation[$key] == 1, $ldap, 1);
1722                    if(!is_array($libs))
1723                        $libs = array();
1724                    foreach($libs as $libkey => $libval)
1725                        {
1726                        $final[$libkey]['site'] = $libs[$libkey]['page'];
1727                        $final[$libkey]['indent'] = ($b+1)+$libs[$libkey]['indent'];
1728                        $final[$libkey]['children'] = @$libs[$libkey]['children'];
1729                        $final[$libkey]['type'] = 'page';
1730                        }
1731                    }
1732  
1733                  $final[$key]['children'] = 1;
1734                  if($navigation[$key] == 1)
1735                    {
1736                    foreach($tmp2 as $k2 => $v2)
1737                      {
1738                      $final[$k2]['site'] = $tmp2[$k2]['page'];
1739                      $final[$k2]['indent'] = ($b+1)+$tmp2[$k2]['indent'];
1740                      $final[$k2]['children'] = @$tmp2[$k2]['children'];
1741                      $final[$k2]['type'] = 'page';
1742                      }
1743                    } 
1744                  }
1745                }
1746              else if(T_SPEED_HACK == 1)
1747                {
1748                $final[$key]['children'] = 1;
1749                } 
1750              }  
1751            }  
1752          }
1753          
1754        return @$final;  
1755        }  
1756  
1757  
1758      function find_blocks($dn, &$ldap)
1759        {
1760        $search = $ldap->search("(objectclass=mennotemplateblock)", array('mnTB'), $dn, 1);
1761        if (mnError::isError($search))
1762        $search = array();
1763  
1764        for($i=0;$i<$search['count'];$i++)
1765          {
1766          $block_dn[$search[$i]['mntb'][0]] = $search[$i]['dn'];
1767          } 
1768  
1769        return @$block_dn;  
1770        }
1771      
1772      function create_navigator($super, &$navigator_arr, $privs, $app, &$ldap, $lite_mode=false)
1773        {
1774        $tpl = new Template_PHPLIB(T_TEMPLATE_BASE);
1775        if($lite_mode)
1776          $tpl->setFile(array('main' => 'navigator_sidebar2.tpl.html'));
1777        else
1778          $tpl->setFile(array('main' => 'navigator_sidebar.tpl.html'));
1779  
1780        //variables
1781        $tpl->setVar('selected_page', $app->paramName('selected_page'));
1782        $tpl->setVar('nav_scrolled', $app->paramName('nav_scrolled'));
1783        $tpl->setVar('navigator_click', $app->paramName('navigator_click'));
1784        if($lite_mode)
1785          {
1786          if($app->params['navigator_click'] != "")
1787            $navigator_arr[$app->params['navigator_click']] = ($navigator_arr[$app->params['navigator_click']] + 1) % 2;
1788                                                    
1789          $tpl->setVar('hidden_elements', "<input type='hidden' name='".$app->paramName('selected_page')."' id='".$app->paramName('selected_page')."' value='".$app->params['selected_page']."'>
1790                                           <input type='hidden' name='".$app->paramName('navigator_click')."' id='".$app->paramName('navigator_click')."' value=''>");
1791          }
1792        else
1793          $tpl->setVar('hidden_elements', '');
1794  
1795        $num = 0;
1796        if($super)
1797          {
1798          $all = Security::find_tree_sites_recursive(T_LDAP_BASE, $navigator_arr, 0, 0, 1, $ldap);
1799          $lists[$num]['indent'] = 0;
1800          $tmp  = DN::dnToSiteDomain(T_LDAP_BASE);
1801          $lists[$num]['name'] = $tmp;
1802          $lists[$num]['dn'] = T_LDAP_BASE;
1803          $lists[$num]['level'] = $privs[T_LDAP_BASE]['block']['rights'];
1804          $lists[$num]['inherited']=Security::getSingleBlockPrivilege($privs, T_LDAP_BASE);
1805          $lists[$num]['type'] = 'caravel';
1806          $lists[$num]['folder'] = true;
1807          $navigator_arr[T_LDAP_BASE] = 1;
1808          $num++;
1809          }
1810        else
1811          {
1812          $navigator_arr[T_ORG_DN] = 1;
1813          $all = Security::find_tree_sites_recursive(T_ORG_DN, $navigator_arr, 0, 1, 1, $ldap, $lite_mode);
