PageRenderTime 104ms CodeModel.GetById 20ms RepoModel.GetById 2ms app.codeStats 0ms

/libs/PEAR/Net/LDAP/Filter.php

https://bitbucket.org/tduarte/atmailopen
PHP | 320 lines | 122 code | 18 blank | 180 comment | 31 complexity | 326fc07dcf7d44638ea8f1b0948d2210 MD5 | raw file
    

  1. <?php
    2. 

  2. /* vim: set expandtab tabstop=4 shiftwidth=4: */
    3. 

  3. // +--------------------------------------------------------------------------+
    4. 

  4. // | Net_LDAP                                                                 |
    5. 

  5. // +--------------------------------------------------------------------------+
    6. 

  6. // | Copyright (c) 1997-2007 The PHP Group                                    |
    7. 

  7. // +--------------------------------------------------------------------------+
    8. 

  8. // | This library is free software; you can redistribute it and/or            |
    9. 

  9. // | modify it under the terms of the GNU Lesser General Public               |
    10. 

  10. // | License as published by the Free Software Foundation; either             |
    11. 

  11. // | version 2.1 of the License, or (at your option) any later version.       |
    12. 

  12. // |                                                                          |
    13. 

  13. // | This library is distributed in the hope that it will be useful,          |
    14. 

  14. // | but WITHOUT ANY WARRANTY; without even the implied warranty of           |
    15. 

  15. // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU        |
    16. 

  16. // | Lesser General Public License for more details.                          |
    17. 

  17. // |                                                                          |
    18. 

  18. // | You should have received a copy of the GNU Lesser General Public         |
    19. 

  19. // | License along with this library; if not, write to the Free Software      |
    20. 

  20. // | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA |
    21. 

  21. // +--------------------------------------------------------------------------+
    22. 

  22. // | Authors: Benedikt Hallinger                                              |
    23. 

  23. // +--------------------------------------------------------------------------+
    24. 

  24. //
    25. 

  25. // $Id: Filter.php,v 1.7 2007/06/13 13:12:08 beni Exp $
    26. 

  26. 

  27. require_once("PEAR.php");
    28. 

  28. require_once('Util.php');
    29. 

  29. 

  30. /**
    31. 

  31. * Object representation of a part of a LDAP filter.
    32. 

  32. *
    33. 

  33. * This Class is not completely compatible to the PERL interface!
    34. 

  34. *
    35. 

  35. * The purpose of this class is, that users can easily build LDAP filters
    36. 

  36. * without having to worry about right escaping etc.
    37. 

  37. * A Filter is built using several independent filter objects
    38. 

  38. * which are combined afterwards. This object works in two
    39. 

  39. * modes, depending how the object is created.
    40. 

  40. * If the object is created using the {@link create()} method, then this is a leaf-object.
    41. 

  41. * If the object is created using the {@link combine()} method, then this is a container object.
    42. 

  42. *
    43. 

  43. * LDAP filters are defined in RFC-2254 and can be found under
    44. 

  44. * {@link http://www.ietf.org/rfc/rfc2254.txt}
    45. 

  45. *
    46. 

  46. * Here a quick copy&paste example:
    47. 

  47. * <code>
    48. 

  48. * $filter0 = Net_LDAP_Filter::create('stars', 'equals', '***');
    49. 

  49. * $filter_not0 = Net_LDAP_Filter::combine('not', $filter0);
    50. 

  50. *
    51. 

  51. * $filter1 = Net_LDAP_Filter::create('gn', 'begins', 'bar');
    52. 

  52. * $filter2 = Net_LDAP_Filter::create('gn', 'ends', 'baz');
    53. 

  53. * $filter_comp = Net_LDAP_Filter::combine('or',array($filter_not0, $filter1, $filter2));
    54. 

  54. *
    55. 

  55. * echo $filter_comp->asString();
    56. 

  56. * // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz))
    57. 

  57. * // The stars in $filter0 are treaten as real stars unless you disable escaping.
    58. 

  58. * </code>
    59. 

  59. *
    60. 

  60. * @package Net_LDAP
    61. 

  61. * @author Benedikt Hallinger <beni@php.net>
    62. 

  62. * @version $Revision: 1.7 $
    63. 

