functions.inc

Go to the documentation of this file.

<?php
/*
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
  Copyright (C) 2003-2010  Cajus Pollmeier
  Copyright (C) 2011-2016  FusionDirectory

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/

/* Define common locations and variables */
require_once('variables.inc');

/* Include required files */
require_once(CACHE_DIR.'/'.CLASS_CACHE);
require_once('functions_debug.inc');
require_once('accept-to-gettext.inc');

function fusiondirectory_autoload ($class_name)
{
  global $class_mapping, $BASE_DIR, $config;

  if ($class_mapping === NULL) {
    if (isset($config) && is_object($config) &&
        $config->get_cfg_value('displayerrors') == 'TRUE') {
      list($trace, ) = html_trace();
      echo $trace;
      echo "<br/>\n";
    }
    echo sprintf(_("Fatal error: no class locations defined - please run '%s' to fix this"), "<b>fusiondirectory-configuration-manager --update-cache</b>");
    exit;
  }

  /* Do not try to autoload smarty classes */
  if (strpos($class_name, 'Smarty_') === 0) {
    return;
  }

  if (strpos($class_name, 'FusionDirectory\\') === 0) {
    $class_name = preg_replace('/^.+\\\\([^\\\\]+)$/', '\\1', "$class_name");
  }

  if (isset($class_mapping["$class_name"])) {
    require_once($BASE_DIR.'/'.$class_mapping["$class_name"]);
  } else {
    logging::debug(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $class_name, 'Could not load');
    if (isset($config) && is_object($config) &&
        $config->get_cfg_value('displayerrors') == 'TRUE') {
      list($trace, ) = html_trace();
      echo $trace;
      echo "<br/>\n";
    }
    echo sprintf(_("Fatal error: cannot instantiate class '%s' - try running '%s' to fix this"), $class_name, "<b>fusiondirectory-configuration-manager --update-cache</b>");
    exit;
  }
}
spl_autoload_register('fusiondirectory_autoload');


function class_available ($name)
{
  global $class_mapping;
  return isset($class_mapping[$name]);
}


function plugin_available ($plugin)
{
  global $class_mapping, $BASE_DIR;

  if (!isset($class_mapping[$plugin])) {
    return FALSE;
  } else {
    return is_readable($BASE_DIR.'/'.$class_mapping[$plugin]);
  }
}

function DEBUG ($level, $line, $function, $file, $data, $info = '')
{
  logging::debug($level, $line, $function, $file, $data, $info);
}

function copynotice ()
{
  return sprintf(htmlescape(_('%s 2002-%d %sThe FusionDirectory team, %s%s')), '&copy;', date('Y'), '<a href="http://www.fusiondirectory.org">', FD_VERSION, '</a>');
}

function get_template_path ($filename = '', $plugin = FALSE, $path = '')
{
  global $config, $BASE_DIR;
  $default_theme = 'breezy';

  /* Set theme */
  if (isset($config)) {
    $theme = $config->get_cfg_value('theme', $default_theme);
  } else {
    $theme = $default_theme;
  }

  /* Return path for empty filename */
  if ($filename == '') {
    return "themes/$theme/";
  }

  /* Return plugin dir or root directory? */
  if ($plugin) {
    if ($path == '') {
      $path = session::get('plugin_dir');
      $nf   = preg_replace('!^'.$BASE_DIR.'/!', '', preg_replace('/^\.\.\//', '', $path));
    } else {
      $nf = preg_replace('!^'.$BASE_DIR.'/!', '', $path);
    }
    $paths = [
      "$BASE_DIR/ihtml/themes/$theme/$nf/$filename",
      "$BASE_DIR/ihtml/themes/$default_theme/$nf/$filename",
      "$BASE_DIR/ihtml/themes/default/$nf/$filename",
      $path."/$filename"
    ];
  } else {
    $paths = [
      "themes/$theme/$filename",
      "$BASE_DIR/ihtml/themes/$theme/$filename",
      "themes/$default_theme/$filename",
      "$BASE_DIR/ihtml/themes/$default_theme/$filename",
      "themes/default/$filename",
      "$BASE_DIR/ihtml/themes/default/$filename",
      $filename
    ];
  }