1814          }
1815  
1816        foreach($all as $key => $value)
1817          {
1818          $lists[$num]['type'] = $all[$key]['type'];
1819          $lists[$num]['indent'] = $all[$key]['indent']+$super;
1820          if(strpos($all[$key]['site'], 'folder:') !== false)
1821            $lists[$num]['folder'] = true;
1822          $lists[$num]['name'] = str_replace('folder:', '', $all[$key]['site']);
1823          $lists[$num]['dn'] = $key;
1824          $lists[$num]['level'] = @$privs[$key]['block']['rights'];
1825          $lists[$num]['inherited'] = Security::getSingleBlockPrivilege($privs, $key);
1826          
1827          $lists[$num]['visible'] = Security::can($key, 'visible') || strpos($key, 'mnT=Libraries,dc') === 0;
1828  
1829          $lists[$num]['children'] = @$all[$key]['children'];     
1830          
1831          if($lists[$num]['type'] == 'site')
1832            {
1833            $checkboxes = Security::getOptions('site');
1834            foreach($checkboxes as $k => $v)
1835              {
1836              if(@$privs[$key]['site'][$k] != "")
1837                $lists[$num]['site_set'] = 1;
1838              } 
1839            }
1840            
1841          if($lists[$num]['type'] == 'page' || $lists[$num]['type'] == 'site')  
1842            {
1843            $checkboxes = Security::getOptions('page');
1844            foreach($checkboxes as $kk => $vv)
1845              {
1846              if(@$privs[$key]['page'][$kk] != "")
1847                $lists[$num]['page_set'] = 1;
1848              }
1849            }
1850  
1851          if($lists[$num]['type'] == 'page')
1852            {
1853            $pagesblocks = Security::find_blocks($key, $ldap);
1854            $checkboxes = Security::getOptions('block');
1855            if(is_array($pagesblocks))
1856              {
1857              foreach($pagesblocks as $pk => $pv)
1858                {
1859                foreach($checkboxes as $bk => $bv)
1860                  {
1861                  if(@$privs[$pv]['block'][$bk] == "")
1862                    $lists[$num]['block_set'][-1] = 1;
1863                  else if(@$privs[$pv]['block'][$bk] == "0")
1864                    $lists[$num]['block_set'][0] = 1;
1865                  else if(@$privs[$pv]['block'][$bk] == "1")
1866                    $lists[$num]['block_set'][1] = 1;
1867                  else if(@$privs[$pv]['block'][$bk] == "2")
1868                    $lists[$num]['block_set'][2] = 1;
1869                  }
1870                }
1871              }  
1872            }        
1873            
1874            
1875          $num++;
1876          }
1877  
1878        if($lite_mode)
1879          {   
1880          for($i=0;$i<count($lists);$i++)
1881            {
1882            if(DN::dnToType($lists[$i]['dn']) == "dc" && $lists[$i]['children'] != 1 && $lists[$i]['dn'] != T_LDAP_BASE)
1883              {
1884              array_splice($lists, $i, 1);
1885              $i--;
1886              }
1887            else if(DN::dnToType($lists[$i]['dn']) != "dc" && $lists[$i]['visible'] != 1)
1888              {
1889              array_splice($lists, $i-$offset, 1);
1890              $i--;
1891              }
1892            }
1893          }
1894  
1895        for($i=0;$i<count($lists);$i++)
1896          {
1897          $temp_connectors[$i] = $lists[$i]['indent'];
1898          }  
1899  
1900        @$array_size = max($temp_connectors) + 1;
1901        for($i=0;$i<count($temp_connectors);$i++)
1902          {
1903          $connectors[$i] = array($array_size);
1904          for($k=0;$k<$array_size;$k++)
1905            {
1906            if($k < $temp_connectors[$i])
1907              $connectors[$i][$k] = "-";
1908            else if($k == $temp_connectors[$i])
1909              $connectors[$i][$k] = "*";
1910            else if($k > $temp_connectors[$i])
1911              $connectors[$i][$k] = "0";
1912            }
1913          }
1914  
1915        $indent_position = 0;
1916        for($indent_position = 0;$indent_position<$array_size;$indent_position++)
