From d1d2c4fb1d0e9b7a46693e617835850b0edc0fd5 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Sun, 8 Jan 2006 07:15:44 +0000
Subject: adding files and modifications for public ldap search

---
 program/steps/addressbook/func.inc           |   3 +-
 program/steps/addressbook/ldapsearchform.inc | 264 +++++++++++++++++++++++++++
 program/steps/addressbook/save.inc           | 162 +++++++++++-----
 3 files changed, 383 insertions(+), 46 deletions(-)
 create mode 100644 program/steps/addressbook/ldapsearchform.inc

(limited to 'program/steps/addressbook')
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 8065219b0..ee3b8804a 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -81,6 +81,7 @@ function rcmail_contacts_list($attrib)
   $javascript = sprintf("%s.gui_object('contactslist', '%s');\n", $JS_OBJECT_NAME, $attrib['id']);
   $javascript .= sprintf("%s.set_env('current_page', %d);\n", $JS_OBJECT_NAME, $CONTACTS_LIST['page']);
   $javascript .= sprintf("%s.set_env('pagecount', %d);\n", $JS_OBJECT_NAME, ceil($rowcount/$CONFIG['pagesize']));
+  $javascript .= "rcmail.set_env('newcontact', '" . rcube_label('newcontact') . "');";
   //$javascript .= sprintf("%s.set_env('contacts', %s);", $JS_OBJECT_NAME, array2js($a_js_message_arr));
   
   $OUTPUT->add_script($javascript);  
@@ -191,4 +192,4 @@ function rcmail_get_rowcount_text($max=NULL)
   return $out;
   }
 