  foreach ($paths as $path) {
    if (file_exists($path)) {
      return $path;
    }
  }

  return end($paths);
}


function array_remove_entries (array $needles, array $haystack): array
{
  return array_values(array_udiff($haystack, $needles, 'array_cmp_recursive'));
}


function array_remove_entries_ics (array $needles, array $haystack): array
{
  // strcasecmp will work, because we only compare ASCII values here
  return array_values(array_udiff($haystack, $needles, 'strcasecmp'));
}

function array_merge_unique (array $ar1, array $ar2): array
{
  return array_values(array_unique(array_merge($ar1, $ar2)));
}


function fusiondirectory_log ($message)
{
  global $ui;

  /* Preset to something reasonable */
  $username = '[unauthenticated]';

  /* Replace username if object is present */
  if (isset($ui)) {
    if ($ui->uid != '') {
      $username = '['.$ui->uid.']';
    } else {
      $username = '[unknown]';
    }
  }

  syslog(LOG_INFO, "FusionDirectory $username: $message");
}

function &get_userinfo ()
{
  global $ui;

  return $ui;
}

function &get_smarty ()
{
  global $smarty;

  return $smarty;
}

function convert_department_dn ($dn, $base = NULL)
{
  global $config;

  if ($base == NULL) {
    $base = $config->current['BASE'];
  }

  /* Build a sub-directory style list of the tree level
     specified in $dn */
  $dn = preg_replace('/'.preg_quote($base, '/')."$/i", '', $dn);
  if (empty($dn)) {
    return '/';
  }

  $dep = '';
  foreach (explode(',', $dn) as $rdn) {
    $dep = preg_replace("/^[^=]+=/", '', $rdn).'/'.$dep;
  }

  /* Return and remove accidently trailing slashes */
  return trim($dep, '/');
}

function get_ou ($name)
{
  global $config;

  $map = [
    'fusiondirectoryRDN'      => 'ou=fusiondirectory,',
    'lockRDN'                 => 'ou=locks,',
    'recoveryTokenRDN'        => 'ou=recovery,',
    'reminderTokenRDN'        => 'ou=reminder,',
    'roleRDN'                 => 'ou=roles,',
    'ogroupRDN'               => 'ou=groups,',
    'applicationRDN'          => 'ou=apps,',
    'systemRDN'               => 'ou=systems,',
    'serverRDN'               => 'ou=servers,ou=systems,',
    'terminalRDN'             => 'ou=terminals,ou=systems,',
    'workstationRDN'          => 'ou=workstations,ou=systems,',
    'printerRDN'              => 'ou=printers,ou=systems,',
    'phoneRDN'                => 'ou=phones,ou=systems,',
    'componentRDN'            => 'ou=netdevices,ou=systems,',
    'mobilePhoneRDN'          => 'ou=mobile,ou=systems,',

    'inventoryRDN'            => 'ou=inventory,',

    'ipmiRDN'                 => 'ou=ipmi,',

    'faxBlocklistRDN'     => 'ou=gofax,ou=systems,',
    'aclRoleRDN'          => 'ou=aclroles,',
    'phoneMacroRDN'       => 'ou=macros,ou=asterisk,ou=configs,ou=systems,',
    'phoneConferenceRDN'  => 'ou=conferences,ou=asterisk,ou=configs,ou=systems,',

    'faiBaseRDN'      => 'ou=fai,ou=configs,ou=systems,',
    'faiScriptRDN'    => 'ou=scripts,',
    'faiHookRDN'      => 'ou=hooks,',
    'faiTemplateRDN'  => 'ou=templates,',
    'faiVariableRDN'  => 'ou=variables,',
    'faiProfileRDN'   => 'ou=profiles,',
    'faiPackageRDN'   => 'ou=packages,',
    'faiPartitionRDN' => 'ou=disk,',

