2018-06-01 17:10:45 +01:00
< ? php
2020-01-10 12:01:31 +00:00
set_include_path ( " .: " . __DIR__ . " /../includes/ " );
include_once " web_functions.inc.php " ;
include_once " ldap_functions.inc.php " ;
include_once " module_functions.inc.php " ;
2018-06-01 17:10:45 +01:00
2021-03-13 14:11:38 +00:00
$attribute_map = ldap_complete_account_attribute_array ();
2021-07-22 09:12:55 +01:00
if ( isset ( $_POST [ 'setup_admin_account' ]) ) {
2019-02-08 11:28:11 +00:00
$admin_setup = TRUE ;
2020-11-28 18:00:01 +00:00
2019-02-08 11:28:11 +00:00
validate_setup_cookie ();
set_page_access ( " setup " );
2020-11-28 18:00:01 +00:00
2021-08-31 10:15:08 +02:00
$completed_action = " ${ SERVER_PATH } log_in " ;
2019-02-08 11:28:11 +00:00
$page_title = " New administrator account " ;
2021-07-22 09:12:55 +01:00
render_header ( " $ORGANISATION_NAME account manager - setup administrator account " , FALSE );
2019-02-08 11:28:11 +00:00
}
else {
set_page_access ( " admin " );
2021-07-22 09:12:55 +01:00
$completed_action = " ${ THIS_MODULE_PATH } / " ;
2019-02-08 11:28:11 +00:00
$page_title = " New account " ;
2021-07-22 09:12:55 +01:00
$admin_setup = FALSE ;
2019-02-08 11:28:11 +00:00
2021-07-22 09:12:55 +01:00
render_header ( " $ORGANISATION_NAME account manager " );
2019-02-08 11:28:11 +00:00
render_submenu ();
}
2018-06-01 17:10:45 +01:00
2018-06-04 15:20:53 +01:00
$invalid_password = FALSE ;
$mismatched_passwords = FALSE ;
$invalid_username = FALSE ;
$weak_password = FALSE ;
2019-02-08 11:28:11 +00:00
$invalid_email = FALSE ;
2020-12-24 18:24:41 +00:00
$disabled_email_tickbox = TRUE ;
2021-03-13 14:11:38 +00:00
$invalid_cn = FALSE ;
2021-07-22 09:12:55 +01:00
$invalid_account_identifier = FALSE ;
2021-03-13 14:11:38 +00:00
$new_account_r = array ();
foreach ( $attribute_map as $attribute => $attr_r ) {
if ( isset ( $_POST [ $attribute ])) {
$$attribute = filter_var ( $_POST [ $attribute ], FILTER_SANITIZE_STRING );
}
elseif ( isset ( $attr_r [ 'default' ])) {
$$attribute = $attr_r [ 'default' ];
}
2021-07-22 09:12:55 +01:00
if ( isset ( $$attribute )) { $new_account_r [ $attribute ] = $$attribute ; }
2021-03-13 14:11:38 +00:00
}
##
2018-06-01 17:10:45 +01:00
2020-12-24 18:24:41 +00:00
if ( isset ( $_GET [ 'account_request' ])) {
2020-11-28 18:00:01 +00:00
2021-03-13 14:11:38 +00:00
$givenname = filter_var ( $_GET [ 'first_name' ], FILTER_SANITIZE_STRING );
$new_account_r [ 'givenname' ] = $givenname ;
$sn = filter_var ( $_GET [ 'last_name' ], FILTER_SANITIZE_STRING );
$new_account_r [ 'sn' ] = $sn ;
2021-07-22 09:12:55 +01:00
$uid = generate_username ( $givenname , $sn );
2021-03-13 14:11:38 +00:00
$new_account_r [ 'uid' ] = $uid ;
if ( $ENFORCE_SAFE_SYSTEM_NAMES == TRUE ) {
$cn = " $givenname $sn " ;
}
else {
$cn = " $givenname $sn " ;
}
$new_account_r [ 'cn' ] = $cn ;
2020-12-24 18:24:41 +00:00
2021-03-13 14:11:38 +00:00
$mail = filter_var ( $_GET [ 'email' ], FILTER_SANITIZE_EMAIL );
if ( $mail == " " ) {
2020-12-24 18:24:41 +00:00
if ( isset ( $EMAIL_DOMAIN )) {
2021-03-13 14:11:38 +00:00
$mail = $uid . " @ " . $EMAIL_DOMAIN ;
2020-12-24 18:24:41 +00:00
$disabled_email_tickbox = FALSE ;
}
}
else {
$disabled_email_tickbox = FALSE ;
}
2021-03-13 14:11:38 +00:00
$new_account_r [ 'mail' ] = $mail ;
2020-12-24 18:24:41 +00:00
}
2020-11-28 18:00:01 +00:00
2018-06-01 17:10:45 +01:00
if ( isset ( $_POST [ 'create_account' ])) {
