#!/usr/bin/php
<?php
(file_exists("/usr/share/mcms/user_management_functions.php")) or die("Unable to open /usr/share/mcms/user_management_functions.php");
(include("/usr/share/mcms/user_management_functions.php")) or die("Unable to open /usr/share/mcms/user_management_functions.php");
global $passchange;

function usage() {
  global $argv;
  echo "Usage: $argv[0] [options] LOGIN\n";
  echo "  -g <GID>, --gid=GID                   group ID of the account\n";
  echo "  -G <GROUPS>, --groups=GROUPS          comma separated list of additional\n";
  echo "                                        group names\n";
  echo "  -d <DIR>, --dir=DIR                   home directory\n";
  echo "  -s <SHELL>, --shell=SHELL             users shell\n";
  echo "  -c <COMMENT>, --comment=COMMENT       GECOS field of the account, typically\n";
  echo "                                        full name\n";
  echo "  -p <PASSWORD>, --password=<PASSWORD>  change the password, supplied in\n";
  echo "                                        parameter\n";
  echo "  -P, --promptpass                      change the password, prompting for it\n";
  echo "  -R, --randpass                        generate random password, displayed\n";
  echo "                                        in summary\n";
  echo "  -C, --forcechange                     require the user to change the pass at\n";
  echo "                                        1st login\n";
  echo "  -q, --quiet                           do not print summary of user addition\n";
  echo "  -v, --verbose                         print additional details in summary\n";
  echo "  -h, --help                            print this help message\n";
  exit(254);
}

function parseargs($argc, $argv){
  global $gecos, $uid, $gid, $groups, $homedir, $shell, $password, $forcepwchange, $quiet, $comment, $login, $passmsg, $randpass, $verbose, $passchange;
  if($argc<2 || in_array($argv[1],array('--help','-h','-help','-?'))) usage();
  $shortopts="g:G:d:s:c:p:PRCqv";
  $longopts=array("gid:", "groups:", "dir:", "shell:", "comment:", "password:", "promptpass", "randpass", "forcechange", "quiet", "verbose");
  $opt_index=null;
  $options=getopt($shortopts, $longopts, $opt_index);
  if ($opt_index+1 < $argc) {
    echo "Too many parameters specified index $opt_index argc $argc\n";
    usage();
  }
  if(isset($argv[$opt_index])) {
    $login=$argv[$opt_index];
  } else {
    echo "LOGIN not provided\n";
    usage();
  }
  if ( $login[0] == "-" ) {
    echo "Invalid login name, starts with \"-\"\n";
    usage();
  }
  $passchange=false;
  $password=null;
  $passmsg="provided password";
  $randpass=false;

  if (isset($options['g']) || isset($options['gid'])) {
    if (isset($options['g'])) {
      $gid=(int)$options['g'];
    } else {
      $gid=(int)$options['gid'];
    }
    $gidtest=popen("getent group $gid | awk 'BEGIN{FS=\":\"}{print $3}'","r");
    $gidresult=(int)trim(fgets($gidtest));
    if($gid!=$gidresult) {
      echo "Specified gid $gid does not exist\n";
      exit(3);
    }
  } else {
    $gid="";
  }

  if (isset($options['G']) || isset($options['groups'])) {
    if (isset($options['G'])) {
      $groups=$options['G'];
    } else {
      $groups=$options['groups'];
    }
  } else {
    $groups="";
  }

  if (isset($options['c']) || isset($options['comment']) ) {
    if (isset($options['c'])) {
      $comment=$options['c'];
    } else {
      $comment=$options['comment'];
    }
  } else {
    $comment="";
  }

  if (isset($options['d']) || isset($options['dir']) ) {
    if (isset($options['d'])) {
      $homedir=$options['d'];
    } else {
      $homedir=$options['dir'];
    }
  } else {
    $homedir="";
  }

  if (isset($options['s']) || isset($options['shell']) ) {
    if (isset($options['s'])) {
      $shell=$options['s'];
    } else {
      $shell=$options['shell'];
    }
  } else {
    $shell="";
  }

  if ((isset($options['p']) || isset($options['password'])) && (isset($options['R']) || isset($options['randpass'])) ) {
    echo "Cannot specify both password and randpass parameters.\n";
    usage();
  }
  if ((isset($options['p']) || isset($options['password'])) && (isset($options['P']) || isset($options['promptpass'])) ) {
    echo "Cannot specify both password and promptpass parameters.\n";
    usage();
  }
  if ((isset($options['R']) || isset($options['randpass'])) && (isset($options['P']) || isset($options['promptpass'])) ) {
    echo "Cannot specify both randpass and promptpass parameters.\n";
    usage();
  }

  if (isset($options['p']) || isset($options['password']) ) {
    if (isset($options['p'])) {
      $password=$options['p'];
    } else {
      $password=$options['password'];
    }
    if($password=="") {
      echo "Missing password parameter\n";
      usage();
    }
    $passchange=true;
  }

  if (isset($options['P']) || isset($options['promptpass'])) {
    $passchange=true;
  }

  if (isset($options['R']) || isset($options['randpass'])) {
    $passchange=true;
    $randpass=true;
  }

  if (isset($options['C']) || isset($options['forcechange'])) {
    $forcepwchange=true;
  } else {
    $forcepwchange=false;
  }

  if (isset($options['q']) || isset($options['quiet']) ) {
    $quiet=true;
  } else {
    $quiet=false;
  }

  if (isset($options['v']) || isset($options['verbose'])) {
    $quiet=false;
    $verbose=true;
  } else {
    $verbose=false;
  }
}  //end parseargs

//execution starts here
init();
parseargs($argc,$argv);

$logincheck=popen("getent passwd $login","r");
$loginfound=trim(fgets($logincheck,4096));
if($loginfound=="") {
  echo "User $login does not exist\n";
  exit(5);
}

if ($randpass) {
  $password=randomPassword();
  $passmsg="randomly generated password $password";
}

if ($passchange && $password==null) {
  $pass1=getPass("Please enter the new password for $login: ");
  $pass2=getPass("Verify: ");
  while ($pass1!=$pass2) {
    echo "Passwords do not match.  Try again.\n";
    $pass1=getPass("Please enter the new password for $login: ");
    $pass2=getPass("Verify: ");
  }
  $password=$pass1;
}

ldap_update_user($login,$gid,$password,$homedir,$comment,$shell,$forcepwchange);
if ($groups!="") ldap_user_set_groups($login, $groups);
flush_ldap_client($login,"");

if(!$quiet) {
  echo "Modified user $login\n";
  if($password!="" && $randpass) echo "password: $passmsg\n";
  if($verbose) {
    if($password!="" && !$randpass) echo "password: $passmsg\n";
    if($gid!="") echo "gid: $gid\n";
    if($homedir!="") echo "homedir: $homedir\n";
    if($comment!="") echo "comment: $comment\n";
    if($shell!="") echo "shell: $shell\n";
  }
}
?>
