}
include "../../include/general.php";
include "../../include/collections_functions.php";
$offset = getvalescaped("offset", 0);
$find = getvalescaped("find", "");
$order_by = getvalescaped("order_by", "u.username");
$group = getval("group", 0, true);
# pager
$per_page = getvalescaped("per_page_list", $default_perpage_list);
setcookie("per_page_list", $per_page);
if (array_key_exists("find", $_POST)) {
$offset = 0;
}
# reset page counter when posting
if (getval("newuser", "") != "") {
$new = new_user(getvalescaped("newuser", ""));
if ($new === false) {
$error = $lang["useralreadyexists"];
} else {
redirect("pages/team/team_user_edit.php?ref=" . $new);
}
}
include "../../include/header.php";
?>
<div class="BasicsBox">
<h2> </h2>
<h1><?php
echo $lang["manageusers"];
?>
<DOCTYPE! HTML>
<html lang="da">
<head>
<meta charset="UTF8">
<title></title>
</head>
<body>
<?php
include_once "includes/functions.php";
$display_button_name = "add";
$display_button_value = "add";
if (isset($_POST['add'])) {
new_user($_POST['name'], $_POST['hash'], $_POST['mail']);
}
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
Navn: <input type="text" name="user_name"><br>
Husk password skal laves til HASH inden overførsel.<br>
Kodeord: <input type="text" name="hash"><br>
Mail: <input type="text" name="mail"><br>
<input type="submit" name="<?php
echo $display_button_name;
?>
" value="<?php
echo $display_button_value;
?>
" />
function new_admin($firstName, $lastName, $email, $password)
{
return new_user($firstName, $lastName, $email, $password, user_type_ADMIN);
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
if (logged_in()) {
log_out();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = fix_string($_POST['new_username']);
$password = fix_string($_POST['new_password']);
$msg = "";
if (!username_valid($username)) {
$msg .= "<li>The username provided is not valid</li>";
}
if (!password_valid($password)) {
$msg .= "<li>The password provided is not valid</li>";
}
$conn = get_conn();
$password = encrypt_password($password);
if (username_available($conn, $username) && $msg == "") {
new_user($conn, $username, $password);
log_in($username);
$msg = '<script>location.href = \'//localhost/exam-simulator/public/index.php\'</script>';
} else {
$msg .= "<li>The username already exists.</li>";
}
$conn->close();
echo $msg;
} else {
go_home();
}
function HookPosixldapauthAllExternalauth($uname, $pword)
{
/* Set the following debug flag to true for more debugging information
*/
$ldap_debug = true;
include_once "include/collections_functions.php";
include_once "plugins/posixldapauth/config/config.default.php";
if (file_exists("plugins/posixldapauth/config/config.php")) {
include_once "plugins/posixldapauth/config/config.php";
}
include_once "plugins/posixldapauth/hooks/ldap_class.php";
global $username;
global $password;
global $password_hash, $use_plugins_manager, $ldapauth;
$debugMode = false;
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Starting Debug");
}
if ($use_plugins_manager == true) {
$ldapauth = get_plugin_config("posixldapauth");
if ($ldapauth == null || $ldapauth['enable'] == false) {
return false;
}
if (!isset($ldapauth['ldapgroupcontainer'])) {
$ldapauth['ldapgroupcontainer'] = "";
}
if (!isset($ldapauth['port'])) {
$ldapauth['port'] = 389;
}
if (!isset($ldapauth['ldapmemberfield'])) {
$ldapauth['ldapmemberfield'] = "";
}
if (!isset($ldapauth['ldapmemberfieldtype'])) {
$ldapauth['ldapmemberfieldtype'] = 0;
}
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Configuration");
}
if ($ldap_debug) {
foreach ($ldapauth as $key => $value) {
if ($key == "groupmap") {
foreach ($ldapauth['groupmap'] as $ldapGrpName => $arrLdapGrp) {
if ($arrLdapGrp['enabled']) {
error_log($ldapGrpName . " is enabled and mapped to " . $arrLdapGrp['rsGroup']);
}
}
} else {
error_log($key . " = " . $value);
}
}
}
}
if ($uname != "" && $pword != "") {
// pass the config to the class
$ldapConf['host'] = $ldapauth['ldapserver'];
$ldapConf['basedn'] = $ldapauth['basedn'];
$ldapConf['addomain'] = $ldapauth['addomain'];
$ldapConf['port'] = $ldapauth['port'];
if ($ldapauth['adusesingledomain']) {
$singleDomain = true;
} else {
$singleDomain = false;
}
$objLdapAuth = new ldapAuth($ldapConf);
if ($ldap_debug) {
$objLdapAuth->ldap_debug = true;
}
// connect to the ldap
if ($objLdapAuth->connect()) {
// see if we can bind with the username and password.