2021-03-13 14:11:38 +00:00
$password = $_POST [ 'password' ];
$new_account_r [ 'password' ] = $password ;
$account_identifier = $new_account_r [ $LDAP [ " account_attribute " ]];
2021-07-22 09:12:55 +01:00
2021-03-13 14:11:38 +00:00
if ( ! isset ( $cn ) or $cn == " " ) { $invalid_cn = TRUE ; }
if (( ! isset ( $account_identifier ) or $account_identifier == " " ) and $invalid_cn != TRUE ) { $invalid_account_identifier = TRUE ; }
2020-05-22 11:03:23 +01:00
if (( ! is_numeric ( $_POST [ 'pass_score' ]) or $_POST [ 'pass_score' ] < 3 ) and $ACCEPT_WEAK_PASSWORDS != TRUE ) { $weak_password = TRUE ; }
2021-03-13 14:11:38 +00:00
if ( isset ( $mail ) and ! is_valid_email ( $mail )) { $invalid_email = TRUE ; }
2018-06-04 15:20:53 +01:00
if ( preg_match ( " / \" |'/ " , $password )) { $invalid_password = TRUE ; }
2021-03-13 14:11:38 +00:00
if ( $password != $_POST [ 'password_match' ]) { $mismatched_passwords = TRUE ; }
if ( $ENFORCE_SAFE_SYSTEM_NAMES == TRUE and ! preg_match ( " / $POSIX_REGEX / " , $account_identifier )) { $invalid_account_identifier = TRUE ; }
if ( isset ( $_POST [ 'send_email' ]) and isset ( $mail ) and $EMAIL_SENDING_ENABLED == TRUE ) { $send_user_email = TRUE ; }
2020-11-28 18:00:01 +00:00
2021-03-13 14:11:38 +00:00
if ( isset ( $givenname )
and isset ( $sn )
2018-06-01 17:10:45 +01:00
and isset ( $password )
and ! $mismatched_passwords
and ! $weak_password
and ! $invalid_password
2021-03-13 14:11:38 +00:00
and ! $invalid_account_identifier
and ! $invalid_cn
2019-02-08 11:28:11 +00:00
and ! $invalid_email ) {
2018-06-01 17:10:45 +01:00
$ldap_connection = open_ldap_connection ();
2021-03-13 14:11:38 +00:00
$new_account = ldap_new_account ( $ldap_connection , $new_account_r );
2019-02-08 11:28:11 +00:00
2018-06-01 17:10:45 +01:00
if ( $new_account ) {
2019-02-08 11:28:11 +00:00
2020-11-28 18:00:01 +00:00
$creation_message = " The account was created. " ;
if ( isset ( $send_user_email ) and $send_user_email == TRUE ) {
2021-07-22 09:12:55 +01:00
include_once " mail_functions.inc.php " ;
2020-11-28 18:00:01 +00:00
2021-07-22 09:12:55 +01:00
$mail_body = parse_mail_text ( $new_account_mail_body , $password , $account_identifier , $givenname , $sn );
$mail_subject = parse_mail_text ( $new_account_mail_subject , $password , $account_identifier , $givenname , $sn );
2020-11-28 18:00:01 +00:00
2021-07-22 09:12:55 +01:00
$sent_email = send_email ( $mail , " $givenname $sn " , $mail_subject , $mail_body );
2020-11-30 16:14:53 +00:00
$creation_message = " The account was created " ;
if ( $sent_email ) {
2021-03-27 16:11:11 +00:00
$creation_message .= " and an email sent to $mail . " ;
2020-11-30 16:14:53 +00:00
}
else {
$creation_message .= " but unfortunately the email wasn't sent.<br>More information will be available in the logs. " ;
}
2020-11-28 18:00:01 +00:00
}
2019-02-08 11:28:11 +00:00
if ( $admin_setup == TRUE ) {
2021-03-13 14:11:38 +00:00
$member_add = ldap_add_member_to_group ( $ldap_connection , $LDAP [ 'admins_group' ], $account_identifier );
2019-02-08 11:28:11 +00:00
if ( ! $member_add ) { ?>
< div class = " alert alert-warning " >
2021-03-13 14:11:38 +00:00
< p class = " text-center " >< ? php print $creation_message ; ?> Unfortunately adding it to the admin group failed.</p>
2019-02-08 11:28:11 +00:00
</ div >
< ? php
}
2021-07-22 09:12:55 +01:00