    'debconfRDN'      => 'ou=debconf,',

    'supannStructuresRDN' => 'ou=structures,',

    'sudoRDN'     => 'ou=sudoers,',

    'netgroupRDN' => 'ou=netgroup,',

    'deviceRDN'   => 'ou=devices,',

    'aliasRDN'    => 'ou=alias,',

    'dsaRDN'    => 'ou=dsa,',

    'mimetypeRDN' => 'ou=mime,'
  ];

  /* Preset ou... */
  if ($config->get_cfg_value($name, '_not_set_') != '_not_set_') {
    $ou = $config->get_cfg_value($name);
  } elseif (isset($map[$name])) {
    return $map[$name];
  } else {
    return NULL;
  }

  if ($ou != '') {
    if (!preg_match('/^[^=]+=[^=]+/', $ou)) {
      $ou = "ou=$ou";
    } else {
      $ou = "$ou";
    }

    if (preg_match('/'.preg_quote($config->current['BASE'], '/').'$/', $ou)) {
      return $ou;
    } else {
      if (preg_match('/,$/', $ou)) {
        return $ou;
      } else {
        return "$ou,";
      }
    }
  } else {
    return '';
  }
}

function get_people_ou ()
{
  return get_ou('userRDN');
}

function get_base_from_people ($dn)
{
  global $config;

  $pattern  = "/^[^,]+,".preg_quote(get_people_ou(), '/')."/i";
  $base     = preg_replace($pattern, '', $dn);

  /* Set to base, if we're not on a correct subtree */
  $departmentInfo = $config->getDepartmentInfo();
  if (!isset($departmentInfo[$base])) {
    $base = $config->current['BASE'];
  }

  return $base;
}


function strict_uid_mode ()
{
  global $config;

  if (isset($config)) {
    return ($config->get_cfg_value('strictNamingRules') == 'TRUE');
  }
  return TRUE;
}

function to_string ($value)
{
  /* If this is an array, generate a text blob */
  if (is_array($value)) {
    $ret = '';
    foreach ($value as $line) {
      $ret .= $line."<br>\n";
    }
    return $ret;
  } else {
    return $value;
  }
}

function rewrite ($s)
{
  /* Rewrite german 'umlauts' and spanish 'accents'
   to get better results */
  static $REWRITE = [
    'ä' => 'ae',
    'ö' => 'oe',
    'ü' => 'ue',
    'Ä' => 'Ae',
    'Ö' => 'Oe',
    'Ü' => 'Ue',
    'ß' => 'ss',
    'á' => 'a',
    'é' => 'e',
    'í' => 'i',
    'ó' => 'o',
    'ú' => 'u',
    'Á' => 'A',
    'É' => 'E',
    'Í' => 'I',
    'Ó' => 'O',
    'Ú' => 'U',
    'ñ' => 'ny',
    'Ñ' => 'Ny',
  ];

  foreach ($REWRITE as $key => $val) {
    $s = str_replace($key, $val, $s);
  }

  return $s;
}


function dn2base ($dn, $ou = NULL)
{
  if ($ou === NULL) {
    if (get_people_ou() != '') {
      $dn = preg_replace('/,'.get_people_ou().'/i', ',', $dn);
    }
    if (get_ou('groupRDN') != '') {
      $dn = preg_replace('/,'.get_ou('groupRDN').'/i', ',', $dn);
    }
  } else {
    $dn = preg_replace("/,$ou/i", ',', $dn);
  }

  return preg_replace('/^[^,]+,/i', '', $dn);
}

function check_command ($cmdline)
{
  $cmd = preg_replace("/ .*$/", '', $cmdline);

  /* Check if command exists in filesystem */
  if (!file_exists($cmd)) {
    return FALSE;
  }

  /* Check if command is executable */
  if (!is_executable($cmd)) {
    return FALSE;
  }

  return TRUE;
}

function normalize_netmask ($netmask)
{
  /* Check for notation of netmask */
  if (!preg_match('/^([0-9]+\.){3}[0-9]+$/', $netmask)) {
    $num      = (int)($netmask);
    $netmask  = "";

    for ($byte = 0; $byte < 4; $byte++) {
      $result = 0;

      for ($i = 7; $i >= 0; $i--) {
        if ($num-- > 0) {
          $result += 2 ** $i;
        }
      }

