lib
Interfaces, Classes, Traits and Enums
- moduleCache
- Caches module objects.
- LAMException
- LAM exception with title and message.
- SchemaItem
- Generic parent class for all schema items. A schema item is an ObjectClass, an AttributeBype, a MatchingRule, or a Syntax.
- ObjectClass
- Represents an LDAP objectClass
- ObjectClassAttribute
- A simple class for representing AttributeTypes used only by the ObjectClass class.
- AttributeType
- Represents an LDAP AttributeType
- Syntax
- Represents an LDAP Syntax
- MatchingRule
- Represents an LDAP MatchingRule
- MatchingRuleUse
- Represents an LDAP schema matchingRuleUse entry
- LamTemporaryFilesManager
- Manages temporary files.
Table of Contents
- array_delete() : array<string|int, T>
- This function will return all values from $array without values of $values.
- in_array_ignore_case() : mixed
- Checks if a string exists in an array, ignoring case.
- areArrayContentsEqual() : bool
- Checks if two arrays have the same content.
- natCaseKeySort() : array<string|int, mixed>
- Sorts an array in natural order by its keys.
- ntPassword() : string
- Generates the NT hash of a password.
- pwd_hash() : string
- Returns the hash value of a plain text password.
- getHashType() : string
- Returns the hash type of the given password hash.
- getSupportedHashTypes() : array<string|int, mixed>
- Returns the list of supported hash types (e.g. SSHA).
- generateSalt() : string
- Calculates a password salt of the given length.
- pwd_enable() : string
- Marks an password hash as enabled and returns the new hash string
- pwd_disable() : string
- Marks an password hash as disabled and returns the new hash string
- pwd_is_lockable() : bool
- Checks if a Unix password can be locked.
- pwd_is_enabled() : bool
- Checks if a password hash is enabled/disabled
- generateRandomPassword() : string
- Generates a random password with 14 digits by default.
- generateRandomText() : string
- Generates a random text with 20 letters by default.
- checkPasswordHash() : bool
- Checks if the given password matches the crypto hash.
- getNumberOfCharacterClasses() : int
- Returns the number of character classes in a password.
- search_domains() : array<string|int, mixed>
- Returns an array with all Samba 3 domain entries under the given suffix
- get_preg() : bool
- Checks if a given value matches the selected regular expression.
- convertCommaEscaping() : string
- Converts the comma escaping from Windows to OpenLDAP style.
- connectToLDAP() : mixed
- Connects to an LDAP server using the given URL.
- searchLDAPByAttribute() : array<string|int, mixed>
- This will search the given LDAP suffix for all entries which have the given attribute.
- searchLDAPByFilter() : array<string|int, mixed>
- This will search the given LDAP suffix for all entries which match the given filter.
- searchLDAP() : array<string|int, mixed>
- Runs an LDAP search.
- getLDAPServerHandle() : Connection
- Returns the LDAP server handle.
- searchLDAPPaged() : array<string|int, mixed>
- Runs an LDAP search and uses paging if configured.
- ldapGetDN() : array<string|int, mixed>|null
- Returns the given DN.
- ldapListDN() : array<string|int, mixed>
- Returns the DN and children of a given DN.
- deleteDN() : array<string|int, mixed>
- Deletes a DN and all child entries.
- getCommonLdapControls() : array<string|int, mixed>|null
- Returns a list of LDAP controls for all LDAP calls.
- copyDnRecursive() : void
- Performs a recursive copy from old DN under target DN.
- moveDn() : void
- Moves an LDAP entry.
- getLastLDAPError() : array<string|int, mixed>|null
- Returns the parameters for a StatusMessage of the last LDAP search.
- cleanLDAPResult() : mixed
- Cleans the result of an LDAP search.
- getAbstractDN() : string
- Transforms a DN into a more user friendly format.
- unescapeLdapSpecialCharacters() : string
- Unescapes LDAP special characters for readability.
- unescapeLdapSpecialCharactersCallback() : string
- Callback function for unescaping DN.
- compareDN() : int
- Helper function to sort DNs.
- compareLDAPEntriesByDn() : int
- Helper function to sort LDAP entries by DN.
- lam_base64url_encode() : string
- Does a Base64 encoding that is URL safe.
- lam_base64url_decode() : string
- Does a Base64 decoding that is URL safe.
- formatLDAPTimestamp() : string
- Formats an LDAP time string (e.g. from createTimestamp).
- parseLDAPTimestamp() : DateTime
- Parses an LDAP time stamp and returns a DateTime in current time zone.
- obfuscateText() : string|null
- Simple function to obfuscate strings.
- deobfuscateText() : string|null
- Simple function to deobfuscate strings.
