New version number

[mirror/userdir-ldap-cgi.git] / search.cgi

diff --git a/search.cgi b/search.cgi
index 42ad3d6..59b6471 100755 (executable)
--- a/search.cgi
+++ b/search.cgi
@@ -17,12 +17,21 @@ use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
 my %config = &Util::ReadConfigFile;
 
 my $query = new CGI;
-my $id = uri_escape($query->param('id'));
-my $authtoken = uri_escape($query->param('authtoken'));
-my $password = &Util::CheckAuthToken($authtoken);
+my $id = $query->param('id');
+my $authtoken = $query->param('authtoken');
 my $dosearch = uri_escape($query->param('dosearch'));
 my $searchdn = uri_escape($query->param('searchdn'));
+
 my $ldap = undef;
+my $password = undef;
+
+if ($authtoken || $id) {
+  $password = Util::TouchAuthToken($authtoken, $id);
+} else {
+  $password = '';
+  $id = '';
+  $authtoken = '';
+}
 
 my $proto = ($ENV{HTTPS} ? "https" : "http");
 
@@ -61,7 +70,7 @@ if (!$dosearch) {
 
   # go through %searchdata and pull out all the search criteria the user
   # specified...
-  my $filter = "(objectclass=inetOrgPerson)";
+  my $filter = "(objectclass=inetOrgPerson)(!(accountStatus=*))";
   foreach (keys(%searchdata)) {
     if ($query->param($searchdata{$_}{formname})) {    
       if ($query->param($searchdata{$_}{fuzzy})) {
@@ -236,7 +245,7 @@ if (!$dosearch) {
     
     # If this is ourselves, present a link to do mods
     if ($auth && ($id eq $data->{uid}->[0])) { #TODO: extract this string into a url for translation...
-      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=".uri_escape($id)."&authtoken=".uri_escape($authtoken)."&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
+      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id;authtoken=$authtoken\">Edit my settings</a>\n";
     }
     
     $outsub{searchresults} .= "<br><br><br>\n";