  63. */
    64. 

  64. 

  65. class Net_LDAP_Filter extends PEAR
    66. 

  66. {
    67. 

  67.     /**
    68. 

  68.     * Storage for combination of filters
    69. 

  69.     *
    70. 

  70.     * This variable holds a array of filter objects
    71. 

  71.     * that should be combined by this filter object.
    72. 

  72.     *
    73. 

  73.     * @access private
    74. 

  74.     * @var array
    75. 

  75.     */
    76. 

  76.     var $_subfilters = array();
    77. 

  77. 

  78.     /**
    79. 

  79.     * Match of this filter
    80. 

  80.     *
    81. 

  81.     * If this is a leaf filter, then a matching rule is stored,
    82. 

  82.     * if it is a container, then it is a logical operator
    83. 

  83.     *
    84. 

  84.     * @access private
    85. 

  85.     * @var string
    86. 

  86.     */
    87. 

  87.     var $_match;
    88. 

  88. 

  89.     /**
    90. 

  90.     * Single filter
    91. 

  91.     *
    92. 

  92.     * If we operate in leaf filter mode,
    93. 

  93.     * then the constructing method stores
    94. 

  94.     * the filter representation here
    95. 

  95.     *
    96. 

  96.     * @acces private
    97. 

  97.     * @var string
    98. 

  98.     */
    99. 

  99.     var $_filter;
    100. 

  100. 

  101.     /**
    102. 

  102.     * Private, empty constructor
    103. 

  103.     *
    104. 

  104.     * Construction of Net_LDAP_Filter objects occours through either
    105. 

  105.     * {@link create()} or {@link combine()}
    106. 

  106.     *
    107. 

  107.     * @access private
    108. 

  108.     */
    109. 

  109.     function Net_LDAP_Filter()
    110. 

  110.     {
    111. 

  111.     }
    112. 

  112. 

  113.     /**
    114. 

  114.     * Constructor of a new part of a LDAP filter.
    115. 

  115.     *
    116. 

  116.     * The following matching rules exists:
    117. 

  117.     *    - equals:         One of the attributes values is exactly $value
    118. 

  118.     *                      Please note that case sensitiviness is depends on the
    119. 

  119.     *                      attributes syntax configured in the server.
    120. 

  120.     *    - begins:         One of the attributes values must begin with $value
    121. 

  121.     *    - ends:           One of the attributes values must end with $value
    122. 

  122.     *    - contains:       One of the attributes values must contain $value
    123. 

  123.     *    - any:            The attribute can contain any value but must be existent
    124. 

  124.     *    - greater:        The attributes value is greater than $value
    125. 

  125.     *    - less:           The attributes value is less than $value
    126. 

  126.     *    - greaterOrEqual: The attributes value is greater or equal than $value
    127. 

  127.     *    - lessOrEqual:    The attributes value is less or equal than $value
    128. 

  128.     *    - approx:         One of the attributes values is similar to $value
    129. 

  129.     *
    130. 

  130.     * If $escape is set to true (default) then $value will be escaped
    131. 

  131.     * properly. If it is set to false then $value will be treaten as raw value.
    132. 

  132.     *
    133. 

  133.     * Examples:
    134. 

  134.     * $filter = new Net_LDAP_Filter('sn', 'ends', 'foobar');
    135. 

  135.     * -> This will find entries that contain a attribute "sn" that ends with "foobar".
    136. 

  136.     * $filter = new Net_LDAP_Filter('sn', 'any');
    137. 

  137.     * -> This will find entries that contain a attribute "sn" that has any value set.
    138. 

  138.     *
    139. 

  139.     * @param string  $attr_name       Name of the attribute the filter should apply to
    140. 

  140.     * @param string  $match           Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any)
    141. 

  141.     * @param string  $value           (optional) if given, then this is used as a filter
    142. 

  142.     * @param boolean $escape          Should the whole $value be escaped? (default: yes, see {@link escape()} for detailed information)
    143. 

  143.     * @return Net_LDAP_Filter|Net_LDAP_Error
    144. 

  144.     * @see escape()
    145. 

  145.     * @todo implement greaterOrEqual, lessOrEqual, approx
    146. 

  146.     */
    147. 

