LDAP Account Manager

lib

Interfaces, Classes, Traits and Enums

moduleCache
Caches module objects.
LAMException
LAM exception with title and message.
SchemaItem
Generic parent class for all schema items. A schema item is an ObjectClass, an AttributeBype, a MatchingRule, or a Syntax.
ObjectClass
Represents an LDAP objectClass
ObjectClassAttribute
A simple class for representing AttributeTypes used only by the ObjectClass class.
AttributeType
Represents an LDAP AttributeType
Syntax
Represents an LDAP Syntax
MatchingRule
Represents an LDAP MatchingRule
MatchingRuleUse
Represents an LDAP schema matchingRuleUse entry

Table of Contents

array_delete()  : array<string|int, mixed>
This function will return all values from $array without values of $values.
in_array_ignore_case()  : mixed
Checks if a string exists in an array, ignoring case.
getdays()  : number
This function will return the days from 1.1.1970 until now.
smbflag()  : string
Takes a list of Samba flags and creates the corresponding flag string.
lmPassword()  : string
Generates the LM hash of a password.
ntPassword()  : string
Generates the NT hash of a password.
pwd_hash()  : string
Returns the hash value of a plain text password.
getHashType()  : string
Returns the hash type of the given password hash.
getSupportedHashTypes()  : array<string|int, mixed>
Returns the list of supported hash types (e.g. SSHA).
generateSalt()  : string
Calculates a password salt of the given length.
pwd_enable()  : string
Marks an password hash as enabled and returns the new hash string
pwd_disable()  : string
Marks an password hash as disabled and returns the new hash string
pwd_is_lockable()  : bool
Checks if a Unix password can be locked.
pwd_is_enabled()  : bool
Checks if a password hash is enabled/disabled
generateRandomPassword()  : string
Generates a random password with 12 digits by default.
checkPasswordHash()  : bool
Checks if the given password matches the crypto hash.
getNumberOfCharacterClasses()  : int
Returns the number of character classes in a password.
search_domains()  : array<string|int, mixed>
Returns an array with all Samba 3 domain entries under the given suffix
get_preg()  : bool
Checks if a given value matches the selected regular expression.
convertCommaEscaping()  : string
Converts the comma escaping from Windows to OpenLDAP style.
connectToLDAP()  : mixed
Connects to an LDAP server using the given URL.
searchLDAPByAttribute()  : array<string|int, mixed>
This will search the given LDAP suffix for all entries which have the given attribute.
searchLDAPByFilter()  : array<string|int, mixed>
This will search the given LDAP suffix for all entries which match the given filter.
searchLDAP()  : array<string|int, mixed>
Runs an LDAP search.
getLDAPServerHandle()  : handle
Returns the LDAP server handle.
searchLDAPPaged()  : array<string|int, mixed>
Runs an LDAP search and uses paging if configured.
ldapGetDN()  : array<string|int, mixed>
Returns the given DN.
ldapListDN()  : array<string|int, mixed>
Returns the DN and children of a given DN.
deleteDN()  : array<string|int, mixed>
Deletes a DN and all child entries.
copyDnRecursive()  : void
Performs a recursive copy from old DN under target DN.
moveDn()  : void
Moves an LDAP entry.
getLastLDAPError()  : array<string|int, mixed>
Returns the parameters for a StatusMessage of the last LDAP search.
cleanLDAPResult()  : mixed
Cleans the result of an LDAP search.
getAbstractDN()  : string
Transforms a DN into a more user friendly format.
unescapeLdapSpecialCharacters()  : string
Unescapes LDAP special characters for readability.
unescapeLdapSpecialCharactersCallback()  : string
Callback function for unescaping DN.
compareDN()  : int
Helper function to sort DNs.
formatLDAPTimestamp()  : string
Formats an LDAP time string (e.g. from createTimestamp).
parseLDAPTimestamp()  : DateTime
Parses an LDAP time stamp and returns a DateTime in current time zone.
obfuscateText()  : mixed
Simple function to obfuscate strings.
deobfuscateText()  : mixed
Simple function to deobfuscate strings.
isObfuscatedText()  : bool
Checks if the given text is obfuscated.
extractRDNAttribute()  : string
Extracts the RDN attribute name from a given DN.
extractRDNValue()  : string
Extracts the RDN attribute value from a given DN.
extractRDN()  : string|null
Extracts the RDN part of the DN.
extractDNSuffix()  : string
