1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Admin interface for general ldap api settings.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
*
|
10
|
*/
|
11
|
function ldap_servers_settings() {
|
12
|
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
13
|
|
14
|
if (!ldap_servers_ldap_extension_loaded()) {
|
15
|
drupal_set_message(t('PHP LDAP Extension is not loaded.'), "warning");
|
16
|
}
|
17
|
|
18
|
$form['#title'] = "Configure LDAP Preferences";
|
19
|
|
20
|
$options = ldap_servers_encrypt_types();
|
21
|
|
22
|
/** when this is changed, need to decrypt and possibly encrypt pwd in newly selected format
|
23
|
* ... thus default needs to be "No Encryption" to avoid confusion.
|
24
|
*/
|
25
|
|
26
|
$form['previous_encryption'] = ['#type' => 'hidden', '#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT)];
|
27
|
$form['encryption'] = ['#type' => 'fieldset', '#title' => t('Encryption')];
|
28
|
$form['encryption']['ldap_servers_encryption'] = [
|
29
|
'#type' => 'select',
|
30
|
'#options' => $options,
|
31
|
'#title' => t('Obfuscate LDAP Passwords?'),
|
32
|
'#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT),
|
33
|
'#description' => t('With obfuscation enabled, passwords will be stored in encrypted form and decrypted with the site hash.'),
|
34
|
];
|
35
|
|
36
|
// Disable the form field and explain this to the user.
|
37
|
if (count($options) == 1) {
|
38
|
$form['encryption']['ldap_servers_encryption']['#disabled'] = TRUE;
|
39
|
$form['encryption']['ldap_servers_encryption']['#description'] = ' <strong>' . t('Obfuscation is not supported on this web server.') . '</strong>';
|
40
|
}
|
41
|
|
42
|
$form = system_settings_form($form);
|
43
|
// Needs to be first.
|
44
|
array_unshift($form['#submit'], 'ldap_servers_settings_submit');
|
45
|
return $form;
|
46
|
}
|
47
|
|
48
|
/**
|
49
|
*
|
50
|
*/
|
51
|
function ldap_servers_settings_submit($form, &$form_state) {
|
52
|
if ($form_state['submitted']) {
|
53
|
$new_encyption = $form_state['values']['ldap_servers_encryption'];
|
54
|
$old_encyption = $form_state['values']['previous_encryption'];
|
55
|
|
56
|
// Use db instead of functions to avoid classes encryption and decryption.
|
57
|
if ($new_encyption != $old_encyption) {
|
58
|
$servers = db_query("SELECT sid, bindpw FROM {ldap_servers} WHERE bindpw is not NULL AND bindpw <> ''")->fetchAllAssoc('sid');
|
59
|
foreach ($servers as $sid => $server) {
|
60
|
if ($server->bindpw != '') {
|
61
|
$decrypted_bind_pwd = ldap_servers_decrypt($server->bindpw, $old_encyption);
|
62
|
$rencrypted = ldap_servers_encrypt($decrypted_bind_pwd, $new_encyption);
|
63
|
}
|
64
|
else {
|
65
|
$rencrypted = '';
|
66
|
}
|
67
|
db_query("UPDATE {ldap_servers} SET bindpw = :bindpw WHERE sid = :sid", [':bindpw' => $rencrypted, ':sid' => $sid]);
|
68
|
}
|
69
|
}
|
70
|
}
|
71
|
}
|