if ($objLdapAuth->auth($uname, $pword, $ldapauth['ldaptype'], $ldapauth['ldapusercontainer'], $singleDomain)) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " auth to ldap server is successful ");
}
$auth = true;
// get the user info etc
$userDetails = $objLdapAuth->getUserDetails($uname);
//print_r($userDetails);
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " cn=" . $userDetails["cn"]);
}
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " dn=" . $userDetails["dn"]);
}
$user_cn = $userDetails["cn"];
$user_dn = $userDetails["dn"];
/* Now we have the user details, we need to figure out if the user exists in the
RS database allready, in which case we'll update the passsword, or if it's
a new user and create users is set, then we create a new user.
Maybe w should also check groups as well? So if group membership has changed the user will be updated!
*/
$uexists = sql_query('select ref from user where username="******"');
if (count($uexists) >= 1) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " User has allready been added to RS, updating password");
}
// if we get here, the user has already been added to RS.
$username = $uname . $ldapauth['usersuffix'];
$password_hash = hash('sha256', md5('RS' . $username . $password));
sql_query('update user set password="******" where username="******"');
// $password=sql_value('select password value from user where username="******"',"");
return true;
} elseif ($ldapauth['createusers']) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Create Users is Enabled");
}
// else, is we have specified to create users from the LDAP, we need to get info about the user
// to add them to resource space.
$nuser = array();
// Start Populating User Fields from LDAP
$nuser['username'] = $uname . $ldapauth['usersuffix'];
$nuser['fullname'] = $user_cn;
if (isset($userDetails["mail"])) {
$nuser['email'] = $userDetails["mail"];
} else {
$nuser['email'] = "{$uname}@mail";
}
$nuser['password'] = hash('sha256', md5('RS' . $nuser['username'] . $password));
// Set a var so that we can keep track of the group level as we scan the access groups.
$currentGroupLevel = 0;
if ($ldapauth['groupbased']) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Group Based is Enabled, checking Groups");
}
// set match to false as default"
$match = false;
/* At this point we want to do a switch on the type of directory we are authenticing against
so that we can use group matching for the different types of directory layout:
ie, AD uses memberof, OD doesn't!
We also need to check for higher numbered groups, ie if a user is amember of staff, and of admin users,
we need to give them the highest access!
*/
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Group Based is Enabled, checking Groups");
}
// set the uid, ie the username...
$objLdapAuth->userName = $uname;
// now we cycle through the config array to check groups!
foreach ($ldapauth['groupmap'] as $ldapGrpName => $arrLdapGrp) {
// check to see if we are allowing users in this group to log in?
if ($arrLdapGrp['enabled']) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Checking Group " . $ldapGrpName);
}
// get the group name and check group membership
if ($objLdapAuth->checkGroupByName($ldapGrpName, $ldapauth['ldaptype'], $ldapauth['ldapgroupcontainer'], $ldapauth['ldapmemberfield'], $ldapauth['ldapmemberfieldtype'])) {
if ($match) {
if ($currentGroupLevel < $arrLdapGrp['rsGroup']) {
$nuser['usergroup'] = $arrLdapGrp['rsGroup'];
$currentGroupLevel = $arrLdapGrp['rsGroup'];
}
} else {
$match = true;
$nuser['usergroup'] = $arrLdapGrp['rsGroup'];
$currentGroupLevel = $arrLdapGrp['rsGroup'];
}
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Match found in group " . $ldapGrpName);
}
}
}
}
// if we haven't managed to find a group match that is allowed to log into RS, then
// we return false! - we ned to modify this to use the group set if group based is not enabled!