Extracts the DN suffix from a given DN.
sendPasswordMail()  : array<string|int, mixed>
Sends the password mail.
sendEMail()  : mixed
Sends out an email.
isCommandlineSafeEmailAddress()  : bool
Checks if an email address is safe for use on commandline
getRandomNumber()  : int
Returns a random number.
getLDAPSSLCertificate()  : mixed
Connects to the LDAP server and extracts the certificates.
getExtendedLDAPErrorMessage()  : string
Returns the extended LDAP error message if any.
getDefaultLDAPErrorString()  : string
Returns the default error message to display on the web page.
getExtraInvalidCredentialsMessage()  : string
Tries to get additional information why invalid credentials was returned. E.g. account is locked.
getCallingURL()  : string
Returns the URL under which the page was loaded.
getTimeZoneOffsetHours()  : int
Returns the offset in hours from configured time zone to GMT.
getTimeZone()  : DateTimeZone
Returns the configured time zone.
getFormattedTime()  : mixed
Returns the current time in formatted form.
formatSecondsToShortFormat()  : string
Formats a number of seconds to a more human readable format with minutes, hours, etc.
unformatShortFormatToSeconds()  : int
Unformats text like 1m10s back to number of seconds.
enforceUserIsLoggedIn()  : mixed
Checks if the user is logged in. Stops script execution if not.
printHeaderContents()  : mixed
Prints the content of the header part.
printJsIncludes()  : mixed
Prints script tags for all LAM JS files.
convertUtf8ToUtf16Le()  : mixed
Converts an UTF-8 string to UTF16LE.
getLAMVersionText()  : string
Returns the text with LAM and its version for header area.
isDeveloperVersion()  : bool
Returns if the given release is a developer version.
lam_start_session()  : mixed
Starts a session and sets the cookie options.
startSecureSession()  : bool
Starts a session and checks the environment.
checkClientIP()  : mixed
Checks if the client's IP address is on the list of allowed IPs.
logoffAndBackToLoginPage()  : mixed
Logs off the user and displays the login page.
isDebugLoggingEnabled()  : bool
Returns if debug messages are to be logged.
logNewMessage()  : void
Puts a new message in the log file.
checkIfWriteAccessIsAllowed()  : bool
Checks if write access to LDAP is allowed.
checkIfPasswordChangeIsAllowed()  : bool
Checks if passwords may be changed.
checkIfNewEntriesAreAllowed()  : bool
Checks if it is allowed to create new LDAP entries of the given type.
checkIfDeleteEntriesIsAllowed()  : bool
Checks if it is allowed to delete LDAP entries of the given type.
checkPasswordStrength()  : mixed
Checks if the password fulfills the password policies.
checkPwdWithExternalPasswordService()  : bool
Checks the password against the external password service.
checkIfToolIsActive()  : mixed
Checks if the given tool is active.
isLoggedIn()  : bool
Returns if the user is logged in.
getClientIPForLogging()  : string
Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).
getLamLdapUser()  : string
Returns the login dn of the current user.
addSecurityTokenToSession()  : mixed
Adds a security token to the session to prevent CSRF attacks.
validateSecurityToken()  : mixed
Checks if the security token from SESSION matches POST data.
addSecurityTokenToMetaHTML()  : mixed
Adds a hidden input field to the given meta HTML table.
getSecurityTokenName()  : string
Returns the name of the security token parameter.
getSecurityTokenValue()  : string
Returns the value of the security token parameter.
setLAMHeaders()  : mixed
Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
lamEncrypt()  : object
Encrypts a string
lamDecrypt()  : string
Decrypts a string
lamEncryptionAlgo()  : string
Returns the encryption algorithm to use.
lamLogRemoteMessage()  : mixed
Logs a message to a remote logging service.
StatusMessage()  : string
This function prints a short status message. It can be used to print INFO, WARN and ERROR messages at the moment.
parseMessageString()  : string
Use the three replace functions on the submitted Text.
boldText()  : string
Replace {bold} and {endbold} with <b> and </b> HTML-Tags.
colorText()  : string
Replace {color=#[HEX-Value]} or {color=[HEX-Value]} and {endcolor} with <font color="#[HEX-Value]"> and </font> HTML-Tags.
linkText()  : string
Replace {link=[Link-Target]} and {endlink} with <a href="[Link-Target]" target="_blank"> and </a> HTML-Tags.

