public function createGroup($groupdata)
{
$result = false;
import('com.solarix.ampoliros.util.Hook');
$hook = new Hook($this->mrAmpDb, 'ampoliros', 'site.group.add');
if ($hook->CallHooks('calltime', $this, array('siteserial' => $this->siteserial, 'groupdata' => $this->groupdata)) == HOOK_RESULT_OK) {
if ($this->groupid == 0 & strlen($groupdata['groupname']) > 0) {
// Check if a group with this name already exists
$groupquery =& $this->mrSiteDb->Execute('SELECT groupname FROM groups WHERE groupname = ' . $this->mrSiteDb->Format_Text($groupdata['groupname']));
if ($groupquery->NumRows() == 0) {
$groupsseq = $this->mrSiteDb->NextSeqValue('groups_id_seq');
$ins = 'INSERT INTO groups ' . 'VALUES ( ' . $groupsseq . ',' . $this->mrSiteDb->Format_Text($groupdata['groupname']) . ')';
$this->mrSiteDb->Execute($ins);
$this->groupid = $groupsseq;
if ($hook->CallHooks('groupadded', $this, array('siteserial' => $this->siteserial, 'groupdata' => $this->groupdata, 'groupid' => $this->groupid)) != HOOK_RESULT_OK) {
$result = false;
}
} else {
import('com.solarix.ampoliros.io.log.Logger');
$log = new Logger(AMP_LOG);
$log->LogEvent('ampoliros.users_library.group_class.creategroup', 'Attempted to create an already existing group', LOGGER_ERROR);
}
} else {
import('com.solarix.ampoliros.io.log.Logger');
$log = new Logger(AMP_LOG);
$log - LogEvent('ampoliros.users_library.group_class.creategroup', 'Invalid groupname or access to a member for a not initialized group object', LOGGER_ERROR);
}
}
return $result;
}
DestroySession();
RedirectToUrl($_SERVER['SCRIPT_NAME'] . '?Result=Failed');
}
// Set Session value - remove domain suffix if UPN was used
if (isEmailAddress($_POST['username'])) {
$username = explode("@", $_POST['username']);
$_SESSION["username"] = $username[0];
} else {
$_SESSION["username"] = $_POST['username'];
}
// Get user's role
$_SESSION["role"] = GetUserRole($connect, $ldap_connections[$_POST['ldap_connection']]);
ldap_unbind($connect);
// Redirect to appropriate url based on role
if ($_SESSION["role"] != "none") {
LogEvent("ldap_login.php", "Main", "User " . $_SESSION["username"] . " succesfully logged on as " . $_SESSION["role"]);
RedirectToUrl("./index.php");
} else {
DestroySession();
RedirectToUrl($_SERVER['SCRIPT_NAME']);
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Open-AudIT Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="expires" content="0">
<meta http-equiv="pragma" content="no-cache">
<link rel="stylesheet" type="text/css" href="ldap_login.css" />
<?php
/**********************************************************************************************************
Module: ldap_logout.php
Description:
Logs user out of current PHP session and redirects the browser to the login page
Change Control:
[Nick Brown] 02/03/2009
Now uses the DestroySession() function from "include_ldap_login_functions.php" which ensures that the session cookie
is removed. Also logs logout event to the Event Log.
**********************************************************************************************************/
session_start();
include "include_config.php";
include "include_lang.php";
include "include_functions.php";
include "include_ldap_login_functions.php";
$user = $_SESSION["username"];
DestroySession();
header('Location: ldap_login.php');
LogEvent("ldap_logout.php", "Main", "User " . $user . " logged out.");
exit;
function AuditSingleLdapPath(&$ldap_path_details)
{
global $db;
DebugEcho($ldap_path_details);
LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"]);
echo "Auditing LDAP Path: " . $ldap_path_details["ldap_base_dn"] . "<br>\n";
// Authenticate
$ldap = ConnectToLdapServer($ldap_path_details["ldap_server"], $ldap_path_details["ldap_user"], $ldap_path_details["ldap_password"]);
if (is_array($ldap)) {
DebugEcho("AuditSingleLdapPath: " . $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server");
LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server");
return;
}
$audit_timestamp = date("YmdHis");
DebugEcho($audit_timestamp);
// Perform user object search and get results
echo "Auditing user accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n";
$ldap_filter = LDAP_USER_FILTER;
$ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "department");
// $ldap_attributes=array("cn,sn,c,l,st,title,postalcode,physicaldeliveryofficename,telephonenumber,givenname,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,co,department,company,streetaddress,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,scriptpath,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,userprincipalname,lockouttime,objectcategory,dscorepropagationdata,dscorepropagationdata,dscorepropagationdata,lastlogontimestamp,mail,manager");
$ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes);
// Update db, ldap_users table
echo "Updating Users table ...<br>\n";
Updateldap_usersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp);
DebugEcho("Total: " . $ldap_results["count"]);
// Perform computer object search and get results
echo "Auditing computer accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n";
$ldap_filter = LDAP_COMPUTER_FILTER;
$ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "operatingSystem", "operatingSystemServicePack");
// $ldap_attributes=array("cn,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,localpolicyflags,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,operatingsystem,operatingsystemversion,operatingsystemservicepack,dnshostname,serviceprincipalname,serviceprincipalname,objectcategory,iscriticalsystemobject,lastlogontimestamp");
$ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes);
// Update db, ldap_computers table
echo "Updating Computers table ...<br>\n";
Updateldap_computersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp);
DebugEcho("Total: " . ReturnDataOrNull($ldap_results["count"]));
// Disconnect LDAP
ldap_unbind($ldap);
// Finally update the ldap_paths table with the audit timestamp
$sql = "UPDATE ldap_paths SET ldap_paths_timestamp='" . $audit_timestamp . "' WHERE ldap_paths.ldap_paths_id='" . $ldap_path_details["ldap_path_id"] . "'";
mysql_query($sql, $db);
}
function DeleteLdapPathXml($db)
{
header("Content-type: text/xml");
LogEvent("admin_config_data.php", "DeleteLdapPathXml", "Path: " . $_GET["ldap_path_id"]);
$response = "<DeleteLdapPath><result>";
// Delete LDAP users that are related to this connection GUID
$sql = "DELETE ldap_users \r\n\tFROM ldap_paths, ldap_users\r\n\tWHERE ldap_users.ou_id=ldap_paths.ldap_paths_id\r\n\tAND ldap_paths.ldap_paths_id='" . $_GET["ldap_path_id"] . "'";
$result = mysql_query($sql, $db);
// Delete LDAP computers that are related to this connection GUID
$sql = "DELETE ldap_computers \r\n\tFROM ldap_paths, ldap_computers\r\n\tWHERE ldap_computers.ldap_computers_path_id=ldap_paths.ldap_paths_id\r\n\tAND ldap_paths.ldap_paths_id='" . $_GET["ldap_path_id"] . "'";
$result = mysql_query($sql, $db);
// Delete LDAP path defined by $_GET["uid"]
$sql = "DELETE FROM ldap_paths\tWHERE ldap_paths.ldap_paths_id='" . $_GET["ldap_path_id"] . "'";
$result = mysql_query($sql, $db);
$response .= $result . "</result></DeleteLdapPath>";
return $response;
}