1917          {
1918          for($i=0;$i<count($connectors);$i++)
1919            {
1920            if($connectors[$i][$indent_position] == '*')
1921              {
1922              $position_start = $i + 1;
1923              $position_end = '';
1924              for($k=$position_start;$k<count($connectors);$k++)
1925                {
1926                if($connectors[$k][$indent_position] == '*')
1927                  {
1928                  $position_end = $k;
1929                  }
1930                else if($connectors[$k][$indent_position] == '0')
1931                    {
1932                    $k = count($connectors);
1933                    }
1934                  }//end search for the ending '*' for
1935  
1936                //If there is an ending position then we need to connect with "1" between the two "*"
1937                if($position_end != '')
1938                  {
1939                  for($k=$position_start;$k<$position_end;$k++)
1940                    {
1941                    $connectors[$k][$indent_position] = "1";
1942                    }
1943                  $i=$position_end;//contining from the position we just connected
1944                  }
1945                }//end found starting '*' if
1946              $position_start = "";
1947              }
1948              }
1949  
1950        if(!$lite_mode)
1951          {
1952          $header_left_corner = Widget::table_layout('left', 'gray');
1953          $header_middle_blue_s = Widget::table_layout('middle', 'gray', 3, 'S',
1954                   'border-right: solid 1px #000000;', 'margin-left: -6px; padding-top: 3px; padding-left: 2px;
1955                                                      font: bold 11px Georgia;');
1956          $header_middle_blue_p = Widget::table_layout('middle', 'gray', 10, 'P',
1957                   'border-right: solid 1px #000000;', 'padding-left: 2px; padding-top: 3px;
1958                                                        font: bold 11px Georgia;');
1959          $header_middle_blue_b = Widget::table_layout('middle', 'gray', 14, 'B',
1960                   'border-right: solid 1px #000000;', 'padding-left: 2px; padding-top: 3px;
1961                                                      font: bold 11px Georgia;text-align: left;');
1962          $header_middle_gray = Widget::table_layout('middle', 'blue', 200, 'Layout', '',
1963                   'padding-left: 3px; padding-top: 3px; font: bold 11px Georgia;');
1964          $header_right_corner = Widget::table_layout('right', 'blue');
1965                                                                                                        
1966          $header = $header_left_corner.$header_middle_blue_s.$header_middle_blue_p.$header_middle_blue_b.$header_middle_gray.$header_right_corner;
1967          }
1968        else
1969          $header="";
1970  
1971        $tpl->setVar('table_header', $header);
1972        
1973        $tpl->setBlock('main', 'indentBlock', 'indentB');
1974        $tpl->setVar('indentB', '');
1975        $tpl->setBlock('main', 'navBlock', 'navB');
1976        $tpl->setVar('navB', '');
1977        
1978        
1979        if(!$lite_mode)
1980          {
1981          if(count($lists) > 15)
1982            $tpl->setVar('width_adjust', 232);
1983          else
1984            $tpl->setVar('width_adjust', 248);  
1985          }
1986        else
1987          {
1988          if(count($lists) > 25)
1989            $tpl->setVar('width_adjust', 132);
1990          else
1991            $tpl->setVar('width_adjust', 148);
1992          }
1993  
1994        
1995        
1996        for($i=0;$i<count($lists);$i++)
1997          {
1998          if($lists[$i]['dn'] == $app->params['selected_page'])
1999            {
2000            $offsetheight = 16 * ($i - 5);
2001            $tpl->setVar('extraonload', "addCvOnLoadEvent(function() {document.getElementById('nav_div').scrollTop = " . $offsetheight . ";})");    
2002  
2003            $tpl->setVar('rotate_color', '#e0e0fd');
2004            //  $tpl->setVar('rotate_color', '#ccccff');