Functions

array_delete()

This function will return all values from $array without values of $values.

array_delete(array<string|int, mixed> $values, array<string|int, mixed> $array) : array<string|int, mixed>
Parameters
$values : array<string|int, mixed>

list of values which should be removed

$array : array<string|int, mixed>

list of original values

Return values
array<string|int, mixed>

list of remaining values

in_array_ignore_case()

Checks if a string exists in an array, ignoring case.

in_array_ignore_case(string $needle, array<string|int, mixed> $haystack) : mixed
Parameters
$needle : string

search string

$haystack : array<string|int, mixed>

array

Return values
mixed

getdays()

This function will return the days from 1.1.1970 until now.

getdays() : number
Return values
number

of days

smbflag()

Takes a list of Samba flags and creates the corresponding flag string.

smbflag(array<string|int, mixed> $input) : string
Parameters
$input : array<string|int, mixed>

is an array of Samba flags (e.g. X or D)

Return values
string

Samba flag string

lmPassword()

Generates the LM hash of a password.

lmPassword(mixed $password) : string
Parameters
$password : mixed
Return values
string

password hash

ntPassword()

Generates the NT hash of a password.

ntPassword(mixed $password) : string
Parameters
$password : mixed
Return values
string

password hash

pwd_hash()

Returns the hash value of a plain text password.

pwd_hash(string $password[, bool $enabled = true ][, string $hashType = 'SSHA' ]) : string
Parameters
$password : string

the password string

$enabled : bool = true

marks the hash as enabled/disabled (e.g. by prefixing "!")

$hashType : string = 'SSHA'

password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN, K5KEY)

Tags
see
getSupportedHashTypes()
Return values
string

the password hash

getHashType()

Returns the hash type of the given password hash.

getHashType(string|null $hash) : string

This will return PLAIN if no supported hash type was found.

Parameters
$hash : string|null

password hash

Return values
string

type (e.g. SSHA)

getSupportedHashTypes()

Returns the list of supported hash types (e.g. SSHA).

getSupportedHashTypes() : array<string|int, mixed>
Return values
array<string|int, mixed>

hash types

generateSalt()

Calculates a password salt of the given length.

generateSalt(int $len) : string
Parameters
$len : int

salt length

Return values
string

the salt string

pwd_enable()

Marks an password hash as enabled and returns the new hash string

pwd_enable(string $hash) : string
Parameters
$hash : string

hash value to enable

Return values
string

enabled password hash

pwd_disable()

Marks an password hash as disabled and returns the new hash string

pwd_disable(string $hash) : string
Parameters
$hash : string

hash value to disable

Return values
string

disabled hash value

pwd_is_lockable()

Checks if a Unix password can be locked.

pwd_is_lockable(string $password) : bool

This checks if the password is not plain text but e.g. contains {SSHA}.

Parameters
$password : string

password value

Return values
bool

can be locked

pwd_is_enabled()

Checks if a password hash is enabled/disabled

pwd_is_enabled(string $hash) : bool
Parameters
$hash : string

password hash to check

Return values
bool

true if the password is marked as enabled

generateRandomPassword()

Generates a random password with 12 digits by default.

generateRandomPassword([int $length = 12 ]) : string
Parameters
$length : int = 12

length of password (defaults to 12)

Return values
string

password

checkPasswordHash()

Checks if the given password matches the crypto hash.

checkPasswordHash(mixed $type, string $hash, string $password) : bool
Parameters
$type : mixed
$hash : string

password hash value

$password : string

plain text password to check

Tags
see
getSupportedHashTypes()
Return values
bool

hash matches

getNumberOfCharacterClasses()