- isObfuscatedText() : bool
- Checks if the given text is obfuscated.
- extractRDNAttribute() : string|null
- Extracts the RDN attribute name from a given DN.
- extractRDNValue() : string|null
- Extracts the RDN attribute value from a given DN.
- extractRDN() : string|null
- Extracts the RDN part of the DN.
- extractDNSuffix() : string|null
- Extracts the DN suffix from a given DN.
- testSmtpConnection() : void
- Checks if the SMTP connection with the given settings is fine.
- sendPasswordMail() : array<string|int, mixed>
- Sends the password mail.
- sendEMail() : mixed
- Sends out an email.
- isCommandlineSafeEmailAddress() : bool
- Checks if an email address is safe for use on commandline
- sendPasswordSms() : array<string|int, mixed>
- Sends the password SMS.
- sendSmsTestMessage() : void
- Sends an SMS test message.
- getSmsPhoneNumber() : string|null
- Returns the SMS phone number of a user.
- getRandomNumber() : int
- Returns a random number.
- getLDAPSSLCertificate() : mixed
- Connects to the LDAP server and extracts the certificates.
- getExtendedLDAPErrorMessage() : string
- Returns the extended LDAP error message if any.
- getDefaultLDAPErrorString() : string
- Returns the default error message to display on the web page.
- ldapIsPasswordExpired() : bool
- Returns if the last LDAP error was due to expired password or forced password change (AD only).
- getExtraInvalidCredentialsMessage() : string
- Tries to get additional information why invalid credentials was returned. E.g. account is locked.
- getCallingURL() : string|null
- Returns the URL under which the page was loaded.
- getTimeZoneOffsetHours() : float
- Returns the offset in hours from the configured time zone to GMT.
- getTimeZone() : DateTimeZone
- Returns the configured time zone.
- getFormattedTime() : mixed
- Returns the current time in formatted form.
- formatSecondsToShortFormat() : string
- Formats a number of seconds to a more human readable format with minutes, hours, etc.
- unformatShortFormatToSeconds() : int|string
- Unformats text like 1m10s back to number of seconds.
- enforceUserIsLoggedIn() : mixed
- Checks if the user is logged in. Stops script execution if not.
- printHeaderContents() : mixed
- Prints the content of the header part.
- printJsIncludes() : mixed
- Prints script tags for all LAM JS files.
- convertUtf8ToUtf16Le() : mixed
- Converts a UTF-8 string to UTF16LE.
- getLAMVersionText() : string
- Returns the text with LAM and its version for header area.
- isDeveloperVersion() : bool
- Returns if the given release is a developer version.
- lam_start_session() : mixed
- Starts a session and sets the cookie options.
- lamDefaultCookieOptions() : array<string|int, mixed>
- startSecureSession() : bool
- Starts a session and checks the environment.
- isFileBasedSession() : bool
- Returns if the session uses files storage.
- checkClientIP() : mixed
- Checks if the client's IP address is on the list of allowed IPs.
- logoffAndBackToLoginPage() : void
- Logs off the user and displays the login page.
- isDebugLoggingEnabled() : bool
- Returns if debug messages are to be logged.
- logNewMessage() : void
- Puts a new message in the log file.
- checkIfWriteAccessIsAllowed() : bool
- Checks if write access to LDAP is allowed.
- checkIfPasswordChangeIsAllowed() : bool
- Checks if passwords may be changed.
- checkIfNewEntriesAreAllowed() : bool
- Checks if it is allowed to create new LDAP entries of the given type.
- checkIfDeleteEntriesIsAllowed() : bool
- Checks if it is allowed to delete LDAP entries of the given type.
- checkPasswordStrength() : true|string
- Checks if the password fulfills the password policies.
- checkPwdWithExternalPasswordService() : bool
- Checks the password against the external password service.
- checkIfToolIsActive() : mixed
- Checks if the given tool is active.
- isLoggedIn() : bool
- Returns if the user is logged in.
- getClientIPForLogging() : string
- Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).
- getLamLdapUser() : string
- Returns the login dn of the current user.
- addSecurityTokenToSession() : void
- Adds a security token to the session to prevent CSRF attacks.
- validateSecurityToken() : mixed
- Checks if the security token from SESSION matches POST data.
- addSecurityTokenToMetaHTML() : mixed
- Adds a hidden input field to the given meta HTML table.
- getSecurityTokenName() : string
- Returns the name of the security token parameter.
- getSecurityTokenValue() : string
- Returns the value of the security token parameter.