      $netmask .= $result.".";
    }

    return preg_replace('/\.$/', '', $netmask);
  }

  return $netmask;
}


function netmask_to_bits ($netmask)
{
  $nm = explode('.', $netmask, 4);

  $res = 0;
  for ($n = 0; $n < 4; $n++) {
    $start  = 255;

    for ($i = 0; $i < 8; $i++) {
      if ($start == (int)($nm[$n])) {
        $res += 8 - $i;
        break;
      }
      $start -= 2 ** $i;
    }
  }

  return $res;
}

function to_byte ($value)
{
  $value = strtolower(trim($value));

  if (!is_numeric(substr($value, -1))) {
    switch (substr($value, -1)) {
      case 'g':
        $mult = 1073741824;
        break;
      case 'm':
        $mult = 1048576;
        break;
      case 'k':
        $mult = 1024;
        break;
      default:
        return $value;
    }

    return $mult * (int)substr($value, 0, -1);
  } else {
    return $value;
  }
}

function humanReadableSize ($bytes, $precision = 2)
{
  $format = [
    _('%sB'),
    _('%sKiB'),
    _('%sMiB'),
    _('%sGiB'),
    _('%sTiB'),
    _('%sPiB'),
    _('%sEiB'),
    _('%sZiB'),
    _('%sYiB')
  ];
  if ($bytes == 0) {
    return sprintf($format[0], '0');
  }
  $base = log($bytes) / log(1024);

  return sprintf($format[floor($base)], round(1024 ** ($base - floor($base)), $precision));
}


function in_array_ics ($value, array $items)
{
  return preg_grep('/^'.preg_quote($value, '/').'$/i', $items);
}

function validate ($string)
{
  return strip_tags(str_replace('\0', '', $string));
}


function rmdirRecursive ($path, $followLinks = FALSE)
{
  $dir = opendir($path);
  while ($entry = readdir($dir)) {
    if (is_file($path."/".$entry) || ((!$followLinks) && is_link($path."/".$entry))) {
      unlink($path."/".$entry);
    } elseif (is_dir($path."/".$entry) && ($entry != '.') && ($entry != '..')) {
      rmdirRecursive($path."/".$entry);
    }
  }
  closedir($dir);
  return rmdir($path);
}


function scan_directory ($path, $sort_desc = FALSE)
{
  $ret = FALSE;

  /* is this a dir ? */
  /* is this path a readable one */
  if (is_dir($path) && is_readable($path)) {
    /* Get contents and write it into an array */
    $ret = [];

    $dir = opendir($path);

    /* Is this a correct result ?*/
    if ($dir) {
      while ($fp = readdir($dir)) {
        $ret[] = $fp;
      }
    }
  }
  /* Sort array ascending , like scandir */
  sort($ret);

  /* Sort descending if parameter is sort_desc is set */
  if ($sort_desc) {
    $ret = array_reverse($ret);
  }

  return $ret;
}


function clean_smarty_compile_dir ($directory)
{
  if (is_dir($directory) && is_readable($directory)) {
    // Set revision filename to REVISION
    $revision_file = $directory."/REVISION";

    /* Is there a stamp containing the current revision? */
    if (file_exists($revision_file)) {
      // check for "$config->...['CONFIG']/revision" and the
      // contents should match the revision number
      if (!compare_revision($revision_file, FD_VERSION)) {
        // If revision differs, clean compile directory
        foreach (scan_directory($directory) as $file) {
          if (($file == '.') || ($file == '..')) {
            continue;
          }
          if (is_file($directory.'/'.$file) && !unlink($directory.'/'.$file)) {
            $error = new FusionDirectoryError(
              htmlescape(sprintf(
                _('File "%s" could not be deleted. Try "fusiondirectory-configuration-manager --check-directories" to fix permissions.'),
                $directory."/".$file
              ))
            );
            $error->display();
          }
        }
      } else {
        // Revision matches, nothing to do
      }
    }
    /* If the file does not exists or has just been deleted */
    if (!file_exists($revision_file)) {
      // create revision file
      create_revision($revision_file, FD_VERSION);
    }
  }
}

