public function createGroup($groupdata) { $result = false; import('com.solarix.ampoliros.util.Hook'); $hook = new Hook($this->mrAmpDb, 'ampoliros', 'site.group.add'); if ($hook->CallHooks('calltime', $this, array('siteserial' => $this->siteserial, 'groupdata' => $this->groupdata)) == HOOK_RESULT_OK) { if ($this->groupid == 0 & strlen($groupdata['groupname']) > 0) { // Check if a group with this name already exists $groupquery =& $this->mrSiteDb->Execute('SELECT groupname FROM groups WHERE groupname = ' . $this->mrSiteDb->Format_Text($groupdata['groupname'])); if ($groupquery->NumRows() == 0) { $groupsseq = $this->mrSiteDb->NextSeqValue('groups_id_seq'); $ins = 'INSERT INTO groups ' . 'VALUES ( ' . $groupsseq . ',' . $this->mrSiteDb->Format_Text($groupdata['groupname']) . ')'; $this->mrSiteDb->Execute($ins); $this->groupid = $groupsseq; if ($hook->CallHooks('groupadded', $this, array('siteserial' => $this->siteserial, 'groupdata' => $this->groupdata, 'groupid' => $this->groupid)) != HOOK_RESULT_OK) { $result = false; } } else { import('com.solarix.ampoliros.io.log.Logger'); $log = new Logger(AMP_LOG); $log->LogEvent('ampoliros.users_library.group_class.creategroup', 'Attempted to create an already existing group', LOGGER_ERROR); } } else { import('com.solarix.ampoliros.io.log.Logger'); $log = new Logger(AMP_LOG); $log - LogEvent('ampoliros.users_library.group_class.creategroup', 'Invalid groupname or access to a member for a not initialized group object', LOGGER_ERROR); } } return $result; }
DestroySession(); RedirectToUrl($_SERVER['SCRIPT_NAME'] . '?Result=Failed'); } // Set Session value - remove domain suffix if UPN was used if (isEmailAddress($_POST['username'])) { $username = explode("@", $_POST['username']); $_SESSION["username"] = $username[0]; } else { $_SESSION["username"] = $_POST['username']; } // Get user's role $_SESSION["role"] = GetUserRole($connect, $ldap_connections[$_POST['ldap_connection']]); ldap_unbind($connect); // Redirect to appropriate url based on role if ($_SESSION["role"] != "none") { LogEvent("ldap_login.php", "Main", "User " . $_SESSION["username"] . " succesfully logged on as " . $_SESSION["role"]); RedirectToUrl("./index.php"); } else { DestroySession(); RedirectToUrl($_SERVER['SCRIPT_NAME']); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>Open-AudIT Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="expires" content="0"> <meta http-equiv="pragma" content="no-cache"> <link rel="stylesheet" type="text/css" href="ldap_login.css" />
<?php /********************************************************************************************************** Module: ldap_logout.php Description: Logs user out of current PHP session and redirects the browser to the login page Change Control: [Nick Brown] 02/03/2009 Now uses the DestroySession() function from "include_ldap_login_functions.php" which ensures that the session cookie is removed. Also logs logout event to the Event Log. **********************************************************************************************************/ session_start(); include "include_config.php"; include "include_lang.php"; include "include_functions.php"; include "include_ldap_login_functions.php"; $user = $_SESSION["username"]; DestroySession(); header('Location: ldap_login.php'); LogEvent("ldap_logout.php", "Main", "User " . $user . " logged out."); exit;
function AuditSingleLdapPath(&$ldap_path_details) { global $db; DebugEcho($ldap_path_details); LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"]); echo "Auditing LDAP Path: " . $ldap_path_details["ldap_base_dn"] . "<br>\n"; // Authenticate $ldap = ConnectToLdapServer($ldap_path_details["ldap_server"], $ldap_path_details["ldap_user"], $ldap_path_details["ldap_password"]); if (is_array($ldap)) { DebugEcho("AuditSingleLdapPath: " . $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server"); LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server"); return; } $audit_timestamp = date("YmdHis"); DebugEcho($audit_timestamp); // Perform user object search and get results echo "Auditing user accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n"; $ldap_filter = LDAP_USER_FILTER; $ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "department"); // $ldap_attributes=array("cn,sn,c,l,st,title,postalcode,physicaldeliveryofficename,telephonenumber,givenname,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,co,department,company,streetaddress,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,scriptpath,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,userprincipalname,lockouttime,objectcategory,dscorepropagationdata,dscorepropagationdata,dscorepropagationdata,lastlogontimestamp,mail,manager"); $ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes); // Update db, ldap_users table echo "Updating Users table ...<br>\n"; Updateldap_usersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp); DebugEcho("Total: " . $ldap_results["count"]); // Perform computer object search and get results echo "Auditing computer accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n"; $ldap_filter = LDAP_COMPUTER_FILTER; $ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "operatingSystem", "operatingSystemServicePack"); // $ldap_attributes=array("cn,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,localpolicyflags,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,operatingsystem,operatingsystemversion,operatingsystemservicepack,dnshostname,serviceprincipalname,serviceprincipalname,objectcategory,iscriticalsystemobject,lastlogontimestamp"); $ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes); // Update db, ldap_computers table echo "Updating Computers table ...<br>\n"; Updateldap_computersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp); DebugEcho("Total: " . ReturnDataOrNull($ldap_results["count"])); // Disconnect LDAP ldap_unbind($ldap); // Finally update the ldap_paths table with the audit timestamp $sql = "UPDATE ldap_paths SET ldap_paths_timestamp='" . $audit_timestamp . "' WHERE ldap_paths.ldap_paths_id='" . $ldap_path_details["ldap_path_id"] . "'"; mysql_query($sql, $db); }
function DeleteLdapPathXml($db) { header("Content-type: text/xml"); LogEvent("admin_config_data.php", "DeleteLdapPathXml", "Path: " . $_GET["ldap_path_id"]); $response = "<DeleteLdapPath><result>"; // Delete LDAP users that are related to this connection GUID $sql = "DELETE ldap_users \r\n\tFROM ldap_paths, ldap_users\r\n\tWHERE ldap_users.ou_id=ldap_paths.ldap_paths_id\r\n\tAND ldap_paths.ldap_paths_id='" . $_GET["ldap_path_id"] . "'"; $result = mysql_query($sql, $db); // Delete LDAP computers that are related to this connection GUID $sql = "DELETE ldap_computers \r\n\tFROM ldap_paths, ldap_computers\r\n\tWHERE ldap_computers.ldap_computers_path_id=ldap_paths.ldap_paths_id\r\n\tAND ldap_paths.ldap_paths_id='" . $_GET["ldap_path_id"] . "'"; $result = mysql_query($sql, $db); // Delete LDAP path defined by $_GET["uid"] $sql = "DELETE FROM ldap_paths\tWHERE ldap_paths.ldap_paths_id='" . $_GET["ldap_path_id"] . "'"; $result = mysql_query($sql, $db); $response .= $result . "</result></DeleteLdapPath>"; return $response; }