- setLAMHeaders() : mixed
- Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
- lamEncrypt() : string
- Encrypts a string
- lamDecrypt() : string
- Decrypts a string
- lamEncryptionAlgo() : string
- Returns the encryption algorithm to use.
- lamLogRemoteMessage() : mixed
- Logs a message to a remote logging service.
- StatusMessage() : string
- This function prints a short status message. It can be used to print INFO, WARN and ERROR messages.
Functions
array_delete()
This function will return all values from $array without values of $values.
array_delete(array<string|int, T> $values, array<string|int, T>|null $array) : array<string|int, T>
Parameters
- $values : array<string|int, T>
-
list of values which should be removed
- $array : array<string|int, T>|null
-
list of original values
Tags
Return values
array<string|int, T> —list of remaining values
in_array_ignore_case()
Checks if a string exists in an array, ignoring case.
in_array_ignore_case(string|null $needle, array<string|int, mixed>|null $haystack) : mixed
Parameters
- $needle : string|null
-
search string
- $haystack : array<string|int, mixed>|null
-
array
Return values
mixed —areArrayContentsEqual()
Checks if two arrays have the same content.
areArrayContentsEqual(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : bool
Parameters
- $array1 : array<string|int, mixed>
-
array 1
- $array2 : array<string|int, mixed>
-
array 2
Return values
bool —same content
natCaseKeySort()
Sorts an array in natural order by its keys.
natCaseKeySort(array<string|int, mixed> $toSort) : array<string|int, mixed>
Parameters
- $toSort : array<string|int, mixed>
-
array to sort
Return values
array<string|int, mixed> —sorted array
ntPassword()
Generates the NT hash of a password.
ntPassword(string $password) : string
Parameters
- $password : string
-
password original password
Return values
string —password hash
pwd_hash()
Returns the hash value of a plain text password.
pwd_hash(string|null $password[, bool $enabled = true ][, string $hashType = 'SSHA' ]) : string
Parameters
- $password : string|null
-
the password string
- $enabled : bool = true
-
marks the hash as enabled/disabled (e.g. by prefixing "!")
- $hashType : string = 'SSHA'
-
password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN, K5KEY)
Tags
Return values
string —the password hash
getHashType()
Returns the hash type of the given password hash.
getHashType(string|null $hash) : string
This will return PLAIN if no supported hash type was found.
Parameters
- $hash : string|null
-
password hash
Return values
string —type (e.g. SSHA)
getSupportedHashTypes()
Returns the list of supported hash types (e.g. SSHA).
getSupportedHashTypes() : array<string|int, mixed>
Return values
array<string|int, mixed> —hash types
generateSalt()
Calculates a password salt of the given length.
generateSalt(int $len) : string
Parameters
- $len : int
-
salt length
Return values
string —the salt string
pwd_enable()
Marks an password hash as enabled and returns the new hash string
pwd_enable(string $hash) : string
Parameters
- $hash : string
-
hash value to enable
Return values
string —enabled password hash
pwd_disable()
Marks an password hash as disabled and returns the new hash string
pwd_disable(string $hash) : string
Parameters
- $hash : string
-
hash value to disable
Return values
string —disabled hash value
pwd_is_lockable()
Checks if a Unix password can be locked.
pwd_is_lockable(string $password) : bool
This checks if the password is not plain text but e.g. contains {SSHA}.
Parameters
- $password : string
-
password value
Return values
bool —can be locked
pwd_is_enabled()
Checks if a password hash is enabled/disabled
pwd_is_enabled(string $hash) : bool
Parameters
- $hash : string
-
password hash to check
Return values
bool —true if the password is marked as enabled
generateRandomPassword()
Generates a random password with 14 digits by default.
generateRandomPassword([int $length = 14 ][, bool $checkStrength = true ]) : string
Parameters
- $length : int = 14
-
length of password (defaults to 14)
- $checkStrength : bool = true
-
check if the password matches the policy
Return values
string —password
generateRandomText()
Generates a random text with 20 letters by default.
generateRandomText([int $length = 20 ]) : string
Parameters
- $length : int = 20
-
length of password (defaults to 20)
Return values
string —text
checkPasswordHash()
Checks if the given password matches the crypto hash.
checkPasswordHash(string $type, string $hash, string $password) : bool
Parameters
- $type : string
-
type hash type (must be one of getSupportedHashTypes())
- $hash : string
-
password hash value
- $password : string
-
plain text password to check
Tags
Return values
bool —hash matches
getNumberOfCharacterClasses()
Returns the number of character classes in a password.
