Beispiel #1
0
function addAuth($name, $auth_class, $sub_start = 'all', $sub_end = 'all')
{
    // 10Nov12 EL Add FANNIE_AUTH_ENABLED
    global $FANNIE_AUTH_ENABLED;
    $sql = dbconnect();
    if (!isAlphanumeric($name) or !isAlphanumeric($auth_class) or !isAlphanumeric($sub_start) or !isAlphanumeric($sub_end)) {
        return false;
    }
    $uid = getUID($name);
    if (!$uid) {
        return $uid;
    }
    /* 10Nov12 EL Add FANNIE_AUTH_ENABLED test per intent of create-first-user
     *             call from auth.php to skip validation check.
     *             auth_enabled() does not return the correct value.
     */
    if ($FANNIE_AUTH_ENABLED) {
        if (($auth_class == 'admin' || $auth_class == 'sysadmin') && getNumUsers() == 1) {
            // skip validation check in
            // this instance
        } elseif (!validateUser('admin')) {
            return false;
        }
    }
    $addQ = $sql->prepare_statement("insert into userPrivs values (?,?,?,?)");
    $addR = $sql->exec_statement($addQ, array($uid, $auth_class, $sub_start, $sub_end));
    return true;
}
            $update_query = $update_query . "egps_username='******' or ";
        }
    }
    //strip trailing 'or' and whitespace
    $update_query = substr($update_query, 0, -4);
    //echo $delete_query;
    $update_result = mysql_query($update_query);
    if (!$update_result) {
        $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$update_query}'<BR>";
        $system_message = $system_message . $error_message;
        IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    }
    //$system_message = $delete_query;
}
//find number of support_members
$iNumSupportMembers = getNumUsers();
if ($iNumSupportMembers == NULL) {
    //throw an error
    $system_message = $system_message . $error_message;
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//find number of support_members online
$iNumSupportMembersOnline = getNumUsersOnline();
if ($iNumSupportMembersOnline == NULL) {
    //throw an error
    $system_message = $system_message . $error_message;
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//get the list of all users...
if (!isset($_GET['iLimit'])) {
    $iLimit = 10;
    /**
      Define any javascript needed
      @return A javascript string
    function javascript_content(){
        $js ="";
        return $js;
    
    }
    */
    function body_content()
    {
        global $FANNIE_AUTH_ENABLED;
        include '../config.php';
        ob_start();
        echo showInstallTabs('Authentication');
        ?>

