Add feature to enable/disable account

ltb-project · Jul 26, 2024 · 0768892 · 0768892
1 parent d4d5e21
commit 0768892
Show file tree

Hide file tree

Showing 8 changed files with 172 additions and 0 deletions.
diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -110,21 +110,33 @@
 $display_password_expiration_date = true;
 
 # Features
+
 $use_checkpassword = true;
+
 $use_resetpassword = true;
 $use_resetpassword_resetchoice = true;
 $resetpassword_reset_default = true;
+
 $show_lockstatus = true;
 $use_unlockaccount = true;
 $use_lockaccount = true;
+
 $show_expirestatus = true;
+
 $use_searchlocked = true;
+
 $use_searchexpired = true;
+
 $use_searchwillexpire = true;
 $willexpiredays = 14;
+
 $use_searchidle = true;
 $idledays = 60;
 
+$use_enableaccount = false;
+$use_disableaccount = false;
+$show_enablestatus = false;
+
 ## Mail
 # LDAP mail attribute
 $mail_attributes = array( "mail", "gosaMailAlternateAddress", "proxyAddresses" );

diff --git a/htdocs/disableaccount.php b/htdocs/disableaccount.php
@@ -0,0 +1,44 @@
+<?php
+/*
+ * Disable account in LDAP directory
+ */
+
+$result = "";
+$dn = "";
+$password = "";
+
+if (isset($_POST["dn"]) and $_POST["dn"]) {
+    $dn = $_POST["dn"];
+} else {
+    $result = "dnrequired";
+}
+
+if (!$use_disableaccount) {
+    $result = "actionforbidden";
+}
+
+if ($result === "") {
+
+    require_once("../conf/config.inc.php");
+    require __DIR__ . '/../vendor/autoload.php';
+
+    # Connect to LDAP
+    $ldap_connection = $ldapInstance->connect();
+
+    $ldap = $ldap_connection[0];
+    $result = $ldap_connection[1];
+
+    if ($ldap) {
+        if ( $directory->disableAccount($ldap, $dn) ) {
+            $result = "accountdisabled";
+        } else {
+            $result = "ldaperror";
+        }
+    }
+}
+
+if ($audit_log_file) {
+    auditlog($audit_log_file, $dn, $audit_admin, "disableaccount", $result);
+}
+
+header('Location: index.php?page=display&dn='.$dn.'&disableaccountresult='.$result);
diff --git a/htdocs/display.php b/htdocs/display.php
@@ -15,6 +15,7 @@
 $posthookresult= "";
 $ldapExpirationDate="";
 $canLockAccount="";
+$isAccountEnabled = "";
 
 if (isset($_GET["dn"]) and $_GET["dn"]) {
     $dn = $_GET["dn"];
@@ -119,6 +120,10 @@
         $isExpired = $directory->isPasswordExpired($ldap, $dn, array('pwdMaxAge' => $pwdMaxAge));
 
         $resetAtNextConnection = $directory->resetAtNextConnection($ldap, $dn);
+
+        if ($show_enablestatus) {
+            $isAccountEnabled = $directory->isAccountEnabled($ldap, $dn);
+        }
     }
 }
 
@@ -145,4 +150,6 @@
 $smarty->assign("prehookresult", $prehookresult);
 $smarty->assign("posthookresult", $posthookresult);
 if ($canLockAccount == false) $smarty->assign("use_lockaccount", $canLockAccount);
+
+$smarty->assign("isAccountEnabled", $isAccountEnabled);
 ?>
diff --git a/htdocs/enableaccount.php b/htdocs/enableaccount.php
@@ -0,0 +1,44 @@
+<?php
+/*
+ * Enable account in LDAP directory
+ */
+
+$result = "";
+$dn = "";
+$password = "";
+
+if (isset($_POST["dn"]) and $_POST["dn"]) {
+    $dn = $_POST["dn"];
+} else {
+    $result = "dnrequired";
+}
+
+if (!$use_enableaccount) {
+    $result = "actionforbidden";
+}
+
+if ($result === "") {
+
+    require_once("../conf/config.inc.php");
+    require __DIR__ . '/../vendor/autoload.php';
+
+    # Connect to LDAP
+    $ldap_connection = $ldapInstance->connect();
+
+    $ldap = $ldap_connection[0];
+    $result = $ldap_connection[1];
+
+    if ($ldap) {
+        if ( $directory->enableAccount($ldap, $dn) ) {
+            $result = "accountenabled";
+        } else {
+            $result = "ldaperror";
+        }
+    }
+}
+
+if ($audit_log_file) {
+    auditlog($audit_log_file, $dn, $audit_admin, "enableaccount", $result);
+}
+
+header('Location: index.php?page=display&dn='.$dn.'&enableaccountresult='.$result);
diff --git a/htdocs/index.php b/htdocs/index.php
@@ -135,6 +135,9 @@
 $smarty->assign('use_searchwillexpire',$use_searchwillexpire);
 $smarty->assign('use_searchidle',$use_searchidle);
 $smarty->assign('fake_password_inputs',$fake_password_inputs);
+$smarty->assign('use_enableaccount',$use_enableaccount);
+$smarty->assign('use_disableaccount',$use_disableaccount);
+$smarty->assign('show_enablestatus',$show_enablestatus);
 
 # Assign messages
 $smarty->assign('lang',$lang);

diff --git a/lang/en.inc.php b/lang/en.inc.php
@@ -4,21 +4,28 @@
 # English
 #==============================================================================
 
