From 8a5f378de6655dc820f4b6ea233be15a52c310de Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:44:28 +0200
Subject: [PATCH 1/8] add searchall in index.php

add route to page and configuration variable
---
 htdocs/index.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/index.php b/htdocs/index.php
index 66d8985..61ca694 100644
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -121,6 +121,7 @@
 $smarty->assign('use_searchexpired',$use_searchexpired);
 $smarty->assign('use_searchwillexpire',$use_searchwillexpire);
 $smarty->assign('use_searchidle',$use_searchidle);
+$smarty->assign('use_searchall',$use_searchall);
 $smarty->assign('fake_password_inputs',$fake_password_inputs);
 
 # Assign messages
@@ -178,6 +179,7 @@
 if ( $page === "searchexpired" and !$use_searchexpired ) { $page = "welcome"; }
 if ( $page === "searchwillexpire" and !$use_searchwillexpire ) { $page = "welcome"; }
 if ( $page === "searchidle" and !$use_searchidle ) { $page = "welcome"; }
+if ( $page === "searchall" and !$use_searchall ) { $page = "welcome"; }
 if ( file_exists($page.".php") ) { require_once($page.".php"); }
 $smarty->assign('page',$page);
 

From 1ce994fd6cbf83844f3333e1006b69a4b8f1f919 Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:49:23 +0200
Subject: [PATCH 2/8] Create searchall.php

add searchall functionality
---
 htdocs/searchall.php | 95 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 htdocs/searchall.php

diff --git a/htdocs/searchall.php b/htdocs/searchall.php
new file mode 100644
index 0000000..44eff01
--- /dev/null
+++ b/htdocs/searchall.php
@@ -0,0 +1,95 @@
+<?php
+/*
+ * Search all entries in LDAP directory
+ */
+
+require_once("../conf/config.inc.php");
+require __DIR__ . '/../vendor/autoload.php';
+require_once("../lib/date.inc.php");
+
+
+
+# Search filter
+$ldap_filter = "$ldap_user_filter";
+
+# Search attributes
+$attributes = array('pwdAccountLockedTime', 'pwdPolicySubentry');
+
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=\Ltb\LtbUtil::search($ldap_filter,$attributes);
+
+if ( ! empty($entries) )
+{
+                # Register policies
+                $pwdPolicies = array();
+
+                # Check if entry is still locked
+                foreach($entries as $entry_key => &$entry) {
+                    # Search active password policy
+                    $pwdPolicy = "";
+                    if (isset($entry['pwdpolicysubentry'][0])) {
+                        $pwdPolicy = $entry['pwdpolicysubentry'][0];
+                    } elseif (isset($ldap_default_ppolicy)) {
+                        $pwdPolicy = $ldap_default_ppolicy;
+                    }
+
+                    $isLocked = false;
+                    $ppolicy_entry = "";
+
+                    if ($pwdPolicy) {
+                        if (!isset($pwdPolicies[$pwdPolicy])){
+                            $search_ppolicy = ldap_read($ldap, $pwdPolicy, "(objectClass=pwdPolicy)", array('pwdLockoutDuration'));
+                            if ( $errno ) {
+                                error_log("LDAP - PPolicy search error $errno  (".ldap_error($ldap).")");
+                            } else {
+                                $ppolicy_entry = ldap_get_entries($ldap, $search_ppolicy);
+                                $pwdPolicies[$pwdPolicy]['pwdLockoutDuration'] = $ppolicy_entry[0]['pwdlockoutduration'][0];
+                            }
+                        }
+
+                        # Lock
+                        $pwdLockoutDuration = $pwdPolicies[$pwdPolicy]['pwdLockoutDuration'];
+                        $pwdAccountLockedTime = $entry['pwdaccountlockedtime'][0];
+
+                        if ( $pwdAccountLockedTime === "000001010000Z" ) {
+                            $isLocked = true;
+                        } else if (isset($pwdAccountLockedTime)) {
+                            if (isset($pwdLockoutDuration) and ($pwdLockoutDuration > 0)) {
+                                $lockDate = ldapDate2phpDate($pwdAccountLockedTime);
+                                $unlockDate = date_add( $lockDate, new DateInterval('PT'.$pwdLockoutDuration.'S'));
+                                if ( time() <= $unlockDate->getTimestamp() ) {
+                                    $isLocked = true;
+                                }
+                            } else {
+                                $isLocked = true;
+                            }
+                        }
+                    }
+                    // Add isLocked to the entry array
+                    $entry['isLocked'] = $isLocked;
+                }
+
+                $smarty->assign("page_title", "allaccounts");
+                if ($nb_entries === 0) {
+                    $result = "noentriesfound";
+                } else {
+                    $smarty->assign("nb_entries", $nb_entries);
+                    $smarty->assign("entries", $entries);
+                    $smarty->assign("size_limit_reached", $size_limit_reached);
+
+                    $columns = $search_result_items;
+                    if (! in_array($search_result_title, $columns)) array_unshift($columns, $search_result_title);
+                    $smarty->assign("listing_columns", $columns);
+                    $smarty->assign("listing_linkto",  isset($search_result_linkto) ? $search_result_linkto : array($search_result_title));
+                    $smarty->assign("listing_sortby",  array_search($search_result_sortby, $columns));
+                    $smarty->assign("show_undef", $search_result_show_undefined);
+                    $smarty->assign("truncate_value_after", $search_result_truncate_value_after);
+                    if ($isLocked === true) {
+                        $smarty->assign("entry_is_locked", true);
+                    }
+                    if ($use_unlockaccount) {
+                        $smarty->assign("display_unlock_button", true);
+                    }
+                }
+}
+
+?>