function create_revision ($revision_file, $revision)
{
  $result = FALSE;

  if (is_dir(dirname($revision_file)) && is_writable(dirname($revision_file))) {
    $fh = fopenWithErrorHandling($revision_file, 'w');
    if (is_array($fh)) {
      $error = new FusionDirectoryError(
        htmlescape(_('Cannot write to revision file:')).'<br/>'.
        implode(
          '<br/>',
          array_map('htmlescape', $fh)
        )
      );
      $error->display();
      return $result;
    } else {
      if (fwrite($fh, $revision)) {
        $result = TRUE;
      }
      fclose($fh);
    }
  }

  if (!$result) {
    $error = new FusionDirectoryError(htmlescape(_('Cannot write to revision file!')));
    $error->display();
  }

  return $result;
}

function compare_revision ($revision_file, $revision)
{
  // FALSE means revision differs
  $result = FALSE;

  if (file_exists($revision_file) && is_readable($revision_file)) {
    // Open file
    $fh = fopenWithErrorHandling($revision_file, 'r');
    if (is_array($fh)) {
      $error = new FusionDirectoryError(
        htmlescape(_('Cannot read revision file:')).'<br/>'.
        implode(
          '<br/>',
          array_map('htmlescape', $fh)
        )
      );
      $error->display();
    } else {
      // Compare File contents with current revision
      if ($revision == fread($fh, filesize($revision_file))) {
        $result = TRUE;
      }
      // Close file
      fclose($fh);
    }
  }

  return $result;
}


function array_key_ics ($ikey, array $items)
{
  $tmp  = array_change_key_case($items, CASE_LOWER);
  $ikey = strtolower($ikey);
  if (isset($tmp[$ikey])) {
    return $tmp[$ikey];
  }

  return '';
}


function array_differs (array $src, array $dst): bool
{
  /* If the count is differing, the arrays differ */
  if (count($src) != count($dst)) {
    return TRUE;
  }

  return (count(array_diff($src, $dst)) != 0);
}

function array_differs_recursive ($src, $dst): bool
{
  return (array_cmp_recursive($src, $dst) !== 0);
}

function array_cmp_recursive ($src, $dst): int
{
  if (is_array($src)) {
    if (!is_array($dst)) {
      return 1;
    }
    if (count($src) != count($dst)) {
      return count($src) - count($dst);
    }
    foreach ($src as $key => $value) {
      if (!isset($dst[$key])) {
        return 1;
      }
      if (($cmp = array_cmp_recursive($dst[$key], $value)) !== 0) {
        return $cmp;
      }
    }
    return 0;
  }
  return strcmp($src, $dst);
}

function normalizeLdap ($input)
{
  trigger_error('deprecated, use ldap_escape_f');
  return addcslashes($input, '*()\\/');
}

function check_schema (array $cfg)
{
  $checks = [];

  /* Get objectclasses */
  $ldapObj = new LDAP($cfg['admin'], $cfg['password'], $cfg['connection'], FALSE, $cfg['tls']);
  $ldap = new ldapMultiplexer($ldapObj);
  $objectclasses = $ldap->get_objectclasses(TRUE);
  if (count($objectclasses) == 0) {
    $warning = new FusionDirectoryWarning(htmlescape(_('Cannot get schema information from server. No schema check possible!')));
    $warning->display();
    return $checks;
  }

  /* This is the default block used for each entry.
   *  to avoid unset indexes.
   */
  $def_check = [
    'SCHEMA_FILE'       => '',
    'CLASSES_REQUIRED'  => [],
    'STATUS'            => FALSE,
    'IS_MUST_HAVE'      => FALSE,
    'MSG'               => '',
    'INFO'              => ''
  ];