if (!$match) {
return false;
}
// Create the user
if ($ldap_debug) {
error_log(__METHOD__ . " " . __LINE__ . " Creating User: "******" " . __LINE__ . " User Ref: " . $ref);
}
if (!$ref) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Group based User creation ref NOT RETURNED, SOMETHING WEIRD HAPPENED!");
}
return false;
# Shouldn't ever get here. Something strange happened
}
// Update with information from LDAP
sql_query('update user set password="******", fullname="' . $nuser['fullname'] . '", email="' . $nuser['email'] . '", usergroup="' . $nuser['usergroup'] . '", comments="Auto create from LDAP" where ref="' . $ref . '"');
$username = $nuser['username'];
$password = $nuser['password'];
$password_hash = $nuser['password'];
// now unbind
$objLdapAuth->unBind();
if ($ldap_debug) {
error_log(__METHOD__ . " " . __LINE__ . " returning true : successful user creation!");
}
return true;
} else {
// non group based user creation.
$ref = new_user($nuser['username']);
if (!$ref) {
if ($ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " NON Group based User creation ref NOT RETURNED, SOMETHING WEIRD HAPPENED!");
}
return false;
# Shouldn't ever get here. Something strange happened
}
// Update with information from LDAP
sql_query('update user set password="******", fullname="' . $nuser['fullname'] . '", email="' . $nuser['email'] . '", usergroup="' . $ldapauth['newusergroup'] . '", comments="Auto create from LDAP" where ref="' . $ref . '"');
$username = $nuser['username'];
$password = $nuser['password'];
}
}
} else {
// username / password is wrong!
return false;
}
}
return false;
}
}
}
}
if (isset($_GET['userdel'])) {
if (delete_user($_GET) == TRUE) {
$message['text'] = $lang['admin_del_user_error'];
$message['color'] = 'red';
} else {
header('Location: index.php?page=main' . $multi_get . '#tabs-3');
exit;
}
}
if (isset($_POST['edituser'])) {
$message = edit_user($_POST);
}
if (isset($_POST['newuser'])) {
if (new_user($_POST) == TRUE) {
$message['text'] = $lang['admin_new_user_error_1'] . ' ' . $_POST['user'];
$message['color'] = 'red';
} else {
$message['text'] = $lang['admin_new_user_confirm_1'] . ' ' . $_POST['user'] . ' ' . $lang['admin_new_user_confirm_2'];
$message['color'] = 'green';
}
}
if (isset($_POST['fileup'])) {
$target_path = ROOT_DIR . '/tabs/';
$target_path = $target_path . basename($_FILES['uploadedfile']['name']);
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
chmod($target_path, 777);
$message['text'] = $lang['admin_msg_upl_1'] . ' ' . basename($_FILES['uploadedfile']['name']) . ' ' . $lang['admin_msg_upl_2'];
$message['color'] = 'green';
} else {
function user_cred($query = array())
{
$db = db_connect();
$user_info = $query;
//The incoming POST array from the login form.
// New account form validation and processing. If the new_user variable is set, test the form inputs and then process.