From 09ae0c777be2733b586e240ffe9b8501be70e0c5 Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:51:16 +0200
Subject: [PATCH 3/8] add allaccounts en.inc.php

add message "All Accounts"
---
 lang/en.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lang/en.inc.php b/lang/en.inc.php
index 8470925..1f177d8 100644
--- a/lang/en.inc.php
+++ b/lang/en.inc.php
@@ -9,6 +9,7 @@
 $messages['accountnotunlocked'] = "Fail to unlock account";
 $messages['accountunlocked'] = "Account is not locked";
 $messages['accountstatus'] = "Account status";
+$messages['allaccounts'] = "All accounts";
 $messages['changesubject'] = "Your password has been changed";
 $messages['changesubjectforadmin'] = "User password has been changed";
 $messages['changemessage'] = "Hello {name},\n\nYour password has been changed.\n\nIf you didn't request a password reset, please contact your administrator for details.";

From caf5b1fc735d7364146c4ab6c1f5291441cc2568 Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:54:51 +0200
Subject: [PATCH 4/8] add lockaccount-button listing_table.tpl

check if entry is locked and display appropriate button
---
 templates/listing_table.tpl | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/templates/listing_table.tpl b/templates/listing_table.tpl
index 2c7d33c..bde6157 100644
--- a/templates/listing_table.tpl
+++ b/templates/listing_table.tpl
@@ -13,9 +13,15 @@
                 <i class="fa fa-fw fa-id-card"></i>
             </a>
         {if $display_unlock_button}
-            <a href="index.php?page=unlockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-success btn-sm" role="button" title="{$msg_unlockaccount}">
-                <i class="fa fa-fw fa-unlock"></i>
-            </a>
+            {if $entry.isLocked || !isset($entry.isLocked)}
+                <a href="index.php?page=unlockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-success btn-sm" role="button" title="{$msg_unlockaccount}">
+                    <i class="fa fa-fw fa-unlock"></i>
+                </a>
+            {elif isset($entry.isLocked) && !$entry.isLocked}
+                <a href="index.php?page=lockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-danger btn-sm" role="button" title="{$msg_lockaccount}">
+                    <i class="fa fa-fw fa-lock"></i>
+                </a>
+            {/if}
         {/if}
         </th>
     {foreach $listing_columns as $column}