  /* FusionDirectory core schemas */

  /* core-fd */
  $checks['core-fd'] = $def_check;

  $checks['core-fd']['SCHEMA_FILE']       = 'core-fd.schema';
  $checks['core-fd']['CLASSES_REQUIRED']  = ['fdLockEntry'];
  $checks['core-fd']['IS_MUST_HAVE']      = TRUE;
  $checks['core-fd']['INFO']              = _('Main FusionDirectory schema');

  /* core-fd-conf */
  $checks['core-fd-conf'] = $def_check;

  $checks['core-fd-conf']['SCHEMA_FILE']      = 'core-fd-conf.schema';
  $checks['core-fd-conf']['CLASSES_REQUIRED'] = ['fusionDirectoryConf'];
  $checks['core-fd-conf']['IS_MUST_HAVE']     = TRUE;
  $checks['core-fd-conf']['INFO']             = _('Schema used to store FusionDirectory configuration');

  /* ldapns */
  $checks['ldapns'] = $def_check;

  $checks['ldapns']['SCHEMA_FILE']      = 'ldapns.schema';
  $checks['ldapns']['CLASSES_REQUIRED'] = ['hostObject'];
  $checks['ldapns']['IS_MUST_HAVE']     = FALSE;
  $checks['ldapns']['INFO']             = _('Used to store trust mode information in users or groups.');

  /* template-fd */
  $checks['template-fd'] = $def_check;

  $checks['template-fd']['SCHEMA_FILE']      = 'template-fd.schema';
  $checks['template-fd']['CLASSES_REQUIRED'] = ['fdTemplate'];
  $checks['template-fd']['IS_MUST_HAVE']     = FALSE;
  $checks['template-fd']['INFO']             = _('Used to store templates.');

  if (class_available('posixAccount')) {
    /* nis */
    $checks['nis'] = $def_check;

    $checks['nis']['SCHEMA_FILE']       = 'nis.schema';
    $checks['nis']['CLASSES_REQUIRED']  = ['posixAccount'];
    $checks['nis']['IS_MUST_HAVE']      = FALSE;
    $checks['nis']['INFO']              = _('Used to store POSIX information.');
  }

  foreach ($checks as $name => $value) {
    foreach ($value['CLASSES_REQUIRED'] as $class) {
      if (!isset($objectclasses[$class])) {
        $checks[$name]['STATUS'] = FALSE;
        if ($value['IS_MUST_HAVE']) {
          $checks[$name]['MSG']    = sprintf(_('Missing required object class "%s"!'), $class);
        } else {
          $checks[$name]['MSG']    = sprintf(_('Missing optional object class "%s"!'), $class);
        }
      } else {
        $checks[$name]['STATUS']  = TRUE;
        $checks[$name]['MSG']     = sprintf(_('Class(es) available'));
      }
    }
  }

  $checks['posixGroup'] = $def_check;

  $checks['posixGroup']['SCHEMA_FILE']      = 'nis.schema';
  $checks['posixGroup']['CLASSES_REQUIRED'] = ['posixGroup'];
  $checks['posixGroup']['STATUS']           = TRUE;
  $checks['posixGroup']['MSG']              = '';
  $checks['posixGroup']['INFO']             = '';

  if (isset($objectclasses['posixGroup'])) {
    $checks['posixGroup']['IS_MUST_HAVE']     = TRUE;

    /* Depending on mixed groups plugin installation status, we need different schema configurations */
    if (class_available('mixedGroup') && isset($objectclasses['posixGroup']['STRUCTURAL'])) {
      $checks['posixGroup']['STATUS'] = FALSE;
      $checks['posixGroup']['MSG']    = _('You have installed the mixed groups plugin, but your schema configuration does not support this.');
      $checks['posixGroup']['INFO']   = _('In order to use mixed groups the objectClass "posixGroup" must be AUXILIARY');
    } elseif (!class_available('mixedGroup') && !isset($objectclasses['posixGroup']['STRUCTURAL'])) {
      $checks['posixGroup']['STATUS'] = FALSE;
      $checks['posixGroup']['MSG']    = _('Your schema is configured to support mixed groups, but this plugin is not present.');
      $checks['posixGroup']['INFO']   = _('The objectClass "posixGroup" must be STRUCTURAL');
    }
  }