2005            if(@$app->params['extra_nav_scroll'] === "0")
2006               {
2007               $app->params['extra_nav_scroll'] = 5*$i;
2008               }
2009            else
2010               $app->params['extra_nav_scroll'] = 0;   
2011            }
2012          else
2013            { 
2014            if(($i % 2) == 0) 
2015              $tpl->setVar('rotate_color', '#FFFFFF');
2016            else
2017              $tpl->setVar('rotate_color', '#F2F2F2');
2018            }          
2019        
2020          $tpl->setVar('indentB', '');
2021          for($j=0;$j<$lists[$i]['indent'];$j++)
2022            {
2023            if($connectors[$i][$j] == '1')
2024              $tpl->setVar('indent_connector', ' background:url(/.cWimg/icons/ftv2vertline.gif); background-position: 20% 0%;');
2025            else
2026              $tpl->setVar('indent_connector', ' none');
2027          
2028            $tpl->parse('indentB', 'indentBlock', true);
2029            }
2030  
2031          if(@$navigator_arr[$lists[$i]['dn']] == 1)
2032            {
2033            $color = "border-right: none";
2034            $alt_width = "4px";
2035            }
2036          else
2037            {
2038            $color = "border-right: solid 1px #000000"; 
2039            $alt_width = "3px";
2040            }
2041        
2042  
2043          $tpl->setVar('connector', '');
2044          if(((@$lists[$i]['indent'] == @$lists[$i+1]['indent']) || @$connectors[$i+1][$j] == '1') && $i != 0) 
2045            {
2046            //connector to connect if the next task is at the same indent
2047            if($lists[$i]['children'] == 1)
2048              {
2049              if(@$navigator_arr[$lists[$i]['dn']] == 1)
2050                $img = "/.cWimg/icons/ftv2mnode.gif"; 
2051              else
2052                $img = "/.cWimg/icons/ftv2pnode.gif";  
2053              
2054              $tpl->setVar('connector', '<div class="connectors" style="background:url('.$img.');background-position: 50% 28%;"
2055                                                     onclick="nav_select(\''.$lists[$i]['dn'].'\');"
2056                                                     onmouseover="this.style.borderColor = \'#8BB5DF\';"
2057                                                     onmouseout="this.style.borderColor = \'#000000\';">&nbsp;
2058                                                     </div>');
2059              }
2060            else
2061              {
2062              $tpl->setVar('connector', '<div class="connectors" style="background:url(/.cWimg/icons/ftv2node.gif);background-position: 50% 28%;"></div>');
2063              }                                       
2064            } 
2065          else if(@$lists[$i]['indent'] != @$lists[$i+1]['indent'] && $i != 0)
2066            {
2067            //connector to connect when the next task is of a differnt indent
2068            if($lists[$i]['children'] == 1)
2069              {
2070              if($navigator_arr[$lists[$i]['dn']] == 1)
2071                $img = "/.cWimg/icons/ftv2mlastnode.gif";
2072              else
2073                $img = "/.cWimg/icons/ftv2plastnode.gif";
2074                                                
2075              $tpl->setVar('connector', '<div class="connectors" style="background:url('.$img.');background-position: 50% 28%;"
2076                                                     onclick="nav_select(\''.$lists[$i]['dn'].'\');"
2077                                                     onmouseover="this.style.borderColor = \'#8BB5DF\';"
2078                                                     onmouseout="this.style.borderColor = \'#000000\';">
2079                                                     </div>');
2080              }
2081            else
2082              {
2083              $tpl->setVar('connector', '<div class="connectors" style="background:url(/.cWimg/icons/ftv2lastnode.gif);background-position: 50% 28%;"></div>');
2084              }                                       
2085            }
2086  
2087          
2088          if(!$lite_mode)