-?>
\ No newline at end of file
+?>
diff --git a/program/steps/addressbook/ldapsearchform.inc b/program/steps/addressbook/ldapsearchform.inc
new file mode 100644
index 000000000..f7d7cc9f5
--- /dev/null
+++ b/program/steps/addressbook/ldapsearchform.inc
@@ -0,0 +1,264 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | program/steps/addressbook/ldapsearch.inc                              |
+ |                                                                       |
+ | This file is part of the RoundCube Webmail client                     |
+ | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
+ | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Show an ldap search form in the addressbook                         |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Justin Randell <justin.randell@gmail.com>                     |
+ +-----------------------------------------------------------------------+
+
+ $Id$
+
+*/
+require_once 'include/rcube_ldap.inc';
+
+/**
+ * draw the ldap public search form
+ */
+function rcmail_ldap_public_search_form($attrib)
+  {
+  global $CONFIG, $JS_OBJECT_NAME, $OUTPUT; 
+  if (!$CONFIG['ldap_public'])
+    {
+    // no ldap servers to search
+    show_message('noldapserver', 'warning');
+    rcmail_overwrite_action('add');
+    return false;
+    }
+  else
+    {
+    // store some information in the session
+    $_SESSION['ldap_public']['server_count'] = $server_count = count($CONFIG['ldap_public']);
+    $_SESSION['ldap_public']['server_names'] = $server_names = array_keys($CONFIG['ldap_public']);
+    }
+  
+  list($form_start, $form_end) = get_form_tags($attrib);
+  $out = "$form_start<table id=\"ldap_public_search_table\">\n\n";
+  
+  // search name field
+  $search_name = new textfield(array('name' => '_ldap_public_search_name',
+                                     'id'   => 'rcmfd_ldap_public_search_name'));
+  $out .= "<tr><td class=\"title\"><label for=\"rcmfd_ldap_public_search_name\">" . 
+          rep_specialchars_output(rcube_label('ldappublicsearchname')) . 
+          "</label></td><td>" . $search_name->show() . "</td></tr>\n";
+
+
+  // there's more than one server to search for, show a dropdown menu
+  if ($server_count > 1)
+    {
+    $select_server = new select(array('name' => '_ldap_public_servers', 
+                                      'id'   => 'rcfmd_ldap_public_servers'));
+     
+    $select_server->add($server_names, $server_names);
+
+    $out .= '<tr><td class="title"><label for="rcfmd_ldap_public_servers">' .
+            rep_specialchars_output(rcube_label('ldappublicserverselect')) .
+            "</label></td><td>" . $select_server->show() . "</td></tr>\n";
+    }
+  
+  // foreach configured ldap server, set up the search fields
+  for ($i = 0; $i < $server_count; $i++)
+    {
+    $server = $CONFIG['ldap_public'][$server_names[$i]];
+    
+    // only display one search fields select - js takes care of the rest
+    if (!$i)
+      {
+      $field_name = '_ldap_public_search_field';
+      $field_id   = 'rcfmd_ldap_public_search_field';
+
+      $search_fields = new select(array('name' => $field_name, 
+                                        'id'   => $field_id));
+
+      $search_fields->add($server['search_fields'], $server['search_fields']);
+      $out .= '<tr><td class="title"><label for="' . $field_id . '">' .
+              rep_specialchars_output(rcube_label('ldappublicsearchfield')) . 
+              "</label></td><td>" . $search_fields->show() . "</td></tr>\n";
+
+      $search_type = new checkbox(array('name' => '_ldap_public_search_type',
+                                        'id' => 'rcmfd_ldap_public_search_type', 'value' => 0));
+
+      $out .= '<tr id="ldap_fuzzy_search"><td class="title"><label for="rcmfd_ldap_public_search_type">' .
+              rep_specialchars_output(rcube_label('ldappublicsearchtype')) .
+              "</label></td><td>" . $search_type->show() . "</td></tr>\n";
+      }
+
+    // store the search fields in a js array for each server
+    $js = '';
+    foreach ($server['search_fields'] as $k => $search_field)
+      $js .= "'$search_field', ";
+
+    // store whether this server accepts fuzzy search as last item in array
+    $js .= $server['fuzzy_search'] ? "'fuzzy'" : "'exact'";
+    $OUTPUT->add_script("rcmail.set_env('{$server_names[$i]}_search_fields', new Array($js));");
+    }
+
+  // add contact button label text
+  $OUTPUT->add_script("rcmail.set_env('addcontact', '" . rcube_label('addcontact') . "');");
+
+  $out .= "\n</table>$form_end";
+  return $out;  
+  }
+
+/**
+ * get search values and return ldap contacts
+ */
+function rcmail_ldap_public_list()
+  {
+  // just return if we are not being called from a search form
+  if (!isset($_POST['_action']))
+    return null;
+
+  global $CONFIG, $OUTPUT, $JS_OBJECT_NAME;
+  
+  // show no search name warning and exit
+  if (empty($_POST['_ldap_public_search_name']) || trim($_POST['_ldap_public_search_name']) == '')
+    {
+    show_message('nosearchname', 'warning');
+    return false;
+    }
+  
+  // set up ldap server(s) array or bail
+  if ($_SESSION['ldap_public']['server_count'] > 1)
+    // show no ldap server warning and exit
+    if (empty($_POST['_ldap_public_servers']))
+      {
+      show_message('noldappublicserver', 'warning');
+      return false;
+      }
+    else
+      $server_name = $_POST['_ldap_public_servers'];
+  else if ($_SESSION['ldap_public']['server_count'] == 1)
+    $server_name = $_SESSION['ldap_public']['server_names'][0];
+  else
+    return false;
+
+  // get search parameters
+  $search_value = $_POST['_ldap_public_search_name'];
+  $search_field = $_POST['_ldap_public_search_field'];
+
+  // only use the post var for search type if the ldap server allows 'like'
+  $exact = true;
+  if ($CONFIG['ldap_public'][$server_name]['fuzzy_search'])
+    $exact = isset($_POST['_ldap_public_search_type']) ? true : false; 
+  
+  // perform an ldap search
+  $contacts = rcmail_ldap_contact_search($search_value, 
+                                         $search_field, 
+                                         $CONFIG['ldap_public'][$server_name], 
+                                         $exact);
+  
+  // if no results, show a warning and return
+  if (!$contacts)
+    {
+    show_message('nocontactsreturned', 'warning');
+    return false;
+    }
+
+  // add id to message list table if not specified
+  if (!strlen($attrib['id']))
+    $attrib['id'] = 'ldapAddressList';
+  
+  // define table class
+  $attrib['class'] = 'records-table';
+  $attrib['cellspacing'] = 0;
+
+  // define list of cols to be displayed
+  $a_show_cols = array('name', 'email');
+
+  // create XHTML table  
+  $out = rcube_table_output($attrib, $contacts, $a_show_cols, 'row_id');
+
+  // set client env
+  $javascript = "$JS_OBJECT_NAME.gui_object('ldapcontactslist', '{$attrib['id']}');\n";
+  $OUTPUT->add_script($javascript);  
+  
+  return $out;  
+  }
+
+/**
+ * perform search for contacts from given public ldap server
+ */
+function rcmail_ldap_contact_search($search_value, $search_field, $server, $exact=true)
+  {
+  global $CONFIG;
+  
+  $attributes = array($server['name_field'], $server['mail_field']); 
+
+  $LDAP = new rcube_ldap();
+  if ($LDAP->connect($server['hosts'], $server['port'], $server['protocol']))
+    {
+    $filter = "$search_field=" . ($exact ? $search_value : "*$search_value*"); 
+    $result = $LDAP->search($server['base_dn'],
+                            $filter, 
+                            $attributes, 
+                            $server['scope'], 
+                            $sort=null);
+         
+    // add any results to contact array
+    if ($result['count'])
+      {
+      for ($n = 0; $n < $result['count']; $n++)
+        {
+        $contacts[$n]['name']   = $result[$n][$server['name_field']][0];
+        $contacts[$n]['email']  = $result[$n][$server['mail_field']][0];
+        $contacts[$n]['row_id'] = $n + 1;
+        }
+      }
+    }
+  else
+    return false;
+
+  // cleanup
+  $LDAP->close();
+
+  if (!$result['count'])
+    return false;
+ 
+  // weed out duplicate emails
+  for ($n = 0; $n < $result['count']; $n++)
+    for ($i = 0; $i < $result['count']; $i++)
+      if ($contacts[$i]['email'] == $contacts[$n]['email'] && $i != $n)
+        unset($contacts[$n]);
+
+  return $contacts;
+  }
+
+function get_form_tags($attrib)
+  {
+  global $OUTPUT, $JS_OBJECT_NAME, $EDIT_FORM, $SESS_HIDDEN_FIELD;  
+
+  $form_start = '';
+  if (!strlen($EDIT_FORM))
+    {
+    $hiddenfields = new hiddenfield(array('name' => '_task', 'value' => $GLOBALS['_task']));
+    $hiddenfields->add(array('name' => '_action', 'value' => 'ldappublicsearch'));
+    
+    if ($_GET['_framed'] || $_POST['_framed'])
+      $hiddenfields->add(array('name' => '_framed', 'value' => 1));
+    
+    $form_start .= !strlen($attrib['form']) ? '<form name="form" action="./" method="post">' : '';
+    $form_start .= "\n$SESS_HIDDEN_FIELD\n";
+    $form_start .= $hiddenfields->show();
+    }
+    
+  $form_end = (strlen($EDIT_FORM) && !strlen($attrib['form'])) ? '</form>' : '';
+  $form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';
+  
+  $OUTPUT->add_script("$JS_OBJECT_NAME.gui_object('ldappublicsearchform', '$form_name');");
+  
+  $EDIT_FORM = $form_name;
+
+  return array($form_start, $form_end);  
+  }
+
+parse_template('ldappublicsearch');
+?>
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index f5ba139b9..24e375ef7 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -19,18 +19,17 @@
 