getNumberOfCharacterClasses(string|null $password) : int
Parameters
- $password : string|null
-
password
Return values
int —number of classes
search_domains()
Returns an array with all Samba 3 domain entries under the given suffix
search_domains([Connection|null $server = null ][, string $suffix = null ]) : array<string|int, mixed>
Parameters
- $server : Connection|null = null
-
LDAP handle (if null then $_SESSION['ldap']->server() is used)
- $suffix : string = null
-
LDAP suffix to search (if null then $_SESSION['config']->get_Suffix('smbDomain') is used)
Return values
array<string|int, mixed> —list of samba3domain objects
get_preg()
Checks if a given value matches the selected regular expression.
get_preg(string $argument, string $regexp) : bool
Parameters
- $argument : string
-
value to check
- $regexp : string
-
pattern name
Return values
bool —true if matches, otherwise false
convertCommaEscaping()
Converts the comma escaping from Windows to OpenLDAP style.
convertCommaEscaping(string $dn) : string
Parameters
- $dn : string
-
DN
Return values
string —DN
connectToLDAP()
Connects to an LDAP server using the given URL.
connectToLDAP(string $serverURL, mixed $startTLS) : mixed
Parameters
- $serverURL : string
-
URL
- $startTLS : mixed
Return values
mixed —searchLDAPByAttribute()
This will search the given LDAP suffix for all entries which have the given attribute.
searchLDAPByAttribute(string $name, string $value, string|null $objectClass, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
- $name : string
-
attribute name (may be null)
- $value : string
-
attribute value
- $objectClass : string|null
-
object class (may be null)
- $attributes : array<string|int, mixed>
-
list of attributes to return
- $scopes : array<string|int, mixed>
-
account types
Return values
array<string|int, mixed> —list of found entries
searchLDAPByFilter()
This will search the given LDAP suffix for all entries which match the given filter.
searchLDAPByFilter(string $filter, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes[, bool $attrsOnly = false ]) : array<string|int, mixed>
Parameters
- $filter : string
- $attributes : array<string|int, mixed>
-
list of attributes to return
- $scopes : array<string|int, mixed>
-
account types
- $attrsOnly : bool = false
-
get only attributes but no values (default: false)
Return values
array<string|int, mixed> —list of found entries
searchLDAP()
Runs an LDAP search.
searchLDAP(string $suffix, string $filter, array<string|int, mixed> $attributes[, int $limit = -1 ]) : array<string|int, mixed>
Parameters
- $suffix : string
-
LDAP suffix
- $filter : string
-
filter
- $attributes : array<string|int, mixed>
-
list of attributes to return
- $limit : int = -1
-
result limit
Return values
array<string|int, mixed> —list of found entries
getLDAPServerHandle()
Returns the LDAP server handle.
getLDAPServerHandle() : Connection
Return values
Connection —LDAP handle
searchLDAPPaged()
Runs an LDAP search and uses paging if configured.
searchLDAPPaged(Connection $server, string $dn, string $filter, array<string|int, mixed> $attributes, bool $attrsOnly, int $limit) : array<string|int, mixed>
Parameters
- $server : Connection
-
LDAP connection handle
- $dn : string
-
DN
- $filter : string
-
filter
- $attributes : array<string|int, mixed>
-
attribute list
- $attrsOnly : bool
-
return only attribute names
- $limit : int
-
size limit
Return values
array<string|int, mixed> —results
ldapGetDN()
Returns the given DN.
ldapGetDN(string $dn[, array<string|int, mixed> $attributes = ['dn'] ][, Connection $handle = null ]) : array<string|int, mixed>|null
Parameters
- $dn : string
-
DN
- $attributes : array<string|int, mixed> = ['dn']
-
list of attributes to fetch
- $handle : Connection = null
-
LDAP handle (optional for admin interface pages)
Return values
array<string|int, mixed>|null —attributes or null if not found
ldapListDN()
Returns the DN and children of a given DN.
ldapListDN(string $dn[, string $filter = '(objectclass=*)' ][, array<string|int, mixed> $attributes = ['dn'] ][, Connection|null $handle = null ][, int $limit = -1 ]) : array<string|int, mixed>
Parameters
- $dn : string
-
DN
- $filter : string = '(objectclass=*)'
-
LDAP filter
- $attributes : array<string|int, mixed> = ['dn']
-
list of attributes to fetch
- $handle : Connection|null = null
-
LDAP handle (optional for admin interface pages)
- $limit : int = -1
-
result limit
Return values
array<string|int, mixed> —attributes or null if not found
deleteDN()
Deletes a DN and all child entries.
deleteDN(string|null $dn, bool $recursive) : array<string|int, mixed>
Parameters
- $dn : string|null
-
DN to delete
- $recursive : bool
-
recursive delete also child entries
Return values
array<string|int, mixed> —error messages
getCommonLdapControls()
Returns a list of LDAP controls for all LDAP calls.
