use CGI;
use Util;
use URI::Escape;
-use Net::LDAP qw(:all);
+use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
# Global settings...
my %config = &Util::ReadConfigFile;
my $query = new CGI;
my $id = $query->param('id');
my $authtoken = $query->param('authtoken');
-my $password = &Util::CheckAuthToken($authtoken);
-my $dosearch = $query->param('dosearch');
-my $searchdn = $query->param('searchdn');
+my $dosearch = uri_escape($query->param('dosearch'));
+my $searchdn = uri_escape($query->param('searchdn'));
+
my $ldap = undef;
+my $password = undef;
+
+if ($authtoken || $id) {
+ $password = Util::TouchAuthToken($authtoken, $id);
+} else {
+ $password = '';
+ $id = '';
+ $authtoken = '';
+}
my $proto = ($ENV{HTTPS} ? "https" : "http");
$ldap->unbind if (defined($ldap));
}
-$SIG{__DIE__} = \&DieHandler;
+#$SIG{__DIE__} = \&DieHandler;
if (!$dosearch) {
# No action yet, send back the search form...
# go through %searchdata and pull out all the search criteria the user
# specified...
- my $filter = "(objectclass=inetOrgPerson)";
+ my $filter = "(objectclass=inetOrgPerson)(!(accountStatus=*))";
foreach (keys(%searchdata)) {
if ($query->param($searchdata{$_}{formname})) {
if ($query->param($searchdata{$_}{fuzzy})) {
# Now, we are ready to connect to the LDAP server.
$ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+ &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
my $auth = 0;
my $mesg;
# Format the output....
foreach $dn (sort {$entries->{$a}->{sn}->[0] <=> $entries->{$b}->{sn}->[0]} keys(%$entries)) {
my $ok = 0;
- $data = $entries->{$dn};
-
# These are local variables.. i have enough global vars as it is... <sigh>
my ($ufdn, $login, $name, $icquin, $jabberjid, $email, $fingerprint,
$address, $latlong, $vacation, $created, $modified, $lastseen, $gender) = undef;
+
+ # Last seen information (Echelon)
+ $lastseen = &Util::FormatLastSeen($entries->{$dn}->{"activity-pgp"}->[0],
+ $entries->{$dn}->{"activity-from"}->[0]);
+
+ $data = $entries->{$dn};
+ for my $key (keys %{$data}) {
+ @{$data->{$key}} = map { CGI::escapeHTML($_); } @{$data->{$key}};
+ }
$ufdn = $dn; # Net::LDAP does not have a dn2ufn function, but this is close enough :)
$modified = &Util::FormatTimestamp($data->{modifytimestamp}->[0]);
$created = &Util::FormatTimestamp($data->{createtimestamp}->[0]);
- # Last seen information (Echelon)
- $lastseen = &Util::FormatLastSeen($data->{"activity-pgp"}->[0],
- $data->{"activity-from"}->[0]);
-
# Link in the debian login id
$login = $data->{uid}->[0];
$login = "$login";
$vacation = $data->{onvacation}->[0] if ($authtoken && $id);
# OK, now generate output... (i.e. put the output into the buffer )
- $outsub{searchresults} .= '<table border=2 cellpadding=2 cellspacing=0 bgcolor="#DDDDDD" width="80%">';
+ $outsub{searchresults} .= '<table class="debform" border=2 cellpadding=2 cellspacing=0 bgcolor="#DDDDDD" width="80%">';
$outsub{searchresults} .= '<tr><th bgcolor="#44CCCC" colspan=2><font size=+1>'."$name</font> ";
$outsub{searchresults} .= "($ufdn)</th></tr>\n";
# If this is ourselves, present a link to do mods
if ($auth && ($id eq $data->{uid}->[0])) { #TODO: extract this string into a url for translation...
- $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id&authtoken=$authtoken&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
+ $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id;authtoken=$authtoken\">Edit my settings</a>\n";
}
$outsub{searchresults} .= "<br><br><br>\n";