if (isset($_GET['new_user']) && $_GET['new_user'] == 1) {
$name_test = $user_info['username'];
if ($name_test != null && $name_test != '') {
$user_name = $name_test;
} elseif (($name_test == '' || $name_test == null) && isset($_POST['email'])) {
$_SESSION['valid']['name'] = 'name_error';
$url = "http://" . $_SERVER['HTTP_HOST'] . "/cart02/cart.php?register_new=1";
header("Location: " . $url) or die("didn't redirect from login");
}
$user_email = $_POST['email'];
if ($user_email && $user_email != null) {
$email_check = filter_var($user_email, FILTER_VALIDATE_EMAIL);
}
if ($user_email == null || $email_check != true) {
$_SESSION['valid']['email'] = 'email_error';
$url = "http://" . $_SERVER['HTTP_HOST'] . "/cart02/cart.php?register_new=1";
header("Location: " . $url) or die("didn't redirect from login");
}
$user_pw = $user_info['password'];
if ($user_pw == null or !isset($user_pw)) {
$_SESSION['valid']['password'] = '******';
$url = "http://" . $_SERVER['HTTP_HOST'] . "/cart02/cart.php?register_new=1";
header("Location: " . $url) or die("didn't redirect from login");
}
// If there are no form errors caught by the above if statements, register the user in the accounts table of
// the dB.
new_user($user_name, $user_email, $user_pw);
ob_clean();
$url = "http://" . $_SERVER['HTTP_HOST'] . "/cart02/cart.php";
header("Location: " . $url) or die("didn't redirect from login");
}
$username = $_POST['username'];
$pw = $_POST['password'];
$pass_error = 0;
$cred_command = "SELECT * FROM accounts WHERE username = '******';";
$cred_results = $db->query($cred_command);
$cred_data = $cred_results->fetch_object();
// If username exists, and password exists, and they match a record in the dB, log in the user.
if (isset($cred_data->username) && $cred_data->username == $username) {
if ($cred_data->password == $pw) {
if (isset($cred_data->admin)) {
$_SESSION['admin'] = 1;
}
$_SESSION['sign_in'] = 1;
$_SESSION['username'] = $username;
$url = "http://" . $_SERVER['HTTP_HOST'] . "/cart02/cart.php";
ob_clean();
header("Location: " . $url) or die("didn't redirect from login");
} elseif ($cred_data->username == $username && $cred_data->password != $pw) {
if ($pass_error == 1) {
echo '<span class="form_error">The password you entered is not correct</span>';
}
}
}
}
} else {
echo "-1";
}
} else {
if ($action == 1) {
$phone = $_POST['phone'];
$password = $_POST['password'];
$user = login_phone($phone, $password, $con);
//var_dump($user);
echo urldecode(json_encode($user));
} else {
$uid = $_POST['uid'];
$app = $_POST['app'];
// 0 -> qq, 1 -> weibo, 2 -> weixin
if (login_other($uid, $app, $con) == -1) {
new_user($uid, $app, $con);
}
echo urldecode(json_encode(login_other($uid, $app, $con)));
}
}
function login_phone($phone, $password, $con)
{
//echo $phone."+".$password."\n";
$sql = "SELECT * FROM user WHERE phone = '" . $phone . "'";
$result = mysql_query($sql, $con);
$row = mysql_fetch_assoc($result);
$psw = $row['password'];
if ($psw == $password) {
return $row;
}
return -1;
function HookSimpleldapAllExternalauth($uname, $pword){
global $simpleldap;
global $username;
global $password_hash, $email_attribute, $phone_attribute;
// oops - the password is getting escaped earlier in the process, and we don't want that
// when it goes to the ldap server. So remove the slashes for this purpose.