 */
 
-
-$a_save_cols = array('name', 'firstname', 'surname', 'email');
-
-
 // check input
-if (empty($_POST['_name']) || empty($_POST['_email']))
+if ((empty($_POST['_name']) || empty($_POST['_email'])) && empty($_GET['_framed']))
   {
   show_message('formincomplete', 'warning');
   rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');
   return;
   }
 
+// setup some vars we need
+$a_save_cols = array('name', 'firstname', 'surname', 'email');
+$contacts_table = get_table_name('contacts');
 
 // update an existing contact
 if ($_POST['_cid'])
@@ -48,7 +47,7 @@ if ($_POST['_cid'])
 
   if (sizeof($a_write_sql))
     {
-    $DB->query("UPDATE ".get_table_name('contacts')."
+    $DB->query("UPDATE $contacts_table
                 SET    changed=now(), ".join(', ', $a_write_sql)."
                 WHERE  contact_id=?
                 AND    user_id=?
@@ -70,7 +69,7 @@ if ($_POST['_cid'])
       $a_show_cols = array('name', 'email');
       $a_js_cols = array();
   
-      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+      $sql_result = $DB->query("SELECT * FROM $contacts_table
                                 WHERE  contact_id=?
                                 AND    user_id=?
                                 AND    del<>1",
@@ -104,64 +103,137 @@ if ($_POST['_cid'])
 else
   {
   $a_insert_cols = $a_insert_values = array();
-  
+
   // check for existing contacts
-  $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
-                            WHERE  user_id=?
-                            AND    email=?
-                            AND    del<>1",
-                           $_SESSION['user_id'],
-                           $_POST['_email']);
+  $sql = "SELECT 1 FROM $contacts_table
+          WHERE  user_id = {$_SESSION['user_id']}
+          AND del <> '1' ";
+
+  // get email and name, build sql for existing user check
+  if (isset($_GET['_emails']) && isset($_GET['_names']))
+    {
+    $sql   .= "AND email IN (";
+    $emails = explode(',', $_GET['_emails']);
+    $names  = explode(',', $_GET['_names']);
+    $count  = count($emails);
+    $n = 0;
+    foreach ($emails as $email)
+      {
+      $end  = (++$n == $count) ? '' : ',';
+      $sql .= $DB->quote(strip_tags($email)) . $end;
+      }
+    $sql .= ")";
+    $ldap_form = true; 
+    }
+  else if (isset($_POST['_email'])) 
+    $sql  .= "AND email = " . $DB->quote(strip_tags($_POST['_email']));
+
+  $sql_result = $DB->query($sql);
 