getCommonLdapControls() : array<string|int, mixed>|null
Return values
array<string|int, mixed>|null —controls
copyDnRecursive()
Performs a recursive copy from old DN under target DN.
copyDnRecursive(string $oldDn, string $targetDn) : void
Parameters
- $oldDn : string
-
old DN to copy
- $targetDn : string
-
copy nodes under this DN
Tags
Return values
void —moveDn()
Moves an LDAP entry.
moveDn(string $oldDn, string $targetDn) : void
Parameters
- $oldDn : string
-
old DN
- $targetDn : string
-
target container DN
Tags
Return values
void —getLastLDAPError()
Returns the parameters for a StatusMessage of the last LDAP search.
getLastLDAPError() : array<string|int, mixed>|null
Return values
array<string|int, mixed>|null —parameters for StatusMessage or null if all was ok
cleanLDAPResult()
Cleans the result of an LDAP search.
cleanLDAPResult(array<string|int, mixed> &$entries) : mixed
This will remove all 'count' entries and also all numeric array keys.
Parameters
- $entries : array<string|int, mixed>
-
LDAP entries in format $entries[entry number][attribute name][attribute values]
Return values
mixed —getAbstractDN()
Transforms a DN into a more user friendly format.
getAbstractDN(string $dn) : string
E.g. "dc=company,dc=de" is transformed to "company > de".
Parameters
- $dn : string
-
DN
Return values
string —transformed DN
unescapeLdapSpecialCharacters()
Unescapes LDAP special characters for readability.
unescapeLdapSpecialCharacters(string $dn) : string
Parameters
- $dn : string
-
escaped DN
Return values
string —unescaped DN
unescapeLdapSpecialCharactersCallback()
Callback function for unescaping DN.
unescapeLdapSpecialCharactersCallback(array<string|int, mixed> $matches) : string
Parameters
- $matches : array<string|int, mixed>
-
HEX value that was found
Return values
string —unescaped string
compareDN()
Helper function to sort DNs.
compareDN(string $a, string $b) : int
Parameters
- $a : string
-
first argument to compare
- $b : string
-
second argument to compare
Return values
int —0 if equal, 1 if $a is greater, -1 if $b is greater
compareLDAPEntriesByDn()
Helper function to sort LDAP entries by DN.
compareLDAPEntriesByDn(array<string|int, mixed> $a, array<string|int, mixed> $b) : int
Parameters
- $a : array<string|int, mixed>
-
first argument to compare
- $b : array<string|int, mixed>
-
second argument to compare
Return values
int —0 if equal, 1 if $a is greater, -1 if $b is greater
lam_base64url_encode()
Does a Base64 encoding that is URL safe.
lam_base64url_encode(string $data) : string
Parameters
- $data : string
-
input
Return values
string —encoded output
lam_base64url_decode()
Does a Base64 decoding that is URL safe.
lam_base64url_decode(string $data) : string
Parameters
- $data : string
-
encoded input
Return values
string —decoded output
formatLDAPTimestamp()
Formats an LDAP time string (e.g. from createTimestamp).
formatLDAPTimestamp(string $time) : string
Parameters
- $time : string
-
LDAP time value
Return values
string —formatted time
parseLDAPTimestamp()
Parses an LDAP time stamp and returns a DateTime in current time zone.
parseLDAPTimestamp(string $time) : DateTime
Parameters
- $time : string
-
LDAP time value
Return values
DateTime —time
obfuscateText()
Simple function to obfuscate strings.
obfuscateText(string|null $text) : string|null
Parameters
- $text : string|null
-
text to obfuscate
Return values
string|null —obfuscated text
deobfuscateText()
Simple function to deobfuscate strings.
deobfuscateText(string|null $text) : string|null
Parameters
- $text : string|null
-
text to deobfuscate
Return values
string|null —deobfuscated text
isObfuscatedText()
Checks if the given text is obfuscated.
isObfuscatedText(string|null $text) : bool
Parameters
- $text : string|null
-
text to check
Return values
bool —obfuscated or not
extractRDNAttribute()
Extracts the RDN attribute name from a given DN.
extractRDNAttribute(string $dn) : string|null
Parameters
- $dn : string
-
DN
Return values
string|null —RDN attribute name
extractRDNValue()
Extracts the RDN attribute value from a given DN.
extractRDNValue(string $dn) : string|null
Parameters
- $dn : string
-
DN
Return values
string|null —RDN attribute value
extractRDN()
Extracts the RDN part of the DN.
extractRDN(string|null $dn) : string|null
Parameters
- $dn : string|null
-
DN
Return values
string|null —RDN part
extractDNSuffix()
Extracts the DN suffix from a given DN.
extractDNSuffix(string|null $dn) : string|null
E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.