Returns the number of character classes in a password.

getNumberOfCharacterClasses(string $password) : int
Parameters
$password : string

password

Return values
int

number of classes

search_domains()

Returns an array with all Samba 3 domain entries under the given suffix

search_domains([mixed $server = null ][, string $suffix = null ]) : array<string|int, mixed>
Parameters
$server : mixed = null
$suffix : string = null

LDAP suffix to search (if null then $_SESSION['config']->get_Suffix('smbDomain') is used)

Return values
array<string|int, mixed>

list of samba3domain objects

get_preg()

Checks if a given value matches the selected regular expression.

get_preg(string $argument, string $regexp) : bool
Parameters
$argument : string

value to check

$regexp : string

pattern name

Return values
bool

true if matches, otherwise false

convertCommaEscaping()

Converts the comma escaping from Windows to OpenLDAP style.

convertCommaEscaping(string $dn) : string
Parameters
$dn : string

DN

Return values
string

DN

connectToLDAP()

Connects to an LDAP server using the given URL.

connectToLDAP(string $serverURL, mixed $startTLS) : mixed
Parameters
$serverURL : string

URL

$startTLS : mixed
Return values
mixed

searchLDAPByAttribute()

This will search the given LDAP suffix for all entries which have the given attribute.

searchLDAPByAttribute(string $name, string $value, string $objectClass, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
$name : string

attribute name (may be null)

$value : string

attribute value

$objectClass : string

object class (may be null)

$attributes : array<string|int, mixed>

list of attributes to return

$scopes : array<string|int, mixed>

account types

Return values
array<string|int, mixed>

list of found entries

searchLDAPByFilter()

This will search the given LDAP suffix for all entries which match the given filter.

searchLDAPByFilter(string $filter, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes[, bool $attrsOnly = false ]) : array<string|int, mixed>
Parameters
$filter : string
$attributes : array<string|int, mixed>

list of attributes to return

$scopes : array<string|int, mixed>

account types

$attrsOnly : bool = false

get only attributes but no values (default: false)

Return values
array<string|int, mixed>

list of found entries

searchLDAP()

Runs an LDAP search.

searchLDAP(string $suffix, string $filter, array<string|int, mixed> $attributes[, int $limit = -1 ]) : array<string|int, mixed>
Parameters
$suffix : string

LDAP suffix

$filter : string

filter

$attributes : array<string|int, mixed>

list of attributes to return

$limit : int = -1

result limit

Return values
array<string|int, mixed>

list of found entries

getLDAPServerHandle()

Returns the LDAP server handle.

getLDAPServerHandle() : handle
Return values
handle

LDAP handle

searchLDAPPaged()

Runs an LDAP search and uses paging if configured.

searchLDAPPaged(handle $server, string $dn, string $filter, array<string|int, mixed> $attributes, bool $attrsOnly, int $limit) : array<string|int, mixed>
Parameters
$server : handle

LDAP connection handle

$dn : string

DN

$filter : string

filter

$attributes : array<string|int, mixed>

attribute list

$attrsOnly : bool

return only attribute names

$limit : int

size limit

Return values
array<string|int, mixed>

results

ldapGetDN()

Returns the given DN.

ldapGetDN(string $dn[, array<string|int, mixed> $attributes = array('dn') ][, handle $handle = null ]) : array<string|int, mixed>
Parameters
$dn : string

DN

$attributes : array<string|int, mixed> = array('dn')

list of attributes to fetch

$handle : handle = null

LDAP handle (optional for admin interface pages)

Return values
array<string|int, mixed>

attributes or null if not found

ldapListDN()

Returns the DN and children of a given DN.

ldapListDN(string $dn[, string $filter = '(objectclass=*)' ][, array<string|int, mixed> $attributes = array('dn') ][, handle $handle = null ][, int $limit = -1 ]) : array<string|int, mixed>
Parameters
$dn : string

DN

$filter : string = '(objectclass=*)'

LDAP filter

$attributes : array<string|int, mixed> = array('dn')

list of attributes to fetch

$handle : handle = null

LDAP handle (optional for admin interface pages)

$limit : int = -1

result limit

Return values
array<string|int, mixed>

attributes or null if not found

deleteDN()