2089            {
2090            $tpl->setVar('nonlitesmall', 16);
2091            $tpl->setVar('nonlitebig', 84);
2092            $tpl->setVar('nonlitepadding', 'margin: 0 0 0 3px;');
2093            $tpl->setVar('nonliteborder', 'border-left: solid 1px #000;');
2094            if($lists[$i]['type'] == 'site')
2095              {
2096              if(@$lists[$i]['site_set'] === 1)
2097                $color = "#666";
2098              else
2099                $color = "#ffffcc";
2100              $tpl->setVar('site_view', "<div title='Site inheritance properties' style='float:left;font-size: 0px;
2101                                                     border: solid 1px #000000; width: 7px; height: 7px; margin-top: 3px; background-color: " . $color . "'>
2102                                         
2103                                         </div>");
2104              }
2105            else
2106              $tpl->setVar('site_view', "<div style='width: 9px;float: left;'>&nbsp;</div>");
2107  
2108            if($lists[$i]['type'] == 'page' || $lists[$i]['type'] == 'site')
2109              {
2110              if(@$lists[$i]['page_set'] === 1)
2111                $color = "#666";
2112              else
2113                $color = "#ffffcc";
2114              $tpl->setVar('page_view', "<div title='Page inheritance properties' style='margin-left: 1px; font-size: 0px; float:left; border: solid 1px #000000; width: 7px; height: 7px; margin-top: 3px; background-color: " . $color . "'>
2115                                         
2116                                         </div>");
2117              }
2118            else
2119              $tpl->setVar('page_view', "");
2120  
2121            
2122            if(@$lists[$i]['type'] == 'page')
2123              {
2124              if(@$lists[$i]['block_set'][-1] === 1)
2125                $color1 = "#ffffcc";
2126              else
2127                $color1 = "#ffffff";
2128              if(@$lists[$i]['block_set'][0] === 1)
2129                $color2 = "#ff6666";
2130              else
2131                $color2 = "#ffffff";
2132              if(@$lists[$i]['block_set'][1] === 1)
2133                $color3 = "#66ffcc";
2134              else
2135                $color3 = "#ffffff";
2136              if(@$lists[$i]['block_set'][2] === 1)
2137                $color4 = "#9999cc";
2138              else
2139                $color4 = "#ffffff";
2140  
2141              $tpl->setVar('block_view', '<div style="margin-left: 4px; width: 6px; height: 3px; font: 2px Arial;font-size: 0px;"></div>
2142                                          <div title="Local block properties" style="margin-left: 1px; float: left; vertical-align: top; text-align: center; width:7px; height: 7px; 
2143                                                      font: 0px Arial; border: solid 1px #000000; padding: 0px;">
2144                                                      <div style="background-color: ' . $color1 . ';float:left; font-size: 0px; height: 3px; width: 3px; border-bottom: solid 1px #000000; border-right: solid 1px #000000;"></div>
2145                                                      <div style="background-color: ' . $color2 . ';float:right; font-size: 0px;height: 3px; width: 3px; border-bottom: solid 1px #000000;"></div>
2146                                                      <div style="background-color: ' . $color3 . ';float:left; font-size: 0px;height: 3px; width: 3px; border-right: solid 1px #000000;"></div>
2147                                                      <div style="background-color: ' . $color4 . ';float:right; font-size: 0px; height: 3px; width: 3px; "></div>
2148                                                      </div>');
2149              }
2150            else
2151              $tpl->setVar('block_view', "");
2152         
2153            if($i == 0)
2154              {
2155              $lists[$i]['type'] = "";
2156              $tpl->setVar('site_view', "<div class='inherit_view'></div>");
2157              $tpl->setVar('page_view', "<div class='inherit_view'></div>");