$pword = stripslashes($pword);
$auth = false;
if ($uname != "" && $pword != "") {
$userinfo = simpleldap_authenticate($uname, $pword);
//print_r($userinfo);
if ($userinfo) { $auth = true; }
}
if ($auth) {
$usersuffix = $simpleldap['usersuffix'];
$username=escape_check($uname . "." . $usersuffix);
$password_hash= md5("RS".$username.$pword);
$userid = sql_value("select ref value from user where username='******'",0);
$email=escape_check($userinfo["email"]);
$phone=escape_check($userinfo["phone"]);
$displayname=escape_check($userinfo['displayname']);
debug ("LDAP - got user details email: " . $email . ", telephone: " . $phone);
// figure out group
$group = $simpleldap['fallbackusergroup'];
$grouplist = sql_query("select * from simpleldap_groupmap");
if (count($grouplist)>0){
for ($i = 0; $i < count($grouplist); $i++){
if (($userinfo['group'] == $grouplist[$i]['ldapgroup']) && is_numeric($grouplist[$i]['rsgroup'])){
$group = $grouplist[$i]['rsgroup'];
}
}
}
if ($userid > 0){
// user exists, so update info
if($simpleldap['update_group'])
{
sql_query("update user set password = '******', usergroup = '$group', fullname='$displayname', email='$email', telephone='$phone' where ref = '$userid'");
}
else
{
sql_query("update user set password = '******', fullname='$displayname', email='$email', telephone='$phone' where ref = '$userid'");
}
return true;
} else {
// user authenticated, but does not exist, so create if necessary
if ($simpleldap['createusers']){
// Create the user
$ref=new_user($username);
if (!$ref) { echo "returning false!"; exit; return false;} // this shouldn't ever happen
// Update with information from LDAP
sql_query("update user set password='******', fullname='$displayname',email='$email',telephone='$phone',usergroup='$group',comments='Auto create from SimpleLDAP.' where ref='$ref'");
return true;
} else {
// user creation is disabled, so return false
return false;
}
}
} else {
// user is not authorized
return false;
}
}
/**
* Store the new user and display all users again
*/
function new_user_save()
{
global $Pivot_Vars, $Cfg, $Users;
// check against unauthorised direct access.
check_csrf();
$userfields = get_userfields(1);
if (CheckInput($Pivot_Vars['username'], 2, 0) == 1) {
$userfields[0][2] = lang('userinfo', 'username_too_short');
$Piverr++;
} elseif (CheckInput($Pivot_Vars['username'], 2, 0) == 0) {
$userfields[0][2] = lang('userinfo', 'username_not_valid');
$Piverr++;
}
if (isset($Users[$Pivot_Vars['username']])) {
$userfields[0][2] = lang('userinfo', 'username_in_use');
$Piverr++;
}
if (ltrim(rtrim(strtolower($Pivot_Vars['pass1']))) != ltrim(rtrim(strtolower($Pivot_Vars['pass2'])))) {
$userfields[2][2] = lang('userinfo', 'pass_dont_match');
$Piverr++;
}
if (CheckInput($Pivot_Vars['pass1'], 4, 0) == 1) {
$userfields[1][2] = lang('userinfo', 'pass_too_short');
$Piverr++;
}
if ($Piverr > 0) {
$userfields[0][4] = $Pivot_Vars['username'];
$userfields[3][6] = $Pivot_Vars['userlevel'];
new_user(1, $userfields);
} else {
if ($Pivot_Vars['userlevel'] == 3 && $Pivot_Vars['confirmed'] != 1) {
$vars = array('username', $Pivot_Vars['username'], 'pass1', $Pivot_Vars['pass1'], 'pass2', $Pivot_Vars['pass2'], 'email', $Pivot_Vars['email'], 'userlevel', $Pivot_Vars['userlevel']);
ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $Pivot_Vars['username']));
} elseif ($Pivot_Vars['userlevel'] < 3 || $Pivot_Vars['confirmed'] == 1) {
$Users[$Pivot_Vars['username']]['pass'] = md5($Pivot_Vars['pass1']);
$Users[$Pivot_Vars['username']]['email'] = $Pivot_Vars['email'];
$Users[$Pivot_Vars['username']]['userlevel'] = $Pivot_Vars['userlevel'];
$Users[$Pivot_Vars['username']]['language'] = $Pivot_Vars['language'];
$Users[$Pivot_Vars['username']]['wysiwyg'] = $Pivot_Vars['wysiwyg'];
$Users[$Pivot_Vars['username']]['username'] = $Pivot_Vars['username'];
$Users[$Pivot_Vars['username']]['nick'] = $Pivot_Vars['username'];
$Users[$Pivot_Vars['username']]['view'] = $Pivot_Vars['view'];
$Cfg['users'] .= '|' . $Pivot_Vars['username'];
// set the categories.,
$cats = cfg_cats();
foreach ($cats as $category) {
$allowed_users = explode("|", $Cfg['cat-' . $category['name']]);
if (isset($Pivot_Vars['allowed'][urlencode($category['name'])])) {
// add the user (and ensure it's only added once) ..