Deletes a DN and all child entries.

deleteDN(string $dn, bool $recursive) : array<string|int, mixed>
Parameters
$dn : string

DN to delete

$recursive : bool

recursive delete also child entries

Return values
array<string|int, mixed>

error messages

copyDnRecursive()

Performs a recursive copy from old DN under target DN.

copyDnRecursive(string $oldDn, string $targetDn) : void
Parameters
$oldDn : string

old DN to copy

$targetDn : string

copy nodes under this DN

Tags
throws
LAMException

error on copy

Return values
void

moveDn()

Moves an LDAP entry.

moveDn(string $oldDn, string $targetDn) : void
Parameters
$oldDn : string

old DN

$targetDn : string

target container DN

Tags
throws
LAMException

error during move

Return values
void

getLastLDAPError()

Returns the parameters for a StatusMessage of the last LDAP search.

getLastLDAPError() : array<string|int, mixed>
Return values
array<string|int, mixed>

parameters for StatusMessage or null if all was ok

cleanLDAPResult()

Cleans the result of an LDAP search.

cleanLDAPResult(array<string|int, mixed> &$entries) : mixed

This will remove all 'count' entries and also all numeric array keys.

Parameters
$entries : array<string|int, mixed>

LDAP entries in format $entries[entry number][attribute name][attribute values]

Return values
mixed

getAbstractDN()

Transforms a DN into a more user friendly format.

getAbstractDN(string $dn) : string

E.g. "dc=company,dc=de" is transformed to "company > de".

Parameters
$dn : string

DN

Return values
string

transformed DN

unescapeLdapSpecialCharacters()

Unescapes LDAP special characters for readability.

unescapeLdapSpecialCharacters(string $dn) : string
Parameters
$dn : string

escaped DN

Return values
string

unescaped DN

unescapeLdapSpecialCharactersCallback()

Callback function for unescaping DN.

unescapeLdapSpecialCharactersCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>

HEX value that was found

Return values
string

unescaped string

compareDN()

Helper function to sort DNs.

compareDN(string $a, string $b) : int
Parameters
$a : string

first argument to compare

$b : string

second argument to compare

Return values
int

0 if equal, 1 if $a is greater, -1 if $b is greater

formatLDAPTimestamp()

Formats an LDAP time string (e.g. from createTimestamp).

formatLDAPTimestamp(string $time) : string
Parameters
$time : string

LDAP time value

Return values
string

formatted time

parseLDAPTimestamp()

Parses an LDAP time stamp and returns a DateTime in current time zone.

parseLDAPTimestamp(string $time) : DateTime
Parameters
$time : string

LDAP time value

Return values
DateTime

time

obfuscateText()

Simple function to obfuscate strings.

obfuscateText(string $text) : mixed
Parameters
$text : string

text to obfuscate

Return values
mixed

deobfuscateText()

Simple function to deobfuscate strings.

deobfuscateText(string $text) : mixed
Parameters
$text : string

text to deobfuscate

Return values
mixed

isObfuscatedText()

Checks if the given text is obfuscated.

isObfuscatedText(string $text) : bool
Parameters
$text : string

text to check

Return values
bool

obfuscated or not

extractRDNAttribute()

Extracts the RDN attribute name from a given DN.

extractRDNAttribute(string $dn) : string
Parameters
$dn : string

DN

Return values
string

RDN attribute name

extractRDNValue()

Extracts the RDN attribute value from a given DN.

extractRDNValue(string $dn) : string
Parameters
$dn : string

DN

Return values
string

RDN attribute value

extractRDN()

Extracts the RDN part of the DN.

extractRDN(string|null $dn) : string|null
Parameters
$dn : string|null

DN

Return values
string|null

RDN part

extractDNSuffix()

Extracts the DN suffix from a given DN.

extractDNSuffix(string $dn) : string

E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.