+$messages['accountenabled'] = "Account is enabled";
+$messages['accountdisabled'] = "Account is disabled";
 $messages['accountlocked'] = "Account is locked";
+$messages['accountnotdisabled'] = "Fail to disable account";
+$messages['accountnotenabled'] = "Fail to enable account";
 $messages['accountnotlocked'] = "Fail to lock account";
 $messages['accountnotunlocked'] = "Fail to unlock account";
 $messages['accountunlocked'] = "Account is not locked";
 $messages['accountstatus'] = "Account status";
+$messages['actionforbidden'] = "Action forbidden";
 $messages['changesubject'] = "Your password has been changed";
 $messages['changesubjectforadmin'] = "User password has been changed";
 $messages['changemessage'] = "Hello {name},\n\nYour password has been changed.\n\nIf you didn't request a password reset, please contact your administrator for details.";
 $messages['changemessageforadmin'] = "Hello,\n\nThe password of account {dn} has been changed.\n.";
 $messages['checkpassword'] = "Check password";
 $messages['currentpassword'] = "Current password";
 $messages['dashboards'] = "Dashboards";
+$messages['disableaccount'] = "Disable account";
 $messages['displayentry'] = "Display entry";
 $messages['dnrequired'] = "Entry identifier required";
 $messages['editentry'] = "Edit entry";
+$messages['enableaccount'] = "Enable account";
 $messages['entriesfound'] = "entries found";
 $messages['entryfound'] = "entry found";
 $messages['expiredaccounts'] = "Passwords expired";

diff --git a/lang/fr.inc.php b/lang/fr.inc.php
@@ -4,21 +4,28 @@
 # French
 #==============================================================================
 
+$messages['accountenabled'] = "Le compte est activé";
+$messages['accountdisabled'] = "Le compte est désactivé";
 $messages['accountlocked'] = "Le compte est bloqué";
+$messages['accountnotdisabled'] = "Échec de la désactivation du compte";
+$messages['accountnotenabled'] = "Échec de l'activation du compte";
 $messages['accountnotlocked'] = "Échec de blocage du compte";
 $messages['accountnotunlocked'] = "Échec de déblocage du compte";
 $messages['accountstatus'] = "Statut du compte";
 $messages['accountunlocked'] = "Le compte n'est pas bloqué";
+$messages['actionforbidden'] = "Action interdite";
 $messages['changesubject'] = "Votre mot de passe a été changé";
 $messages['changesubjectforadmin'] = "Le mot de passe d'un utilisateur a été changé";
 $messages['changemessage'] = "Bonjour {name},\n\nVotre mot de passe a été changé.\nSi vous n'êtes pas à l'origine de cette demande, contactez votre administrateur pour obtenir des précisions.";
 $messages['changemessageforadmin'] = "Bonjour,\n\nLe mot de passe du compte {dn} a été changé.";
 $messages['checkpassword'] = "Vérification du mot de passe";
 $messages['currentpassword'] = "Mot de passe actuel";
 $messages['dashboards'] = "Tableaux de bord";
+$messages['disableaccount'] = "Désactiver le compte";
 $messages['displayentry'] = "Afficher l'entrée";
 $messages['dnrequired'] = "L'identifiant de l'entrée est requis";
 $messages['editentry'] = "Modifier l'entrée";
+$messages['enableaccount'] = "Activer le compte";
 $messages['entriesfound'] = "entrées trouvées";
 $messages['entryfound'] = "entrée trouvée";
 $messages['expiredaccounts'] = "Mots de passe expirés";

diff --git a/templates/display.tpl b/templates/display.tpl
@@ -271,5 +271,53 @@
         {/if}
         {/if}
 
+        {if $show_enablestatus}
+        {if $isAccountEnabled}
+        <div class="card mb-3 shadow border-success">
+            <div class="card-header text-bg-success text-center">
+                <p class="card-title">
+                    <i class="fa fa-fw fa-check-square-o"></i>
+                    {$msg_accountenabled}
+                </p>
+            </div>
+            {if $use_disableaccount}
+            <div class="card-body">
+                <form id="disableaccount" method="post" action="index.php?page=disableaccount">
+                    {if $disableaccountresult eq 'ldaperror' or $disableaccountresult eq 'actionforbidden'}
+                    <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotdisabled}</div>
+                    {/if}
+                    <input type="hidden" name="dn" value="{$dn}" />
+                    <button type="submit" class="btn btn-success">
+                        <i class="fa fa-fw fa-user-slash"></i> {$msg_disableaccount}
+                    </button>
+                </form>
+            </div>
+            {/if}
+        </div>
+        {else}
+        <div class="card mb-3 shadow border-danger">
+            <div class="card-header text-bg-danger text-center">
+                <p class="card-title">
+                    <i class="fa fa-fw fa-exclamation-triangle"></i>
+                    {$msg_accountdisabled}
+                </p>
+            </div>
+            {if $use_enableaccount}
+            <div class="card-body">
+                <form id="disableaccount" method="post" action="index.php?page=enableaccount">
+                    {if $enableaccountresult eq 'ldaperror' or $enableaccountresult eq 'actionforbidden'}
+                    <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotenabled}</div>
+                    {/if}
+                    <input type="hidden" name="dn" value="{$dn}" />
+                    <button type="submit" class="btn btn-success">
+                        <i class="fa fa-fw fa-user-check"></i> {$msg_enableaccount}
+                    </button>
+                </form>
+            </div>
+            {/if}
+        </div>
+       {/if}
+       {/if}
+
    </div>
 </div>