From e4519d173a84b5804c9cf5d48b87075ed8e37d99 Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:56:12 +0200
Subject: [PATCH 5/8] add entry allacounts menu.tpl

add menu entry for searchall/allaccounts
---
 templates/menu.tpl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/menu.tpl b/templates/menu.tpl
index c81b8fd..b4ea2a8 100644
--- a/templates/menu.tpl
+++ b/templates/menu.tpl
@@ -30,6 +30,9 @@
                       {if $use_searchidle}
                       <li><a href="index.php?page=searchidle" class="dropdown-item"><i class="fa fa-fw fa-hourglass-o"></i> {$msg_idleaccounts}</a></li>
                       {/if}
+                      {if $use_searchall}
+                      <li><a href="index.php?page=searchall"><i class="fa fa-fw fa-users"></i> {$msg_allaccounts}</a></li>
+                      {/if}
                   </ul>
                 </li>
                 {/if}

From bd4808d3429b1882af4e7cd86bca600f219207f6 Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:57:08 +0200
Subject: [PATCH 6/8] Create template for searchall.tpl

add searchall template
---
 templates/searchall.tpl | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 templates/searchall.tpl

diff --git a/templates/searchall.tpl b/templates/searchall.tpl
new file mode 100644
index 0000000..41a59cb
--- /dev/null
+++ b/templates/searchall.tpl
@@ -0,0 +1,11 @@
+<div class="alert alert-warning">
+    {$nb_entries} {if $nb_entries==1}{$msg_entryfound}{else}{$msg_entriesfound}{/if}
+</div>
+
+{if {$size_limit_reached}}
+<div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_sizelimit}</div>
+{/if}
+
+<table id="search-listing" class="table table-striped table-hover table-condensed dataTable">
+    {include 'listing_table.tpl'}
+</table>

From a20ce17ba9b2958eae767a80b9c04aa5828d0be7 Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 14:04:06 +0200
Subject: [PATCH 7/8] Update fr.inc.php

add all accounts message
---
 lang/fr.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lang/fr.inc.php b/lang/fr.inc.php
index a46a7df..6fc9a96 100644
--- a/lang/fr.inc.php
+++ b/lang/fr.inc.php
@@ -9,6 +9,7 @@
 $messages['accountnotunlocked'] = "Échec de déblocage du compte";
 $messages['accountstatus'] = "Statut du compte";
 $messages['accountunlocked'] = "Le compte n'est pas bloqué";
+$messages['allaccounts'] = "Tous les comptes";
 $messages['changesubject'] = "Votre mot de passe a été changé";
 $messages['changesubjectforadmin'] = "Le mot de passe d'un utilisateur a été changé";
 $messages['changemessage'] = "Bonjour {name},\n\nVotre mot de passe a été changé.\nSi vous n'êtes pas à l'origine de cette demande, contactez votre administrateur pour obtenir des précisions.";

From a4376dfb0f9fb096c623b190733dbc71176cdbed Mon Sep 17 00:00:00 2001
From: markussujata <102056688+markussujata@users.noreply.github.com>
Date: Thu, 25 Jul 2024 14:22:43 +0200
Subject: [PATCH 8/8] change button lock and colour listing_table.tpl

button show locked status
red and closed = locked
green and open = unlocked
---
 templates/listing_table.tpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/listing_table.tpl b/templates/listing_table.tpl
index bde6157..e76a8d9 100644
--- a/templates/listing_table.tpl
+++ b/templates/listing_table.tpl
@@ -14,12 +14,12 @@
             </a>
         {if $display_unlock_button}
             {if $entry.isLocked || !isset($entry.isLocked)}
-                <a href="index.php?page=unlockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-success btn-sm" role="button" title="{$msg_unlockaccount}">
-                    <i class="fa fa-fw fa-unlock"></i>
+                <a href="index.php?page=unlockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-danger btn-sm" role="button" title="{$msg_unlockaccount}">
+                    <i class="fa fa-fw fa-lock"></i>
                 </a>
             {elif isset($entry.isLocked) && !$entry.isLocked}
-                <a href="index.php?page=lockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-danger btn-sm" role="button" title="{$msg_lockaccount}">
-                    <i class="fa fa-fw fa-lock"></i>
+                <a href="index.php?page=lockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-success btn-sm" role="button" title="{$msg_lockaccount}">
+                    <i class="fa fa-fw fa-unlock"></i>
                 </a>
             {/if}
         {/if}