$allowed_users[] = $Pivot_Vars['username'];
$allowed_users = array_unique($allowed_users);
} else {
// remove the user (in case the same name have been used and
// assigned to this category before)
if (in_array($Pivot_Vars['username'], $allowed_users)) {
foreach ($allowed_users as $key => $user) {
if ($user == $Pivot_Vars['username']) {
unset($allowed_users[$key]);
}
}
}
}
$Cfg['cat-' . $category['name']] = implode("|", $allowed_users);
}
SaveSettings();
see_users();
}
}
}
<?php
# This file is part of OpenPool.
#
# OpenPool is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# OpenPool is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with OpenPool. If not, see <http://www.gnu.org/licenses/agpl-3.0.html>.
require $_SERVER['DOCUMENT_ROOT'] . "/script/db.php";
if (isset($_POST["email"]) && isset($_POST["password"])) {
if (!new_user($_POST["email"], $_POST["password"])) {
$error = "An error has occured, please try again.";
} else {
header("Location: /profile.php");
}
}
function get_user_id($conn)
{
// check for do not track option
if (getDntStatus()) {
return 0;
}
// check if user_id cookie is set
if (isset($_COOKIE["user_id"])) {
// if so read the id
$id = $_COOKIE["user_id"];
} else {
$id = new_user($conn);
}
// return user id
return $id;
}
$username = fix_string($_POST['username']);
$password1 = fix_string($_POST['pass1']);
$password2 = fix_string($_POST['pass2']);
$email = fix_string($_POST['email']);
if ($password1 != $password2) {
fail();
}
if (!username_valid($username)) {
fail();
}
if (!password_valid($password1)) {
fail();
}
if (!email_valid($email)) {
fail();
}
// need to salt and hash the password first
$password1 = encrypt_password($password1);
$conn = get_conn();
if (!new_user($conn, $username, $password1, $email)) {
$conn->close();
fail();
// username already taken
} else {
log_in($username, 'false');
$conn->close();
go_home();
}
} else {
go_home();
}
<?php
session_start();
error_reporting(E_ERROR);
require_once 'pgp_functions.php';
$dbh;
localConn();
//establish connection
$uid = new_user();
// helper function from pgp_function.php
$_SESSION["user"] = $uid;
$_SESSION['pi1_start_time'] = time();
//start timer
?>
<!DOCTYPE>
<!--Wellesley HCI PGP summer 2014
updated by Claire A. Cerda
Privacy index
-->
<html>
<head>
<title>PGHCI</title>
<!--jQuery & vis.js-->
<script type="text/javascript" charset="utf8" src="scripts/jquery/jquery-1.10.2.js"></script>
<script type="text/javascript" charset="utf8" src="scripts/vis.js"></script>
<!-- jQuery UI -->
function HookPosixldapauthAllExternalauth($uname, $pword)
{
include_once "include/collections_functions.php";
include_once "plugins/posixldapauth/config/config.default.php";
if (file_exists("plugins/posixldapauth/config/config.php"))
{
include_once("plugins/posixldapauth/config/config.php");
}
include_once "plugins/posixldapauth/hooks/ldap_class.php";
global $username;
global $password;
global $password_hash,$use_plugins_manager,$ldapauth;
$debugMode = false;
if ($use_plugins_manager==true)
{
$ldapauth = get_plugin_config("posixldapauth");
if ($ldapauth==null || $ldapauth['enable']==false)
{
return false;
}
if (!isset($ldapauth['ldapgroupcontainer']))
{
$ldapauth['ldapgroupcontainer'] = "";
}
if (!isset($ldapauth['ldapmemberfield']))
{
$ldapauth['ldapmemberfield'] = "";
}
if (!isset($ldapauth['ldapmemberfieldtype']))
{
$ldapauth['ldapmemberfieldtype'] = 0;
}
}
if ($uname != "" && $pword != "")
{
// pass the config to the class
$ldapConf['host'] = $ldapauth['ldapserver'];
$ldapConf['basedn'] = $ldapauth['basedn'];
$objLdapAuth = new ldapAuth($ldapConf);
// connect to the ldap
if ($objLdapAuth->connect())
{
// see if we can bind with the username and password.
