function addAuth($name, $auth_class, $sub_start = 'all', $sub_end = 'all')
{
// 10Nov12 EL Add FANNIE_AUTH_ENABLED
global $FANNIE_AUTH_ENABLED;
$sql = dbconnect();
if (!isAlphanumeric($name) or !isAlphanumeric($auth_class) or !isAlphanumeric($sub_start) or !isAlphanumeric($sub_end)) {
return false;
}
$uid = getUID($name);
if (!$uid) {
return $uid;
}
/* 10Nov12 EL Add FANNIE_AUTH_ENABLED test per intent of create-first-user
* call from auth.php to skip validation check.
* auth_enabled() does not return the correct value.
*/
if ($FANNIE_AUTH_ENABLED) {
if (($auth_class == 'admin' || $auth_class == 'sysadmin') && getNumUsers() == 1) {
// skip validation check in
// this instance
} elseif (!validateUser('admin')) {
return false;
}
}
$addQ = $sql->prepare_statement("insert into userPrivs values (?,?,?,?)");
$addR = $sql->exec_statement($addQ, array($uid, $auth_class, $sub_start, $sub_end));
return true;
}
$update_query = $update_query . "egps_username='******' or ";
}
}
//strip trailing 'or' and whitespace
$update_query = substr($update_query, 0, -4);
//echo $delete_query;
$update_result = mysql_query($update_query);
if (!$update_result) {
$error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$update_query}'<BR>";
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//$system_message = $delete_query;
}
//find number of support_members
$iNumSupportMembers = getNumUsers();
if ($iNumSupportMembers == NULL) {
//throw an error
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//find number of support_members online
$iNumSupportMembersOnline = getNumUsersOnline();
if ($iNumSupportMembersOnline == NULL) {
//throw an error
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
}
//get the list of all users...
if (!isset($_GET['iLimit'])) {
$iLimit = 10;
/**
Define any javascript needed
@return A javascript string
function javascript_content(){
$js ="";
return $js;
}
*/
function body_content()
{
global $FANNIE_AUTH_ENABLED;
include '../config.php';
ob_start();
echo showInstallTabs('Authentication');
?>
<form action=InstallAuthenticationPage.php method=post>
<h1 class="install">
<?php
if (!$this->themed) {
echo "<h1 class='install'>{$this->header}</h1>";
}
?>
</h1>
<?php
if (is_writable('../config.php')) {
echo "<div class=\"alert alert-success\"><i>config.php</i> is writeable</div>";
} else {
echo "<div class=\"alert alert-danger;\"><b>Error</b>: config.php is not writeable</div>";
}
?>
<hr />
<p class="ichunk" style="margin-top: 1.0em;">
<b>Authentication enabled</b>
<?php
echo installSelectField('FANNIE_AUTH_ENABLED', $FANNIE_AUTH_ENABLED, array(1 => 'Yes', 0 => 'No'), false, false);
?>
</p><!-- /.ichunk -->
<?php
// Default to Authenticate ("Authenticate Everything") or not.
if ($FANNIE_AUTH_ENABLED) {
echo "<p class='ichunk'>";
echo "<b>Authenticate by default </b>";
echo installSelectField('FANNIE_AUTH_DEFAULT', $FANNIE_AUTH_DEFAULT, array(1 => 'Yes', 0 => 'No'), false, false);
echo "If 'Yes' all Admin utilities will require Login<br />";
echo "If 'No' only those utilities coded for it will require Login";
echo "</p><!-- /.ichunk -->";
}
if ($FANNIE_AUTH_ENABLED) {
if (!function_exists("login")) {
include $FANNIE_ROOT . 'auth/login.php';
}
// if no users exist, offer to create one
if (getNumUsers() == 0) {
$success = False;
if (isset($_REQUEST['newuser']) && isset($_REQUEST['newpass'])) {
$FANNIE_AUTH_ENABLED = False;
// toggle to bypass user checking
$newUser = $_REQUEST['newuser'];
$success = createLogin($_REQUEST['newuser'], $_REQUEST['newpass']);
if ($success) {
echo "<i>User " . $_REQUEST['newuser'] . " created</i><br />";
$FANNIE_AUTH_ENABLED = True;
// toggle enforce error checking
$success = addAuth($_REQUEST['newuser'], 'admin');
if ($success) {
echo "<i>User " . $_REQUEST['newuser'] . " is an admin</i><br />";
echo "You can use these credentials at the <a href='../auth/ui/' target='_aui'>Authentication Interface</a></br />";
echo " Other protected pages may require different credentials.<br />";
$success = addAuth($_REQUEST['newuser'], 'sysadmin');
if ($success) {
echo "<i>User " . $_REQUEST['newuser'] . " is a sysadmin</i><br />";
echo "You can use these credentials at the Installation and Configuration Interface (these pages)</br />";
// populate known privileges table automatically
$db = FannieDB::get($FANNIE_OP_DB);
ob_start();
// don't care about primary key errors
\COREPOS\Fannie\API\data\DataLoad::loadSampleData($db, 'userKnownPrivs');
ob_end_clean();
// loaddata() has no return value; success assumed.
