<?
$userId = $_SESSION['user'];
if (!check_rights("2")) {
print_lack_of_privledge_warning();
}
}
?>
<h2>User Management</h2> <p> Adding/Modifying and deleting users ... </p>
<form action="<? print $PHP_SELF; ?>" method="post">
<?
$sessionToken = $_SESSION["token"];
if (($action == 1) && ($sessionToken == $formToken)) {
add_update_user($username, $md5, $password, $firstname, $lastname, $email, $totalGroup, $randomPass);
$sessionToken = $sessionToken + 1;
$_SESSION["token"] = $sessionToken;
}
elseif (($action == 2) && ($sessionToken == $formToken)){
inactivate_user ($username);
$sessionToken = $sessionToken + 1;
$_SESSION["token"] = $sessionToken;
}
?>
<fieldset>
<legend>Current Users </legend>
function verify() {
if (isset($_SESSION['user'])) {
// Return: Already logged in
return true;
}
$userName = $_POST["userName"];
$password = $_POST["md5"];
$userName = sanitize_input($userName,2);
$password = sanitize_input($password,1);
### Disable clear text password. Password is encrypted in the browser with javascript
#$password = $_POST["password"];
// Assuming we have a valid username/password, check LDAP for authentication
if (($userName != "") && ($password != "")) {
$ldapVerified = ldap_auth ($userName, $password);
} else {
// user must log in
$text = "Please login";
write_log_in( $text );
exit;
}
// If LDAP is disabled, use database to authenticate
if ($ldapVerified == -1) {
// verify username/password and log in
$query = "
SELECT id
FROM people
WHERE username = '******'
AND password = '******'
AND status > 0";
$result = run_query($query);
$numMatchingUsers = count($result);
} elseif ($ldapVerified == 0) {
// LDAP is enabled but authentication failed -> deny login
$numMatchingUsers = 0;
} elseif ($ldapVerified == 1) {
// LDAP authentication succeeded
// Remove the domain portion of the username
$shortUserName = get_user_sans_domain($userName);
// Get the userid for the short form of the username after authenticating with domain
$result = get_ldap_userid($shortUserName);
$numMatchingUsers = count($result);
} else {
$msg = "Unable to authenticate: Unknown return code from ldap_auth: ($ldapVerified)";
log_entry ($msg);
die ($msg);
}
if ( ($numMatchingUsers == 0) and ($ldapVerified == 1) ) {
// New user exists in LDAP. Create entry for new user.
$msg = "Creating new user entry for $userName after authenticating with LDAP.";
log_entry($msg);
// Remove the domain portion of the username
$shortUserName = get_user_sans_domain($userName);
// add_update_user($username, $md5, $password, $firstname, $lastname, $email, $totalGroup, $randomPass);
add_update_user($shortUserName, "LDAP", "LDAP", $shortUserName, null,null, "users", null);
$result = get_ldap_userid($shortUserName);
$numMatchingUsers = count($result);
}
if ($numMatchingUsers > 0) {
// Make sure we don't have more than one matching user (should be impossible)
if ($numMatchingUsers > 1) {
$msg = "Error: Multiple users with the same username: $userName";
log_entry ($msg);
die ($msg);
}
$user = implode ("", $result);
// register session variables and log the login
$_SESSION['user'] = $user;
$_SESSION['username'] = $userName;
log_session ("login");
$cmd = "UPDATE people SET last_login = now() WHERE id = $user";
// Get the user's rights and save them in a session var
$query = "
SELECT rights.Actionid
FROM people_groups, rights
WHERE people_groups.userid = '$user'
AND people_groups.groupid = rights.Usergroupid";
$actionId = run_query($query);
$_SESSION['rights'] = $actionId;
run_sql_cmd($cmd);
// Return: successful login
return true;
} elseif (
($numMatchingUsers == 0)
and ( ($ldapVerified == 0) or ($ldapVerified == -1) )
) {
// bad user and password
$_SESSION['badlogin'] = $userName;
log_session ("badlogin");
$text = "Invalid username and/or password";
write_log_in( $text );
exit;
} else {
// This should never happen.
debug_msg ("Unanticipated condition: numMatchingUsers=($numMatchingUsers) and ldapVerified=($ldapVerified)");
$msg = "Error: Unrecoverable condition during login for user ($userName)";
log_entry ($msg);
die ($msg);
}
} // end verify function