   // show warning message
   if ($DB->num_rows($sql_result))
     {
     show_message('contactexists', 'warning');
-    $_action = 'add';
+
+    if ($ldap_form)
+      rcmail_overwrite_action('ldappublicsearch');
+    else
+      rcmail_overwrite_action('add');
+
     return;
     }
 
-  foreach ($a_save_cols as $col)
+  if ($ldap_form)
     {
-    $fname = '_'.$col;
-    if (!isset($_POST[$fname]))
-      continue;
-    
-    $a_insert_cols[] = $col;
-    $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
+    $n = 0; 
+    foreach ($emails as $email) 
+      {
+      $DB->query("INSERT INTO $contacts_table 
+                 (user_id, name, email)
+                 VALUES ({$_SESSION['user_id']}," . $DB->quote(strip_tags($names[$n++])) . "," . 
+                                      $DB->quote(strip_tags($email)) . ")");
+      $insert_id[] = $DB->insert_id();
+      }
     }
-    
-  if (sizeof($a_insert_cols))
+  else
     {
-    $DB->query("INSERT INTO ".get_table_name('contacts')."
+    foreach ($a_save_cols as $col)
+      {
+      $fname = '_'.$col;
+      if (!isset($_POST[$fname]))
+        continue;
+    
+      $a_insert_cols[] = $col;
+      $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
+      }
+    
+    if (sizeof($a_insert_cols))
+      {
+      $DB->query("INSERT INTO $contacts_table
                 (user_id, changed, del, ".join(', ', $a_insert_cols).")
                 VALUES (?, now(), 0, ".join(', ', $a_insert_values).")",
                 $_SESSION['user_id']);
                        
-    $insert_id = $DB->insert_id(get_sequence_name('contacts'));
+      $insert_id = $DB->insert_id(get_sequence_name('contacts'));
+      }
     }
     
   if ($insert_id)
     {
-    $_action = 'show';
-    $_GET['_cid'] = $insert_id;
+    if (!$ldap_form)
+      {
+      $_action = 'show';
+      $_GET['_cid'] = $insert_id;
 
-    if ($_POST['_framed'])
+      if ($_POST['_framed'])
+        {
+        // add contact row or jump to the page where it should appear
+        $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
+        $sql_result = $DB->query("SELECT * FROM $contacts_table
+                                  WHERE  contact_id=?
+                                  AND    user_id=?",
+                                  $insert_id,
+                                  $_SESSION['user_id']);
+        $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
+
+        $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
+                             $JS_OBJECT_NAME, 
+                             $JS_OBJECT_NAME,
+                             $insert_id);
+      
+        // update record count display
+        $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
+                             $JS_OBJECT_NAME, 
+                             $JS_OBJECT_NAME,
+                             rcmail_get_rowcount_text());
+
+        $OUTPUT->add_script($commands);
+        }
+
+      // show confirmation
+      show_message('successfullysaved', 'confirmation');      
+      }
+    else 
       {
       // add contact row or jump to the page where it should appear
-      $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
-      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
-                                WHERE  contact_id=?
-                                AND    user_id=?",
-                                $insert_id,
-                                $_SESSION['user_id']);
-      $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
+      $commands = '';
+      foreach ($insert_id as $id) 
+        {
+        $sql_result = $DB->query("SELECT * FROM $contacts_table
+                                  WHERE  contact_id = $id
+                                  AND    user_id    = {$_SESSION['user_id']}");
+        
+        $commands .= sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
+        $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
+        $last_id = $id;
+        }
 
+      // display the last insert id
       $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
-                           $JS_OBJECT_NAME, 
-                           $JS_OBJECT_NAME,
-                           $insert_id);
-      
+                            $JS_OBJECT_NAME, 
+                            $JS_OBJECT_NAME,
+                            $last_id);
+
       // update record count display
       $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
                            $JS_OBJECT_NAME, 
@@ -169,10 +241,11 @@ else
                            rcmail_get_rowcount_text());
 
       $OUTPUT->add_script($commands);
-      
-      // show confirmation
-      show_message('successfullysaved', 'confirmation');      
+      rcmail_overwrite_action('ldappublicsearch');
       }
+
+    // show confirmation
+    show_message('successfullysaved', 'confirmation');      
     }
   else
     {
@@ -182,5 +255,4 @@ else
     }
   }
 
-
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3


" . + rep_specialchars_output(rcube_label('ldappublicsearchname')) . + "	" . $search_name->show() . "
' . + rep_specialchars_output(rcube_label('ldappublicserverselect')) . + "	" . $select_server->show() . "
' . + rep_specialchars_output(rcube_label('ldappublicsearchfield')) . + "	" . $search_fields->show() . "
' . + rep_specialchars_output(rcube_label('ldappublicsearchtype')) . + "	" . $search_type->show() . "