echo "Table {$FANNIE_OP_DB}.userKnownPrivs has been populated with the standard privilege set.<br />";
} else {
echo "<b>Error making user {$newUser} a sysadmin</b><br />";
}
} else {
echo "<b>Error making user {$newUser} an admin</b><br />";
}
} else {
echo "<b>Error creating initial user</b><br />";
}
$FANNIE_AUTH_ENABLED = True;
// toggle enforce error checking
}
if (!$success) {
echo "<br /><i>No users defined. To create an initial admin user,\n enter a username and password below</i><br />";
echo 'Username: <input type="text" name="newuser" /><br />';
echo 'Password: <input type="password" name="newpass" /><br />';
}
} else {
echo "<p class='ichunk'>You can manage Login users and groups via the <a href='../auth/ui/' target='_aui'>Authentication Interface</a>";
echo "</p><!-- /.ichunk -->";
}
echo "<p class='ichunk'><a href='../../documentation/Fannie/developer/auth.html' target='_audoc'>How Authentication Works</a>";
echo "</p><!-- /.ichunk -->";
}
?>
<hr />
<b>Allow shadow logins</b>
<?php
echo installSelectField('FANNIE_AUTH_SHADOW', $FANNIE_AUTH_SHADOW, array(1 => 'Yes', 0 => 'No'), false, false);
if (!file_exists("../auth/shadowread/shadowread")) {
echo "<div class=\"alert alert-danger\"><b>Error</b>: shadowread utility does not exist</div>";
echo "<div class=\"well\">";
echo "shadowread lets Fannie authenticate users agaist /etc/shadow. To create it:";
echo "<pre>\ncd " . realpath('../auth/shadowread') . "\nmake\n </pre>";
echo "</div>";
} else {
$perms = fileperms("../auth/shadowread/shadowread");
if ($perms == 0104755) {
echo "<div class=\"alert alert-success\">shadowread utility has proper permissions</div>";
} else {
echo "<div class=\"alert alert-danger\"><b>Warning</b>: shadowread utility has incorrect permissions</div>";
echo "<div class=\"well\">";
echo "shadowread needs setuid permission. To fix it: ";
echo "<pre>\ncd " . realpath('../auth/shadowread') . "\nsudo make install\n </pre>";
echo "</div>";
}
}
?>
<hr />
<b>Allow LDAP logins</b>
<?php
echo installSelectField('FANNIE_AUTH_LDAP', $FANNIE_AUTH_LDAP, array(1 => 'Yes', 0 => 'No'), false, false);
if (!function_exists("ldap_connect")) {
echo "<div class=\"alert alert-danger\"><b>Warning</b>: PHP install does not have LDAP support enabled</div>";
} else {
echo "<div class=\"alert alert-success\">PHP has LDAP support enabled</div>";
}
?>
<br />
<label>LDAP Server Host</label>
<?php
echo installTextField('FANNIE_LDAP_SERVER', $FANNIE_LDAP_SERVER, '127.0.0.1');
?>
<label>LDAP Port</label>
<?php
echo installTextField('FANNIE_LDAP_PORT', $FANNIE_LDAP_PORT, '389');
?>
<label>LDAP Domain (DN)</label>
<?php
echo installTextField('FANNIE_LDAP_DN', $FANNIE_LDAP_DN, 'ou=People,dc=example,dc=org');
?>
<label>LDAP Username Field</label>
<?php
echo installTextField('FANNIE_LDAP_SEARCH_FIELD', $FANNIE_LDAP_SEARCH_FIELD, 'uid');
?>
<label>LDAP User ID# Field</label>
<?php
echo installTextField('FANNIE_LDAP_UID_FIELD', $FANNIE_LDAP_UID_FIELD, 'uidnumber');
?>
<label>LDAP Real Name Field</label>
<?php
echo installTextField('FANNIE_LDAP_RN_FIELD', $FANNIE_LDAP_RN_FIELD, 'cn');
?>
<hr />
<p>
<button type=submit class="btn btn-default">Save Configuration</button>
</p>
</form>
<?php
return ob_get_clean();
// body_content
}