  147.     function &create($attr_name, $match, $value = '', $escape = true)
    148. 

  148.     {
    149. 

  149.         $leaf_filter = new Net_LDAP_Filter();
    150. 

  150.         if ($escape) {
    151. 

  151.             $array = Net_LDAP_Util::escape_filter_value(array($value));
    152. 

  152.             $value = $array[0];
    153. 

  153.         }
    154. 

  154.         switch (strtolower($match)) {
    155. 

  155.             case 'equals':
    156. 

  156.                 $leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')';
    157. 

  157.             break;
    158. 

  158.             case 'begins':
    159. 

  159.             $leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)';
    160. 

  160.             break;
    161. 

  161.             case 'ends':
    162. 

  162.                 $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')';
    163. 

  163.             break;
    164. 

  164.             case 'contains':
    165. 

  165.                 $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)';
    166. 

  166.             break;
    167. 

  167.             case 'greater':
    168. 

  168.                 $leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')';
    169. 

  169.             break;
    170. 

  170.             case 'less':
    171. 

  171.                 $leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')';
    172. 

  172.             break;
    173. 

  173.             case 'greaterorequal':
    174. 

  174.                 $leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')';
    175. 

  175.             break;
    176. 

  176.             case 'lessorequal':
    177. 

  177.                 $leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')';
    178. 

  178.             break;
    179. 

  179.             case 'approx':
    180. 

  180.                 $leaf_filter->_filter = '(' . $attr_name . '=~' . $value . ')';
    181. 

  181.             break;
    182. 

  182.             case 'any':
    183. 

  183.                 $leaf_filter->_filter = '(' . $attr_name . '=*)';
    184. 

  184.             break;
    185. 

  185.             default:
    186. 

  186.                 return PEAR::raiseError('Net_LDAP_Filter create error: matching rule "' . $match . '" not known!');
    187. 

  187.         }
    188. 

  188.         return $leaf_filter;
    189. 

  189.     }
    190. 

  190. 

  191.     /**
    192. 

  192.     * Combine two or more filter objects using a logical operator
    193. 

  193.     *
    194. 

  194.     * This static method combines two or more filter objects and returns one single
    195. 

  195.     * filter object that contains all the others.
    196. 

  196.     * Call this method statically: $filter =& Net_LDAP_Filter('or', array($filter1, $filter2))
    197. 

  197.     *
    198. 

  198.     * @param string $log_op         The locicall operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!"
    199. 

  199.     * @param array|Net_LDAP_Filter  $filters     array with Net_LDAP_Filter objects
    200. 

  200.     * @return Net_LDAP_Filter|Net_LDAP_Error
    201. 

  201.     * @static
    202. 

  202.     */
    203. 

  203.     function &combine($log_op, $filters)
    204. 

  204.     {
    205. 

  205.         if (PEAR::isError($filters)) {
    206. 

  206.             return $filters;
    207. 

  207.         }
    208. 

  208. 

  209.         // substitude named operators to logical operators
    210. 

  210.         if ($log_op == 'and') $log_op = '&';
    211. 

  211.         if ($log_op == 'or')  $log_op = '|';
    212. 

  212.         if ($log_op == 'not') $log_op = '!';
    213. 

  213. 

  214.         // tests for sane operation
    215. 

  215.         if ($log_op == '!') {
    216. 

  216.             // Not-combination, here we also accept one filter object
    217. 

  217.             if (!is_array($filters) && is_a($filters, 'Net_LDAP_Filter')) {
    218. 

  218.                 $filters = array($filters); // force array
    219. 

  219.             } else {
    220. 

  220.                 $err = PEAR::raiseError('Net_LDAP_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP_Filter nor an array!');
    221. 

  221.                 return $err;
    222. 

  222.             }
    223. 

  223.         } elseif ($log_op == '&' || $log_op == '|') {
    224. 

  224.             if (!is_array($filters) || count($filters) < 2) {
    225. 

  225.                 $err = PEAR::raiseError('Net_LDAP_Filter combine error: Parameter $filters is not a array or contains less than two Net_LDAP_Filter objects!');
    226. 

  226.                 return $err;
    227. 

  227.             }
    228. 

  228.         } else {
    229. 