if($objLdapAuth->auth($uname,$pword,$ldapauth['ldaptype'],$ldapauth['ldapusercontainer']))
{
if ($debugMode)
{
echo "all.php: line 55 : auth to ldap server is successful \r\n";
}
$auth = true;
// get the user info etc
$userDetails = $objLdapAuth->getUserDetails($uname);
//print_r($userDetails);
if ($debugMode)
{
echo "all.php: line 63 : cn=" . $userDetails["cn"] . "\r\n";
echo "all.php: line 64 : dn=" . $userDetails["dn"] . "\r\n";
}
$user_cn = $userDetails["cn"];
$user_dn = $userDetails["dn"];
/* Now we have the user details, we need to figure out if the user exists in the
RS database allready, in which case we'll update the passsword, or if it's
a new user and create users is set, then we create a new user.
Maybe w should also check groups as well? So if group membership has changed the user will be updated!
*/
$uexists=sql_query('select ref from user where username="******"');
if (count($uexists)>=1)
{
// if we get here, the user has already been added to RS.
$username=$uname.$ldapauth['usersuffix'];
$password_hash= md5("RS".$username.$password);
sql_query('update user set password="******" where username="******"');
// $password=sql_value('select password value from user where username="******"',"");
return true;
}
elseif ($ldapauth['createusers'])
{
// else, is we have specified to create users from the LDAP, we need to get info about the user
// to add them to resource space.
$nuser = array();
// Start Populating User Fields from LDAP
$nuser['username']=$uname.$ldapauth['usersuffix'];
$nuser['fullname']=$user_cn;
if (isset($userDetails["mail"]))
{
$nuser['email']=$userDetails["mail"];
} else {
$nuser['email']="$uname@mail";
}
$nuser['password']=md5("RS". $nuser['username'].$password);
// Set a var so that we can keep track of the group level as we scan the access groups.
$currentGroupLevel = 0;
if ($ldapauth['groupbased'])
{
//echo "group based";
// set match to false as default"
$match = false;
/* At this point we want to do a switch on the type of directory we are authenticing against
so that we can use group matching for the different types of directory layout:
ie, AD uses memberof, OD doesn't!
We also need to check for higher numbered groups, ie if a user is amember of staff, and of admin users,
we need to give them the highest access!
*/
//switch ($ldapauth['ldaptype'])
//{
// case 0:
// Open Directory!
// set the uid, ie the username...
$objLdapAuth->userName = $uname;
// now we cycle through the config array to check groups!
foreach ($ldapauth['groupmap'] as $ldapGrpName => $arrLdapGrp)
{
// check to see if we are allowing users in this group to log in?
if ($arrLdapGrp['enabled'])
{
// get the group name and check group membership
if ($objLdapAuth->checkGroupByName($ldapGrpName,$ldapauth['ldaptype'],$ldapauth['ldapgroupcontainer'],$ldapauth['ldapmemberfield'],$ldapauth['ldapmemberfieldtype']))
{
if ( $match )
{
if ($currentGroupLevel < $arrLdapGrp['rsGroup'])
{
$nuser['usergroup'] = $arrLdapGrp['rsGroup'];
$currentGroupLevel = $arrLdapGrp['rsGroup'];
}
} else {
$match = true;
$nuser['usergroup'] = $arrLdapGrp['rsGroup'];
$currentGroupLevel = $arrLdapGrp['rsGroup'];
}
}
}
}
//break;
//case 1:
// Active Directory - memberof?