<form action=InstallAuthenticationPage.php method=post>
<h1 class="install">
    <?php 
        if (!$this->themed) {
            echo "<h1 class='install'>{$this->header}</h1>";
        }
        ?>
</h1>
<?php 
        if (is_writable('../config.php')) {
            echo "<div class=\"alert alert-success\"><i>config.php</i> is writeable</div>";
        } else {
            echo "<div class=\"alert alert-danger;\"><b>Error</b>: config.php is not writeable</div>";
        }
        ?>
<hr />
<p class="ichunk" style="margin-top: 1.0em;">
<b>Authentication enabled</b>
<?php 
        echo installSelectField('FANNIE_AUTH_ENABLED', $FANNIE_AUTH_ENABLED, array(1 => 'Yes', 0 => 'No'), false, false);
        ?>
</p><!-- /.ichunk -->
<?php 
        // Default to Authenticate ("Authenticate Everything") or not.
        if ($FANNIE_AUTH_ENABLED) {
            echo "<p class='ichunk'>";
            echo "<b>Authenticate by default </b>";
            echo installSelectField('FANNIE_AUTH_DEFAULT', $FANNIE_AUTH_DEFAULT, array(1 => 'Yes', 0 => 'No'), false, false);
            echo "If 'Yes' all Admin utilities will require Login<br />";
            echo "If 'No' only those utilities coded for it will require Login";
            echo "</p><!-- /.ichunk -->";
        }
        if ($FANNIE_AUTH_ENABLED) {
            if (!function_exists("login")) {
                include $FANNIE_ROOT . 'auth/login.php';
            }
            // if no users exist, offer to create one
            if (getNumUsers() == 0) {
                $success = False;
                if (isset($_REQUEST['newuser']) && isset($_REQUEST['newpass'])) {
                    $FANNIE_AUTH_ENABLED = False;
                    // toggle to bypass user checking
                    $newUser = $_REQUEST['newuser'];
                    $success = createLogin($_REQUEST['newuser'], $_REQUEST['newpass']);
                    if ($success) {
                        echo "<i>User " . $_REQUEST['newuser'] . " created</i><br />";
                        $FANNIE_AUTH_ENABLED = True;
                        // toggle enforce error checking
                        $success = addAuth($_REQUEST['newuser'], 'admin');
                        if ($success) {
                            echo "<i>User " . $_REQUEST['newuser'] . " is an admin</i><br />";
                            echo "You can use these credentials at the <a href='../auth/ui/' target='_aui'>Authentication Interface</a></br />";
                            echo " Other protected pages may require different credentials.<br />";
                            $success = addAuth($_REQUEST['newuser'], 'sysadmin');
                            if ($success) {
                                echo "<i>User " . $_REQUEST['newuser'] . " is a sysadmin</i><br />";
                                echo "You can use these credentials at the Installation and Configuration Interface (these pages)</br />";
                                // populate known privileges table automatically
                                $db = FannieDB::get($FANNIE_OP_DB);
                                ob_start();
                                // don't care about primary key errors
                                \COREPOS\Fannie\API\data\DataLoad::loadSampleData($db, 'userKnownPrivs');
                                ob_end_clean();
                                // loaddata() has no return value; success assumed.
                                echo "Table {$FANNIE_OP_DB}.userKnownPrivs has been populated with the standard privilege set.<br />";
                            } else {
                                echo "<b>Error making user {$newUser} a sysadmin</b><br />";
                            }
                        } else {
                            echo "<b>Error making user {$newUser} an admin</b><br />";
                        }
                    } else {
                        echo "<b>Error creating initial user</b><br />";
                    }
                    $FANNIE_AUTH_ENABLED = True;
                    // toggle enforce error checking
                }
                if (!$success) {
                    echo "<br /><i>No users defined. To create an initial admin user,\n                enter a username and password below</i><br />";
                    echo 'Username: <input type="text" name="newuser" /><br />';
                    echo 'Password: <input type="password" name="newpass" /><br />';
                }
            } else {
                echo "<p class='ichunk'>You can manage Login users and groups via the <a href='../auth/ui/' target='_aui'>Authentication Interface</a>";
                echo "</p><!-- /.ichunk -->";
            }
            echo "<p class='ichunk'><a href='../../documentation/Fannie/developer/auth.html' target='_audoc'>How Authentication Works</a>";
            echo "</p><!-- /.ichunk -->";
        }
        ?>
<hr />
<b>Allow shadow logins</b>
<?php 
        echo installSelectField('FANNIE_AUTH_SHADOW', $FANNIE_AUTH_SHADOW, array(1 => 'Yes', 0 => 'No'), false, false);
        if (!file_exists("../auth/shadowread/shadowread")) {
            echo "<div class=\"alert alert-danger\"><b>Error</b>: shadowread utility does not exist</div>";
            echo "<div class=\"well\">";
            echo "shadowread lets Fannie authenticate users agaist /etc/shadow. To create it:";
            echo "<pre>\ncd " . realpath('../auth/shadowread') . "\nmake\n    </pre>";
            echo "</div>";
        } else {
            $perms = fileperms("../auth/shadowread/shadowread");
            if ($perms == 0104755) {
                echo "<div class=\"alert alert-success\">shadowread utility has proper permissions</div>";
            } else {
                echo "<div class=\"alert alert-danger\"><b>Warning</b>: shadowread utility has incorrect permissions</div>";
                echo "<div class=\"well\">";
                echo "shadowread needs setuid permission. To fix it: ";
                echo "<pre>\ncd " . realpath('../auth/shadowread') . "\nsudo make install\n        </pre>";
                echo "</div>";
            }
        }
        ?>
<hr />
<b>Allow LDAP logins</b>
<?php 
        echo installSelectField('FANNIE_AUTH_LDAP', $FANNIE_AUTH_LDAP, array(1 => 'Yes', 0 => 'No'), false, false);
        if (!function_exists("ldap_connect")) {
            echo "<div class=\"alert alert-danger\"><b>Warning</b>: PHP install does not have LDAP support enabled</div>";
        } else {
            echo "<div class=\"alert alert-success\">PHP has LDAP support enabled</div>";
        }
        ?>
<br />
<label>LDAP Server Host</label>
<?php 
        echo installTextField('FANNIE_LDAP_SERVER', $FANNIE_LDAP_SERVER, '127.0.0.1');
        ?>
<label>LDAP Port</label>
<?php 
        echo installTextField('FANNIE_LDAP_PORT', $FANNIE_LDAP_PORT, '389');
        ?>
<label>LDAP Domain (DN)</label>
<?php 
        echo installTextField('FANNIE_LDAP_DN', $FANNIE_LDAP_DN, 'ou=People,dc=example,dc=org');
        ?>
<label>LDAP Username Field</label>
<?php 
        echo installTextField('FANNIE_LDAP_SEARCH_FIELD', $FANNIE_LDAP_SEARCH_FIELD, 'uid');
        ?>
<label>LDAP User ID# Field</label>
<?php 
        echo installTextField('FANNIE_LDAP_UID_FIELD', $FANNIE_LDAP_UID_FIELD, 'uidnumber');
        ?>
<label>LDAP Real Name Field</label>
<?php 
        echo installTextField('FANNIE_LDAP_RN_FIELD', $FANNIE_LDAP_RN_FIELD, 'cn');
        ?>
<hr />
<p>
    <button type=submit class="btn btn-default">Save Configuration</button>
</p>
</form>

<?php 
        return ob_get_clean();
        // body_content
    }