Parameters
$dn : string

DN

Return values
string

DN suffix

sendPasswordMail()

Sends the password mail.

sendPasswordMail(string $pwd, array<string|int, mixed> $user[, string $recipient = null ]) : array<string|int, mixed>
Parameters
$pwd : string

new password

$user : array<string|int, mixed>

LDAP attributes of user

$recipient : string = null

recipient address (optional, $user['mail'][0] used by default)

Return values
array<string|int, mixed>

list of arrays that can be used to create status messages

sendEMail()

Sends out an email.

sendEMail(string|array<string|int, mixed> $to, string $subject, string $text, string $from, bool $isHTML[, string $replyTo = null ][, string $cc = null ][, string $bcc = null ]) : mixed
Parameters
$to : string|array<string|int, mixed>

TO address

$subject : string

email subject

$text : string

mail body (with \r\n EOL)

$from : string

FROM address

$isHTML : bool

HTML format

$replyTo : string = null

REPLY-TO address (optional)

$cc : string = null

CC address (optional)

$bcc : string = null

BCC address (optional)

Return values
mixed

isCommandlineSafeEmailAddress()

Checks if an email address is safe for use on commandline

isCommandlineSafeEmailAddress( $address) : bool
Parameters
$address :

email address

Return values
bool

is safe

getRandomNumber()

Returns a random number.

getRandomNumber() : int
Return values
int

random number

getLDAPSSLCertificate()

Connects to the LDAP server and extracts the certificates.

getLDAPSSLCertificate(string $server, string $port) : mixed
Parameters
$server : string

server name

$port : string

server port

Return values
mixed

false on error and certificate if extracted successfully

getExtendedLDAPErrorMessage()

Returns the extended LDAP error message if any.

getExtendedLDAPErrorMessage(handle $server) : string
Parameters
$server : handle

LDAP server handle

Return values
string

error message

getDefaultLDAPErrorString()

Returns the default error message to display on the web page.

getDefaultLDAPErrorString(handle $server) : string

HTML special characters are already escaped.

Parameters
$server : handle

LDAP server handle

Return values
string

error message

getExtraInvalidCredentialsMessage()

Tries to get additional information why invalid credentials was returned. E.g. account is locked.

getExtraInvalidCredentialsMessage(handle $ldap, string $userDn) : string
Parameters
$ldap : handle

LDAP object to connect for getting extra data

$userDn : string

failed DN

Return values
string

extra message

getCallingURL()

Returns the URL under which the page was loaded.

getCallingURL([ $baseUrl = '' ]) : string

This includes any GET parameters set.

Parameters
$baseUrl : = ''

base URL (e.g. http://www.example.com)

Return values
string

URL

getTimeZoneOffsetHours()

Returns the offset in hours from configured time zone to GMT.

getTimeZoneOffsetHours() : int
Return values
int

offset

getTimeZone()

Returns the configured time zone.

getTimeZone() : DateTimeZone
Return values
DateTimeZone

time zone

getFormattedTime()

Returns the current time in formatted form.

getFormattedTime(unknown $format) : mixed
Parameters
$format : unknown

format to use (e.g. 'Y-m-d H:i:s')

Return values
mixed

formatSecondsToShortFormat()

Formats a number of seconds to a more human readable format with minutes, hours, etc.

formatSecondsToShortFormat(int $numSeconds) : string

E.g. 70 seconds will return 1m10s.

Parameters
$numSeconds : int

number of seconds

Return values
string

formatted number

unformatShortFormatToSeconds()

Unformats text like 1m10s back to number of seconds.

unformatShortFormatToSeconds(string $text) : int
Parameters
$text : string

formatted text

Return values
int

number of seconds

enforceUserIsLoggedIn()

Checks if the user is logged in. Stops script execution if not.

enforceUserIsLoggedIn([bool $check2ndFactor = true ]) : mixed
Parameters
$check2ndFactor : bool = true

check if the 2nd factor was provided if required

Return values
mixed

printHeaderContents()

Prints the content of the header part.

printHeaderContents(string $title, string $prefix) : mixed
Parameters
$title : string

page title

$prefix : string

prefix to LAM main folder (e.g. "..")

Return values
mixed

printJsIncludes()

Prints script tags for all LAM JS files.

printJsIncludes(string $prefix) : mixed
Parameters
$prefix : string

prefix to LAM main folder (e.g. "..")

