<?php
/*
 * LDAP Integration - user record upgrade script for 4.7 users -> 5.0
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.

 * This PHP script goes through the users table and makes sure all users marked
 * ldap_authentified = TRUE have all the required LDAP fields in their
 * serialized data.
 * 
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * !BACK UP YOUR DATABASE BEFORE YOU RUN THIS SCRIPT! 
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * 
 * Really!
 * 
 
 * What this script will do is:
 * 
 * - Loop through all users that had an LDAP config from 4.7
 *   (the user record has ldap_authentified = True and ldap_dn set)
 * 
 * - For users that are ldap_authentified but are missing the
 *   ldap_config variable, it will add that variable set to whatever
 *   you specify below.
 * 
 * After that all your 4.7 users should be able to log in properly
 * without getting connection errors (from ldap_authentication not
 * knowing which LDAP server to connect to).  
 *
 * INSTALL INSTRUCTIONS
 * 
 * Note - this script will not work if you are using a table prefix!  You
 * will have to modify the "users" table name in the queries!
 * 
 * 1. Put the file in the sites folder for your site, next to settings.php
 * 2. Edit the configuration options below to your liking.  Change the
 *    default password from "changeme" to something else.
 * 3. Run the script with whatever password you set:
 *  http://www.yoursite.com/sites/yoursite.com/pci_users_fix_ldap.php?pass=changeme
 */

// CONFIGURATION: 

// the name of your preferred LDAP server.  Should match
// the name used in /admin/settings/ldapauth and /admin/settings/ldapdata
$ldap_server_name = "postcarbon";

// the base DN for users to be long to.  Their username will be
// added to this and it will be saved as their DN.
$ldap_base_dn = "ou=Users,dc=postcarbon,dc=org";

// you can change the identifier from cn= to whatever you have set in
// admin/settings/ldapauth
$ldap_unique_attr = "cn";

// The password to run the page.  Changing this ensures
// no one will be able to run the page if you forget it.
$password = 'changeme';

/////////////////////////////////////////////////////////////////////////////
/***************************************************************************/
/**** End of Configuration Section - Do not change anything below here! ****/
/***************************************************************************/
///////////////////////////////////////////////////////////////////////////
define('SUCCESS',0);
define('ERROR_INVALID_PASSWORD',-1);
define('ERROR_CANNOT_CONNECT_TO_DB_SERVER',-2);
define('ERROR_CANNOT_SELECT_DB',-3);


header('Content-type: text/plain');

// run this script from your top level site folder
// it will read your database settings and URL from settings.php
require_once "settings.php";  

// make sure the password was correctly provided
if (isset($_GET['pw']) && ($_GET['pw'] == $password)) {
	// the DSN is in an URL format.
	$dbURL = parse_url($db_url);
	$db_server = $dbURL['host'];
	$db_user = $dbURL['user'];
	$db_pass = $dbURL['pass'];
	$db_name = substr($dbURL['path'],1); // remove initial slash	

	// connect and select DB
	$link = mysql_connect($db_server,$db_user, $db_pass);
	if (!$link) {
		echo "ERROR: Cannot connect to database server $db_server, with username $db_user and password.\n";
		exit(ERROR_CANNOT_CONNECT_TO_DB_SERVER);
	}
	if (!mysql_select_db($db_name)) {
		echo "ERROR: Cannot select database: $db_name\n";
		exit(ERROR_CANNOT_SELECT_DB);
	}	
	
	echo "Connected to Server: $db_server, Database: $db_name as User: $db_user.\n\n";

	// Now list all users that have the string ldap in their data field
	$sql = "select * from users where data like '%ldap%'";
	$sqlResult = mysql_query($sql);

	if ($sqlResult) {
		echo "There are " . mysql_num_rows($sqlResult) . " LDAP users to process.\n\n";
		
		while ($nextRow = mysql_fetch_assoc($sqlResult)) {
			echo "\nNext user: " . $nextRow['name'] . ", E-Mail: " . $nextRow['mail']  . "\n";
			$data = unserialize($nextRow['data']);
			
			//print_r($data); // output the next user's data field
			if ($data['ldap_authentified']) {
				echo "LDAP User!  DN: " . $data['ldap_dn'] . "\n";
			}
			
			if (!$data['ldap_config']) { 
				echo "LDAP Config not set!  Updating ldap_config field to " . $ldap_server_name . "\n";
				$data['ldap_config'] = $ldap_server_name;
				$updateData = serialize($data);
				$sql = "update users set data = '" . str_replace("'", "''", $updateData) . "' where uid = " . $nextRow['uid']; 
				$updateResult = mysql_query($sql);
			} else {
				echo "ldap_config is already set to: " . $data['ldap_config'] . "\n";
			}
		}

	} else {
		echo "No users set to LDAP were found.\n";
	}


} else { // else the password was not correctly provided or not provided at all.
			 // display an error -1 message and exit.
		echo "ERROR " . ERROR_INVALID_PASSWORD . ":  Please contact the administrator.\n\n";
		echo "If YOU are the administrator, please read the instructions in the script before running it!\n";

		exit(ERROR_INVALID_PASSWORD);
}

?>