Parameters
- $dn : string|null
-
DN
Return values
string|null —DN suffix
testSmtpConnection()
Checks if the SMTP connection with the given settings is fine.
testSmtpConnection(string $server, string $user, string $password, string $encryption) : void
Parameters
- $server : string
-
SMTP server
- $user : string
-
user name
- $password : string
-
password
- $encryption : string
-
encryption type
Tags
Return values
void —sendPasswordMail()
Sends the password mail.
sendPasswordMail(string $pwd, array<string|int, mixed> $user[, string $recipient = null ]) : array<string|int, mixed>
Parameters
- $pwd : string
-
new password
- $user : array<string|int, mixed>
-
LDAP attributes of user
- $recipient : string = null
-
recipient address (optional, $user['mail'][0] used by default)
Return values
array<string|int, mixed> —list of arrays that can be used to create status messages
sendEMail()
Sends out an email.
sendEMail(string|array<string|int, mixed> $to, string $subject, string $text, string $from, bool $isHTML[, string $replyTo = null ][, string $cc = null ][, string $bcc = null ]) : mixed
Parameters
- $to : string|array<string|int, mixed>
-
TO address
- $subject : string
-
email subject
- $text : string
-
mail body (with \r\n EOL)
- $from : string
-
FROM address
- $isHTML : bool
-
HTML format
- $replyTo : string = null
-
REPLY-TO address (optional)
- $cc : string = null
-
CC address (optional)
- $bcc : string = null
-
BCC address (optional)
Return values
mixed —isCommandlineSafeEmailAddress()
Checks if an email address is safe for use on commandline
isCommandlineSafeEmailAddress( $address) : bool
Parameters
Return values
bool —is safe
sendPasswordSms()
Sends the password SMS.
sendPasswordSms(string $pwd, array<string|int, mixed> $user) : array<string|int, mixed>
Parameters
- $pwd : string
-
new password
- $user : array<string|int, mixed>
-
LDAP attributes of user
Return values
array<string|int, mixed> —list of arrays that can be used to create status messages
sendSmsTestMessage()
Sends an SMS test message.
sendSmsTestMessage(string $providerId, string|null $apiKey, string|null $apiToken, string|null $accountId, string|null $region, string|null $from, string $number) : void
Parameters
- $providerId : string
-
SMS provider ID
- $apiKey : string|null
-
API key
- $apiToken : string|null
-
API token
- $accountId : string|null
-
account ID
- $region : string|null
-
region
- $from : string|null
-
from
- $number : string
-
mobile phone number
Tags
Return values
void —getSmsPhoneNumber()
Returns the SMS phone number of a user.
getSmsPhoneNumber(array<string|int, mixed> $attributes) : string|null
Parameters
- $attributes : array<string|int, mixed>
-
LDAP attributes
Return values
string|null —phone number if found
getRandomNumber()
Returns a random number.
getRandomNumber() : int
Return values
int —random number
getLDAPSSLCertificate()
Connects to the LDAP server and extracts the certificates.
getLDAPSSLCertificate(string $server, string $port) : mixed
Parameters
- $server : string
-
server name
- $port : string
-
server port
Return values
mixed —false on error and certificate if extracted successfully
getExtendedLDAPErrorMessage()
Returns the extended LDAP error message if any.
getExtendedLDAPErrorMessage(Connection $server) : string
Parameters
- $server : Connection
-
LDAP server handle
Return values
string —error message
getDefaultLDAPErrorString()
Returns the default error message to display on the web page.
getDefaultLDAPErrorString(Connection $server) : string
HTML special characters are already escaped.
Parameters
- $server : Connection
-
LDAP server handle
Return values
string —error message
ldapIsPasswordExpired()
Returns if the last LDAP error was due to expired password or forced password change (AD only).
ldapIsPasswordExpired( $server) : bool
Parameters
Return values
bool —password expired
getExtraInvalidCredentialsMessage()
Tries to get additional information why invalid credentials was returned. E.g. account is locked.
getExtraInvalidCredentialsMessage(Connection $ldap, string $userDn) : string
Parameters
- $ldap : Connection
-
LDAP object to connect for getting extra data
- $userDn : string
-
failed DN
Return values
string —extra message
getCallingURL()
Returns the URL under which the page was loaded.
getCallingURL([ $baseUrl = '' ]) : string|null
This includes any GET parameters set.