  return $checks;
}


function get_post ($name)
{
  if (!isset($_POST[$name])) {
    trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
    return FALSE;
  }

  return validate($_POST[$name]);
}

function get_correct_class_name ($cls)
{
  global $class_mapping;
  if (isset($class_mapping) && is_array($class_mapping)) {
    foreach (array_keys($class_mapping) as $class) {
      if (preg_match("/^".$cls."$/i", $class)) {
        return $class;
      }
    }
  }
  return FALSE;
}


function change_password ($dn, $password, $hash = "")
{
  $userTabs = objects::open($dn, 'user');
  $userTab  = $userTabs->getBaseObject();
  $userTab->userPassword = [
    $hash,
    $password,
    $password,
    $userTab->userPassword,
    $userTab->attributesAccess['userPassword']->isLocked()
  ];
  $userTabs->update();
  $error = $userTabs->save();
  if (!empty($error)) {
    return $error;
  }

  return TRUE;
}

function getEntryCSN (string $dn): string
{
  global $config;
  if (empty($dn) || !is_object($config)) {
    return '';
  }

  /* Get attribute that we should use as serial number */
  $attr = $config->get_cfg_value('modificationDetectionAttribute');
  if ($attr != '') {
    $ldap = $config->get_ldap_link();
    $ldap->cat($dn, [$attr]);
    $attrs = $ldap->fetch();
    if (isset($attrs[$attr][0])) {
      return $attrs[$attr][0];
    }
  }
  return '';
}

function send_binary_content ($data, $name, $type = "application/octet-stream")
{
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
  header("Cache-Control: no-cache");
  header("Pragma: no-cache");
  header("Cache-Control: post-check=0, pre-check=0");
  header("Content-type: ".$type);

  /* Strip name if it is a complete path */
  if (preg_match("/\//", $name)) {
    $name = basename($name);
  }

  /* force download dialog */
  header('Content-Disposition: attachment; filename="'.$name.'"');

  echo $data;
  exit();
}

function xmlentities ($str)
{
  if (is_string($str)) {
    return htmlspecialchars($str, ENT_QUOTES);
  } elseif (is_array($str)) {
    foreach ($str as $name => $value) {
      $str[$name] = xmlentities($value);
    }
  }
  return $str;
}

function get_random_char ()
{
  $randno = rand(0, 63);
  if ($randno < 12) {
    // Digits, '/' and '.'
    return chr($randno + 46);
  } elseif ($randno < 38) {
    // Uppercase
    return chr($randno + 53);
  } else {
    // Lowercase
    return chr($randno + 59);
  }
}

function cred_decrypt ($input, $password)
{
  /************************* Inspired by Crypt/CBC.pm *******************************/
  $input = pack('H*', $input);
  if (substr($input, 0, 8) != 'Salted__') {
    throw new FusionDirectoryException("Invalid hash header: expected 'Salted__', found '".substr($input, 0, 8)."'");
  }
  $salt   = substr($input, 8, 8);
  $input  = substr($input, 16);

  $key_len  = 32;
  $iv_len   = openssl_cipher_iv_length('aes-256-cbc');

  $data = '';
  $d    = '';
  while (strlen($data) < $key_len + $iv_len) {
    $d = md5($d . $password . $salt, TRUE);
    $data .= $d;
  }
  $key  = substr($data, 0, $key_len);
  $iv   = substr($data, $key_len, $iv_len);

  return openssl_decrypt($input, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
}

function isIpInNet ($ip, $net, $mask)
{
  // Move to long ints
  $ip    = ip2long($ip);
  $net   = ip2long($net);
  $mask  = ip2long($mask);