Return values
mixed

convertUtf8ToUtf16Le()

Converts an UTF-8 string to UTF16LE.

convertUtf8ToUtf16Le(string $input) : mixed
Parameters
$input : string

UTF-8 value

Return values
mixed

getLAMVersionText()

Returns the text with LAM and its version for header area.

getLAMVersionText() : string
Return values
string

LAM version text

isDeveloperVersion()

Returns if the given release is a developer version.

isDeveloperVersion(mixed $version) : bool
Parameters
$version : mixed
Return values
bool

is developer version

lam_start_session()

Starts a session and sets the cookie options.

lam_start_session() : mixed
Return values
mixed

startSecureSession()

Starts a session and checks the environment.

startSecureSession([bool $redirectToLogin = true ][, bool $initSecureData = false ]) : bool

The script is stopped if one of the checks fail (timeout redirection may be overridden).

Parameters
$redirectToLogin : bool = true

redirect user to login page (default: true)

$initSecureData : bool = false

init verification data like session ID and client IP (default: false)

Return values
bool

true if all ok, false if session expired

checkClientIP()

Checks if the client's IP address is on the list of allowed IPs.

checkClientIP() : mixed

The script is stopped if the host is not valid.

Return values
mixed

logoffAndBackToLoginPage()

Logs off the user and displays the login page.

logoffAndBackToLoginPage() : mixed
Return values
mixed

isDebugLoggingEnabled()

Returns if debug messages are to be logged.

isDebugLoggingEnabled() : bool
Return values
bool

debug enabled

logNewMessage()

Puts a new message in the log file.

logNewMessage(string $level, string $message) : void
Parameters
$level : string

log level (LOG_DEBUG, LOG_NOTICE, LOG_WARNING, LOG_ERR)

$message : string

log message

Return values
void

checkIfWriteAccessIsAllowed()

Checks if write access to LDAP is allowed.

checkIfWriteAccessIsAllowed([string $scope = null ]) : bool
Parameters
$scope : string = null

account type (e.g. user)

Return values
bool

true, if allowed

checkIfPasswordChangeIsAllowed()

Checks if passwords may be changed.

checkIfPasswordChangeIsAllowed() : bool
Return values
bool

true, if allowed

checkIfNewEntriesAreAllowed()

Checks if it is allowed to create new LDAP entries of the given type.

checkIfNewEntriesAreAllowed(string $scope) : bool

This also checks if general write access is enabled.

Parameters
$scope : string

account type (e.g. 'user')

Return values
bool

true, if new entries are allowed

checkIfDeleteEntriesIsAllowed()

Checks if it is allowed to delete LDAP entries of the given type.

checkIfDeleteEntriesIsAllowed(string $scope) : bool
Parameters
$scope : string

account type (e.g. 'user')

Return values
bool

true, if entries may be deleted

checkPasswordStrength()

Checks if the password fulfills the password policies.

checkPasswordStrength(string $password, string|array<string|int, mixed> $userNames, array<string|int, mixed> $otherUserAttrs) : mixed
Parameters
$password : string

password

$userNames : string|array<string|int, mixed>

user name(s)

$otherUserAttrs : array<string|int, mixed>

user's first/last name

Return values
mixed

true if ok, string with error message if not valid

checkPwdWithExternalPasswordService()

Checks the password against the external password service.

checkPwdWithExternalPasswordService(LAMCfgMain $cfg, string $password) : bool
Parameters
$cfg : LAMCfgMain

main configuration

$password : string

password

Return values
bool

password accepted as secure

checkIfToolIsActive()

Checks if the given tool is active.

checkIfToolIsActive(string $tool) : mixed

Otherwise, an error message is logged and the execution is stopped (die()).