Parameters
Return values
string|null —URL
getTimeZoneOffsetHours()
Returns the offset in hours from the configured time zone to GMT.
getTimeZoneOffsetHours() : float
Return values
float —offset
getTimeZone()
Returns the configured time zone.
getTimeZone() : DateTimeZone
Return values
DateTimeZone —time zone
getFormattedTime()
Returns the current time in formatted form.
getFormattedTime(string $format) : mixed
Parameters
- $format : string
-
format to use (e.g. 'Y-m-d H:i:s')
Return values
mixed —formatSecondsToShortFormat()
Formats a number of seconds to a more human readable format with minutes, hours, etc.
formatSecondsToShortFormat(int|string $numSeconds) : string
E.g. 70 seconds will return 1m10s.
Parameters
- $numSeconds : int|string
-
number of seconds
Return values
string —formatted number
unformatShortFormatToSeconds()
Unformats text like 1m10s back to number of seconds.
unformatShortFormatToSeconds(string $text) : int|string
Parameters
- $text : string
-
formatted text
Return values
int|string —number of seconds
enforceUserIsLoggedIn()
Checks if the user is logged in. Stops script execution if not.
enforceUserIsLoggedIn([bool $check2ndFactor = true ]) : mixed
Parameters
- $check2ndFactor : bool = true
-
check if the 2nd factor was provided if required
Return values
mixed —printHeaderContents()
Prints the content of the header part.
printHeaderContents(string $title, string $prefix) : mixed
Parameters
- $title : string
-
page title
- $prefix : string
-
prefix to LAM main folder (e.g. "..")
Return values
mixed —printJsIncludes()
Prints script tags for all LAM JS files.
printJsIncludes(string $prefix) : mixed
Parameters
- $prefix : string
-
prefix to LAM main folder (e.g. "..")
Return values
mixed —convertUtf8ToUtf16Le()
Converts a UTF-8 string to UTF16LE.
convertUtf8ToUtf16Le(string|null $input) : mixed
Parameters
- $input : string|null
-
UTF-8 value
Return values
mixed —getLAMVersionText()
Returns the text with LAM and its version for header area.
getLAMVersionText() : string
Return values
string —LAM version text
isDeveloperVersion()
Returns if the given release is a developer version.
isDeveloperVersion(string $version) : bool
Parameters
- $version : string
-
version
Return values
bool —is developer version
lam_start_session()
Starts a session and sets the cookie options.
lam_start_session() : mixed
Return values
mixed —lamDefaultCookieOptions()
lamDefaultCookieOptions() : array<string|int, mixed>
Return values
array<string|int, mixed> —startSecureSession()
Starts a session and checks the environment.
startSecureSession([bool $redirectToLogin = true ][, bool $initSecureData = false ]) : bool
The script is stopped if one of the checks fail (timeout redirection may be overridden).
Parameters
- $redirectToLogin : bool = true
-
redirect user to login page (default: true)
- $initSecureData : bool = false
-
init verification data like session ID and client IP (default: false)
Return values
bool —true if all ok, false if session expired
isFileBasedSession()
Returns if the session uses files storage.
isFileBasedSession() : bool
Return values
bool —file based session
checkClientIP()
Checks if the client's IP address is on the list of allowed IPs.
checkClientIP() : mixed
The script is stopped if the host is not valid.
Return values
mixed —logoffAndBackToLoginPage()
Logs off the user and displays the login page.
logoffAndBackToLoginPage() : void
Return values
void —isDebugLoggingEnabled()
Returns if debug messages are to be logged.
isDebugLoggingEnabled() : bool
Return values
bool —debug enabled
logNewMessage()
Puts a new message in the log file.
logNewMessage(int $level, string $message) : void
Parameters
- $level : int
-
log level (LOG_DEBUG, LOG_NOTICE, LOG_WARNING, LOG_ERR)
- $message : string
-
log message
Return values
void —checkIfWriteAccessIsAllowed()
Checks if write access to LDAP is allowed.
checkIfWriteAccessIsAllowed([string $scope = null ]) : bool
Parameters
- $scope : string = null
-
account type (e.g. user)
Return values
bool —true, if allowed
checkIfPasswordChangeIsAllowed()
Checks if passwords may be changed.
checkIfPasswordChangeIsAllowed() : bool
Return values
bool —true, if allowed
checkIfNewEntriesAreAllowed()
Checks if it is allowed to create new LDAP entries of the given type.
checkIfNewEntriesAreAllowed(string $scope) : bool
This also checks if general write access is enabled.