  // Mask given IP with mask. If it returns "net", we're in...
  return (($ip & $mask) == $net);
}

function expandIPv6 ($ip)
{
  $hex  = unpack('H*hex', inet_pton($ip));
  return substr(preg_replace('/([A-f0-9]{4})/', "$1:", $hex['hex']), 0, -1);
}

/* Mark the occurance of a string with a span */
function mark ($needle, $haystack)
{
  $result = '';

  while (preg_match('/^(.*)('.preg_quote($needle).')(.*)$/i', $haystack, $matches)) {
    $result   .= $matches[1].'<span class="mark">'.$matches[2].'</span>';
    $haystack = $matches[3];
  }

  return $result.$haystack;
}

function reset_errors ()
{
  session::set('errorsAlreadyPosted', []);
}

function load_all_classes ()
{
  global $BASE_DIR, $class_list, $class_mapping;
  /* Initially load all classes */
  $class_list = get_declared_classes();
  foreach ($class_mapping as $class => $path) {
    if (!in_array($class, $class_list)) {
      if (is_readable("$BASE_DIR/$path")) {
        require_once("$BASE_DIR/$path");
      } else {
        throw new FatalError(
          sprintf(
            htmlescape(_('Cannot locate file "%s" - please run "%s" to fix this')),
            htmlescape("$BASE_DIR/$path"),
            '<b>fusiondirectory-configuration-manager --update-cache</b>'
          )
        );
      }
    }
  }
}

function ldap_escape_f ($str, $ignore = '')
{
  return ldap_escape($str, $ignore, LDAP_ESCAPE_FILTER);
}

function ldap_escape_dn ($str, $ignore = '')
{
  return ldap_escape($str, $ignore, LDAP_ESCAPE_DN);
}

function mail_utf8 ($to, $from_user, $from_email, $subject, $message, $replyto_user = NULL, $replyto_email = NULL, $type = 'plain')
{
  $subject = "=?UTF-8?B?".base64_encode($subject)."?=";

  if ($replyto_user === NULL) {
    $replyto_user = $from_user;
  }

  if ($replyto_email === NULL) {
    $replyto_email = $from_email;
  }

  if ($from_user) {
    $from_user = "=?UTF-8?B?".base64_encode($from_user)."?=";
    $headers = "From: $from_user <$from_email>\r\n";
  } else {
    $headers = "From: <$from_email>\r\n";
  }

  if ($replyto_email) {
    if ($replyto_user) {
      $replyto_user = "=?UTF-8?B?".base64_encode($replyto_user)."?=";
      $headers .= "Reply-To: $replyto_user <$replyto_email>\r\n";
    } else {
      $headers .= "Reply-To: <$replyto_email>\r\n";
    }
  }

  $headers .= "MIME-Version: 1.0" . "\r\n" .
              "Content-type: text/$type; charset=UTF-8" . "\r\n";

  $additional_parameters = "-f".$from_email;

  return mail($to, $subject, $message, $headers, $additional_parameters);
}

/* Calls fopen, gives errors as an array if any, file handle if successful */
function fopenWithErrorHandling (...$args)
{
  $errors = [];
  set_error_handler(
    function (int $errno, string $errstr, string $errfile, int $errline, array $errcontext) use (&$errors): bool
    {
      $errors[] = $errstr;

      return TRUE;
    }
  );
  $fh = @fopen(...$args);
  restore_error_handler();
  if ($fh !== FALSE) {
    return $fh;
  }
  return $errors;
}

// Check to see if it exists in case PHP has this function later
if (!function_exists('mb_substr_replace')) {
  // Same parameters as substr_replace with the extra encoding parameter
  function mb_substr_replace (string $string, string $replacement, $start, $length = NULL, $encoding = NULL)
  {
    if ($encoding === NULL) {
      $encoding = mb_internal_encoding();
    }
    if ($length === NULL) {
      return  mb_substr($string, 0, $start, $encoding).
              $replacement;
    } else {
      return  mb_substr($string, 0, $start, $encoding).
              $replacement.
              mb_substr($string, $start + $length, NULL, $encoding);
    }
  }
}