Parameters
$tool : string

tool class name (e.g. toolFileUpload)

Return values
mixed

isLoggedIn()

Returns if the user is logged in.

isLoggedIn() : bool
Return values
bool

is logged in

getClientIPForLogging()

Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).

getClientIPForLogging() : string
Return values
string

client IP (e.g. 10.10.10.10,11.11.11.11)

getLamLdapUser()

Returns the login dn of the current user.

getLamLdapUser() : string
Return values
string

user DN

addSecurityTokenToSession()

Adds a security token to the session to prevent CSRF attacks.

addSecurityTokenToSession([bool $overwrite = true ]) : mixed
Parameters
$overwrite : bool = true

overwrite existing token

Return values
mixed

validateSecurityToken()

Checks if the security token from SESSION matches POST data.

validateSecurityToken() : mixed
Return values
mixed

getSecurityTokenName()

Returns the name of the security token parameter.

getSecurityTokenName() : string
Return values
string

name

getSecurityTokenValue()

Returns the value of the security token parameter.

getSecurityTokenValue() : string
Return values
string

value

setLAMHeaders()

Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.

setLAMHeaders() : mixed
Return values
mixed

lamEncrypt()

Encrypts a string

lamEncrypt(string $data[, string $prefix = '' ]) : object
Parameters
$data : string

string to encrypt

$prefix : string = ''

prefix for cookie names

Return values
object

encrypted string

lamDecrypt()

Decrypts a string

lamDecrypt(object $data[, string $prefix = '' ]) : string
Parameters
$data : object

string to decrypt

$prefix : string = ''

prefix for cookie names

Return values
string

decrypted string

lamEncryptionAlgo()

Returns the encryption algorithm to use.

lamEncryptionAlgo() : string
Return values
string

algorithm name

lamLogRemoteMessage()

Logs a message to a remote logging service.

lamLogRemoteMessage(int $level, string $message, LAMCfgMain $cfgMain) : mixed
Parameters
$level : int

log level

$message : string

log message

$cfgMain : LAMCfgMain

main configuration

Return values
mixed

StatusMessage()

This function prints a short status message. It can be used to print INFO, WARN and ERROR messages at the moment.

StatusMessage(string $MessageTyp, string $MessageHeadline[, string $MessageText = '' ][, array<string|int, mixed> $MessageVariables = array() ][, bool $returnOutput = false ]) : string

The headline and text may be formatted with special tags:

{bold}, {endbold}: All text between these tags is printed bold.
{color=#123456}, {endcolor}: All text between these tags is printed in the given color.
{link=http://nodomain.org}, {endlink}: A link with the given target is created. The link text is the text between the tags.

Parameters
$MessageTyp : string

The type of the message to be printed. It must be one of the following types: 'INFO', 'WARN' or 'ERROR'.
Every other type will lead to an error message indicating an invalid message type.

$MessageHeadline : string

The headline of the status message.
It may be formatted with special color/link/bold tags.

$MessageText : string = ''

The text of the status message.
It may be formatted with special color/link/bold tags. This parameter is optional.

$MessageVariables : array<string|int, mixed> = array()

The variables that are used to replace the spacers (%s) in the submitted text. This parameter is optional.

$returnOutput : bool = false

if set to true this function will return the generated HTML code instead of printing it directly (default: false)

Return values
string

HTML code if $returnOutput is set to true, otherwise null

parseMessageString()

Use the three replace functions on the submitted Text.

parseMessageString(string $MessageString) : string
Parameters
$MessageString : string

The text that is used to search for replaceable strings.

Tags
access

private

Return values
string

The processed text.

boldText()

Replace {bold} and {endbold} with <b> and </b> HTML-Tags.

boldText(string $text) : string
Parameters
$text : string

The text that is used to search for {bold} and {endbold} tags.

Tags
access

private

Return values
string

The submitted text with {bold} and {endbold} replaced with the appropriate HTML tags and

colorText()

Replace {color=#[HEX-Value]} or {color=[HEX-Value]} and {endcolor} with <font color="#[HEX-Value]"> and </font> HTML-Tags.

colorText(string $text) : string
Parameters
$text : string

The text that is used to search for {color} and {endcolor} tags.

Tags
access

private

Return values
string

Input string with HTML-formatted color tags

linkText()

Replace {link=[Link-Target]} and {endlink} with <a href="[Link-Target]" target="_blank"> and </a> HTML-Tags.

linkText(string $text) : string
Parameters
$text : string

The text that is used to search for {link} and {endlink} tags.

Tags
access

private

Return values
string

Input string with HTML-formatted link tags

Search results