Parameters
- $scope : string
-
account type (e.g. 'user')
Return values
bool —true, if new entries are allowed
checkIfDeleteEntriesIsAllowed()
Checks if it is allowed to delete LDAP entries of the given type.
checkIfDeleteEntriesIsAllowed(string $scope) : bool
Parameters
- $scope : string
-
account type (e.g. 'user')
Return values
bool —true, if entries may be deleted
checkPasswordStrength()
Checks if the password fulfills the password policies.
checkPasswordStrength(string $password, string|array<string|int, mixed>|null $userNames, array<string|int, mixed> $otherUserAttrs) : true|string
Parameters
- $password : string
-
password
- $userNames : string|array<string|int, mixed>|null
-
user name(s)
- $otherUserAttrs : array<string|int, mixed>
-
user's first/last name
Return values
true|string —true if ok, string with error message if not valid
checkPwdWithExternalPasswordService()
Checks the password against the external password service.
checkPwdWithExternalPasswordService(LAMCfgMain $cfg, string $password) : bool
Parameters
- $cfg : LAMCfgMain
-
main configuration
- $password : string
-
password
Return values
bool —password accepted as secure
checkIfToolIsActive()
Checks if the given tool is active.
checkIfToolIsActive(string $tool) : mixed
Otherwise, an error message is logged and the execution is stopped (die()).
Parameters
- $tool : string
-
tool class name (e.g. toolFileUpload)
Return values
mixed —isLoggedIn()
Returns if the user is logged in.
isLoggedIn() : bool
Return values
bool —is logged in
getClientIPForLogging()
Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).
getClientIPForLogging() : string
Return values
string —client IP (e.g. 10.10.10.10,11.11.11.11)
getLamLdapUser()
Returns the login dn of the current user.
getLamLdapUser() : string
Return values
string —user DN
addSecurityTokenToSession()
Adds a security token to the session to prevent CSRF attacks.
addSecurityTokenToSession([bool $overwrite = true ]) : void
Parameters
- $overwrite : bool = true
-
overwrite existing token
Return values
void —validateSecurityToken()
Checks if the security token from SESSION matches POST data.
validateSecurityToken() : mixed
Return values
mixed —addSecurityTokenToMetaHTML()
Adds a hidden input field to the given meta HTML table.
addSecurityTokenToMetaHTML(htmlTable|htmlGroup|htmlResponsiveRow $container) : mixed
Should be used to add token at the end of table.
Parameters
- $container : htmlTable|htmlGroup|htmlResponsiveRow
-
table
Return values
mixed —getSecurityTokenName()
Returns the name of the security token parameter.
getSecurityTokenName() : string
Return values
string —name
getSecurityTokenValue()
Returns the value of the security token parameter.
getSecurityTokenValue() : string
Return values
string —value
setLAMHeaders()
Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
setLAMHeaders() : mixed
Return values
mixed —lamEncrypt()
Encrypts a string
lamEncrypt(string $data[, string $prefix = '' ]) : string
Parameters
- $data : string
-
string to encrypt
- $prefix : string = ''
-
prefix for cookie names
Return values
string —encrypted string
lamDecrypt()
Decrypts a string
lamDecrypt(string $data[, string $prefix = '' ]) : string
Parameters
- $data : string
-
string to decrypt
- $prefix : string = ''
-
prefix for cookie names
Return values
string —decrypted string
lamEncryptionAlgo()
Returns the encryption algorithm to use.
lamEncryptionAlgo() : string
Return values
string —algorithm name
lamLogRemoteMessage()
Logs a message to a remote logging service.
lamLogRemoteMessage(int $level, string $message, LAMCfgMain $cfgMain) : mixed
Parameters
- $level : int
-
log level
- $message : string
-
log message
- $cfgMain : LAMCfgMain
-
main configuration
Return values
mixed —StatusMessage()
This function prints a short status message. It can be used to print INFO, WARN and ERROR messages.
StatusMessage(string $MessageTyp, string $MessageHeadline[, string $MessageText = '' ][, array<string|int, mixed>|string|null $MessageVariables = [] ][, bool $returnOutput = false ]) : string
Parameters
- $MessageTyp : string
-
The type of the message to be printed. It must be one of the following types: 'INFO', 'WARN' or 'ERROR'.
Every other type will lead to an error message indicating an invalid message type. - $MessageHeadline : string
-
The headline of the status message.
It may be formatted with special color/link/bold tags. - $MessageText : string = ''
-
The text of the status message.
It may be formatted with special color/link/bold tags. This parameter is optional. - $MessageVariables : array<string|int, mixed>|string|null = []
-
The variables that are used to replace the spacers (%s) in the submitted text. This parameter is optional.
- $returnOutput : bool = false
-
if set to true this function will return the generated HTML code instead of printing it directly (default: false)
Return values
string —HTML code if $returnOutput is set to true, otherwise null