/* These are the steps we need to take:
1. Connect
2. Bind using the supplied credentials - or maybe we don't as the user will have bound!
3. Get the users info and check 'member of' field
4. compare to enabled groups.
*/
/*
break;
case 2:
// Novell
break;
}*/
// if we haven't managed to find a group match that is allowed to log into RS, then
// we return false! - we ned to modify this to use the group set if group based is not enabled!
if (!($match)) return false;
// Create the user
$ref=new_user($nuser['username']);
if (!$ref) return false; # Shouldn't ever get here. Something strange happened
// Update with information from LDAP
sql_query('update user set password="******", fullname="'.$nuser['fullname'].'", email="'.$nuser['email'].'", usergroup="'.
$nuser['usergroup'].'", comments="Auto create from LDAP" where ref="'.$ref.'"');
$username=$nuser['username'];
$password=$nuser['password'];
// now unbind
$objLdapAuth->unBind();
return true;
}
}
} else {
// username / password is wrong!
return false;
}
}
return false;
}
}
if (!isset($_SESSION['userdata'][$k])) {
$_SESSION['userdata'][$k] = $v;
}
}
$_SESSION['userdata'] = hesk_stripArray($_SESSION['userdata']);
/* What should we do? */
if ($action = hesk_REQUEST('a')) {
if ($action == 'reset_form') {
$_SESSION['edit_userdata'] = TRUE;
header('Location: ./manage_users.php');
} elseif ($action == 'edit') {
edit_user();
} elseif (defined('HESK_DEMO')) {
hesk_process_messages($hesklang['ddemo'], 'manage_users.php', 'NOTICE');
} elseif ($action == 'new') {
new_user();
} elseif ($action == 'save') {
update_user();
} elseif ($action == 'remove') {
remove();
} elseif ($action == 'autoassign') {
toggle_autoassign();
} else {
hesk_error($hesklang['invalid_action']);
}
} else {
/* If one came from the Edit page make sure we reset user values */
if (isset($_SESSION['save_userdata'])) {
$_SESSION['userdata'] = $default_userdata;
unset($_SESSION['save_userdata']);
}
function handle_reset()
{
$device = @$_GET['device'];
if (empty($device)) {
$device = get_device();
}
if (empty($device)) {
return 'no device';
}
//删除保存了的在线列表
mmc_array_del(NS_DEVICE_LIST, $device);
//删除保存了的账户信息
$mem = api_open_mmc();
$mem->ns_delete(NS_BINDED_LIST, $device);
$mem->ns_delete(NS_BINDED_CAPTION, $device);
foreach (mmc_array_keys(NS_BINDING_LIST) as $platform) {
$ns_bind_list = NS_BINDING_LIST . $platform;
mmc_array_del($ns_bind_list, $device);
}
//删除保存了的计划任务消息记录
$mem->ns_delete(NS_SCHED_DEVICE, $device);
$mem->ns_delete(NS_PLANS_DEVICE, $device);
new_user($device, time() + COOKIE_TIMEOUT_NEW);
//清空cookie
unset($_COOKIE[COOKIE_DEVICE_SAVED]);
setcookie(COOKIE_DEVICE_SAVED, '', time() - 3600, '/', COOKIE_DOMAIN);
return 'succeed';
}
<?php
include_once "include/default_lib.inc.php";
include_once "base/dbauth.php";
if (strlen($user) && strlen($passwd)) {
if (!new_user($user, $passwd)) {
print libACCOUNTEXIST;
print "<a href=\"createaccount.php\">" . libRETURN . "</a>";
} else {
print libACCOUNTCREATED;
print "<a href=\"index.php\">" . libRETURN . "</a>";
}
}
?>
<div class=authentif>
<form action="createaccount.php" method="post">
<label for="user"><?php
print libLOGIN;
?>
</label>
<input type="text" id="user" name="user">
<label for="passwd"><?php
print libPASSWD;
?>
</label>
<input type="password" id="passwd" name="passwd">
<input type="submit" value="<?php
print libCREERCOMPTE;
?>
">
</form>