  229.             $err = PEAR::raiseError('Net_LDAP_Filter combine error: logical operator is not known!');
    230. 

  230.             return $err;
    231. 

  231.         }
    232. 

  232. 

  233. 

  234.         if ($log_op != '&' && $log_op != '|' && $log_op != '!') {
    235. 

  235.             return PEAR::raiseError('Net_LDAP_Filter combine error: Logical operator "' . $log_op . '" not known!');
    236. 

  236.         }
    237. 

  237. 

  238.         $combined_filter = new Net_LDAP_Filter();
    239. 

  239.         foreach ($filters as $testfilter) {     // check for errors
    240. 

  240.             if (is_a($testfilter, 'Net_LDAP_Error')) {
    241. 

  241.                 return $testfilter;
    242. 

  242.             }
    243. 

  243.         }
    244. 

  244. 

  245.         $combined_filter->_subfilters = $filters;
    246. 

  246.         $combined_filter->_match = $log_op;
    247. 

  247.         return $combined_filter;
    248. 

  248.     }
    249. 

  249. 

  250.     /**
    251. 

  251.     * Get the string representation of this filter
    252. 

  252.     *
    253. 

  253.     * This method runs through all filter objects and creates
    254. 

  254.     * the string representation of the filter. If this
    255. 

  255.     * filter object is a leaf filter, then it will return
    256. 

  256.     * the string representation of this filter.
    257. 

  257.     *
    258. 

  258.     * @return string
    259. 

  259.     */
    260. 

  260.     function asString()
    261. 

  261.     {
    262. 

  262.         if ($this->_isLeaf()) {
    263. 

  263.             $return = $this->_filter;
    264. 

  264.         } else {
    265. 

  265.             $return = '';
    266. 

  266.             foreach ($this->_subfilters as $filter) {
    267. 

  267.                 $return = $return.$filter->asString();
    268. 

  268.             }
    269. 

  269.             $return = '(' . $this->_match . $return . ')';
    270. 

  270.         }
    271. 

  271.         return $return;
    272. 

  272.     }
    273. 

  273. 

  274.     /**
    275. 

  275.     * Alias for perl interface as_string()
    276. 

  276.     *
    277. 

  277.     * @see asString()
    278. 

  278.     */
    279. 

  279.     function as_string()
    280. 

  280.     {
    281. 

  281.         return $this->asString();
    282. 

  282.     }
    283. 

  283. 

  284.     /**
    285. 

  285.     * This can be used to escape a string to provide a valid LDAP-Filter.
    286. 

  286.     *
    287. 

  287.     * LDAP will only recognise certain characters as the
    288. 

  288.     * character istself if it is properly escaped. This is
    289. 

  289.     * what this method does.
    290. 

  290.     * The method can be called statically, so you can use it outside
    291. 

  291.     * for your own purposes (eg for escaping only parts of strings)
    292. 

  292.     *
    293. 

  293.     * In fact, this is just a shorthand to {@link Net_LDAP_Util::escape_filter_value()}.
    294. 

  294.     *
    295. 

  295.     * @static
    296. 

  296.     * @param string $string  Any string who should be escaped
    297. 

  297.     * @return string         The string $string, but escaped
    298. 

  298.     * @deprecated  Do not use this method anymore, instead use Net_LDAP_Util::escape_filter_value()
    299. 

  299.     */
    300. 

  300.     function escape($string)
    301. 

  301.     {
    302. 

  302.         return PEAR::raiseError("PLEASE DO NOT USE Net_LDAP_Filter anymore! use Net_LDAP_Util::escape_filter_value() instead!");
    303. 

  303.     }
    304. 

  304. 

  305.     /**
    306. 

  306.     * Is this a container or a leaf filter object?
    307. 

  307.     *
    308. 

  308.     * @access private
    309. 

  309.     * @return boolean
    310. 

  310.     */
    311. 

  311.     function _isLeaf()
    312. 

  312.     {
    313. 

  313.         if (count($this->_subfilters) > 0) {
    314. 

  314.             return false; // Container!
    315. 

  315.         } else {
    316. 

  316.             return true; // Leaf!
    317. 

  317.         }
    318. 

  318.     }
    319. 

  319. }
    320. 

  320. ?>
    321.