2158              $tpl->setVar('block_view', "<div class='inherit_view'></div>");
2159              }
2160            }    
2161          else
2162            {
2163            $tpl->setVar('nonlitesmall', 0);
2164            $tpl->setVar('nonlitebig', 100);          
2165            $tpl->setVar('nonlitepadding', "display:none;");
2166            $tpl->setVar('nonliteborder', '');
2167            }  
2168            
2169          if(Utility::is_template_dn($lists[$i]['dn']) === 2) 
2170            { 
2171            $lists[$i]['name'] = "<div style='vertical-align: middle;height: 100%;float: left;margin: 1px 0 0 -4px;'><img alt='Templates' src='/.cWimg/icons/paint_16.png' style='width: 14px; height: 14px;'></div>
2172                                  <div style='vertical-align: middle;height: 100%;float: left;margin-top: 1px;'>" . $lists[$i]['name'] . "</div>";          
2173            $lists[$i]['template'] = true;
2174            }
2175          else if(strpos($lists[$i]['dn'], "mnT=Libraries,") === 0)
2176            {
2177            $lists[$i]['name'] = "<div style='vertical-align: middle;height: 100%;float: left;margin: 1px 0 0 -4px;'><img alt='Libraries' src='/.cWimg/icons/addbk_16.png' style='width: 14px; height: 14px;'></div>
2178                                  <div style='vertical-align: middle;height: 100%;float: left;margin-top: 1px;'>" . $lists[$i]['name'] . "</div>";
2179            $lists[$i]['template'] = true;
2180            }
2181          else
2182            {
2183            if($lists[$i]['type'] == 'site')
2184              $lists[$i]['name'] = "<span style='font-weight:bold;'>".Widget::format_text($lists[$i]['name'], 28, '')."</span>";
2185            else
2186              $lists[$i]['name'] = Widget::format_text($lists[$i]['name'], 28 - $lists[$i]['indent'] * 3, '');
2187            }
2188    
2189          $tpl->setVar('object_name', $lists[$i]['name']);
2190          $tpl->setVar('object_dn', $lists[$i]['dn']);
2191          if($lite_mode && $lists[$i]['folder'] != true && $lists[$i]['template'] != true)
2192            $tpl->setVar('changesubmit', 'change_submit("http' . (T_HTTP_SSL ? 's' : '')  . '://'.DN::dnToPageUrl($lists[$i]['dn'], 1). '?aC=' . T_ADMIN_CODE . '&amp;id=' . DN::dnToSiteId($lists[$i]['dn'])  . '");');
2193          else if($lists[$i]['folder'] == true && $lite_mode)
2194            $tpl->setVar('changesubmit', 'return false;');
2195          else if($lists[$i]['template'] == true && $lite_mode)
2196            $tpl->setVar('changesubmit', 'nav_select("'.$lists[$i]['dn'].'");');  
2197          else
2198             $tpl->setVar('changesubmit', '');  
2199          //echo $lists[$i]['level'];
2200          
2201          if($lite_mode)
2202            $hide_box = "; display: none";
2203          
2204          if($lists[$i]['inherited'] == "")
2205            $tpl->setVar('dn_border_color', "#ffffcc".$hide_box);
2206          else if($lists[$i]['inherited'] == 0)
2207            $tpl->setVar('dn_border_color', "#ff6666".$hide_box);
2208          else if($lists[$i]['inherited'] == 1)
2209            $tpl->setVar('dn_border_color', "#66ffcc".$hide_box);
2210          else if($lists[$i]['inherited'] == 2)
2211            $tpl->setVar('dn_border_color', "#9999cc".$hide_box);
2212          
2213          $tpl->setVar('nv', "nv".$i);
2214  
2215          if($lists[$i]['level'] == "")
2216            $tpl->setVar('dn_color', "#ffffcc".$hide_box);
2217          else if($lists[$i]['level'] == 0)
2218            $tpl->setVar('dn_color', "#ff6666".$hide_box);       
2219          else if($lists[$i]['level'] == 1)
2220            $tpl->setVar('dn_color', "#66ffcc".$hide_box);
2221          else if($lists[$i]['level'] == 2)
2222            $tpl->setVar('dn_color', "#9999cc".$hide_box);  
2223          
2224          
2225          $tpl->parse('navB', 'navBlock', true);
2226          }
2227          
2228        return $tpl->subst('main');
2229        }  
2230        
2231      
2232      
2233  
2234      }
2235  ?>

title

Description

title

Description

title

Description

title

title

Body