#Tidy up empty uniquemember entries left over from the setup wizard
$USER_ID = " tmp_admin " ;
ldap_delete_member_from_group ( $ldap_connection , $LDAP [ 'admins_group' ], " " );
if ( isset ( $DEFAULT_USER_GROUP )) { ldap_delete_member_from_group ( $ldap_connection , $DEFAULT_USER_GROUP , " " ); }
2019-02-08 11:28:11 +00:00
}
2018-06-01 17:10:45 +01:00
?>
< div class = " alert alert-success " >
2020-11-28 18:00:01 +00:00
< p class = " text-center " >< ? php print $creation_message ; ?> </p>
2018-06-01 17:10:45 +01:00
</ div >
2019-02-08 11:28:11 +00:00
< form action = '<?php print $completed_action; ?>' >
2018-06-01 17:10:45 +01:00
< p align = " center " >
< input type = 'submit' class = " btn btn-success " value = 'Finished' >
</ p >
</ form >
< ? php
render_footer ();
exit ( 0 );
}
else {
2021-03-13 14:11:38 +00:00
?>
2018-06-01 17:10:45 +01:00
< div class = " alert alert-warning " >
2021-03-13 14:11:38 +00:00
< p class = " text-center " > Failed to create the account :</ p >
< pre >
< ? php
print ldap_error ( $ldap_connection ) . " \n " ;
ldap_get_option ( $ldap_connection , LDAP_OPT_DIAGNOSTIC_MESSAGE , $detailed_err );
print $detailed_err ;
?>
</ pre >
2018-06-01 17:10:45 +01:00
</ div >
2019-02-08 11:28:11 +00:00
< ? php
2018-06-01 17:10:45 +01:00
render_footer ();
exit ( 0 );
}
2021-03-13 14:11:38 +00:00
2018-06-01 17:10:45 +01:00
}
}
2021-03-13 14:11:38 +00:00
$errors = " " ;
if ( $invalid_cn ) { $errors .= " <li>The Common Name is required</li> \n " ; }
if ( $invalid_account_identifier ) { $errors .= " <li>The account identifier ( " . $attribute_map [ $LDAP [ 'account_attribute' ]][ 'label' ] . " ) is invalid.</li> \n " ; }
if ( $weak_password ) { $errors .= " <li>The password is too weak</li> \n " ; }
if ( $invalid_password ) { $errors .= " <li>The password contained invalid characters</li> \n " ; }
if ( $invalid_email ) { $errors .= " <li>The email address is invalid</li> \n " ; }
if ( $mismatched_passwords ) { $errors .= " <li>The passwords are mismatched</li> \n " ; }
if ( $invalid_username ) { $errors .= " <li>The username is invalid</li> \n " ; }
2018-06-01 17:10:45 +01:00
2021-03-13 14:11:38 +00:00
if ( $errors != " " ) { ?>
2018-06-01 17:10:45 +01:00
< div class = " alert alert-warning " >
2021-03-13 14:11:38 +00:00
< p class = " text-align: center " >
There were issues creating the account :
< ul >
< ? php print $errors ; ?>
</ ul >
</ p >
2018-06-01 17:10:45 +01:00
</ div >
2021-03-13 14:11:38 +00:00
< ? php
}
2018-06-01 17:10:45 +01:00
2021-03-13 14:11:38 +00:00
render_js_username_check ();
render_js_username_generator ( 'givenname' , 'sn' , 'uid' , 'uid_div' );
render_js_cn_generator ( 'givenname' , 'sn' , 'cn' , 'cn_div' );
render_js_email_generator ( 'uid' , 'mail' );
2018-06-01 17:10:45 +01:00
2021-07-22 09:12:55 +01:00
$tabindex = 1 ;
2018-06-01 17:10:45 +01:00
?>
2021-07-22 09:12:55 +01:00
< script src = " <?php print $SERVER_PATH ; ?>js/zxcvbn.min.js " ></ script >
< script type = " text/javascript " src = " <?php print $SERVER_PATH ; ?>js/zxcvbn-bootstrap-strength-meter.js " ></ script >
2018-06-01 17:10:45 +01:00
< script type = " text/javascript " >
2019-02-08 11:28:11 +00:00
$ ( document ) . ready ( function (){
2018-06-01 17:10:45 +01:00
$ ( " #StrengthProgressBar " ) . zxcvbnProgressBar ({ passwordInput : " #password " });
});
</ script >
2021-07-22 09:12:55 +01:00
< script type = " text/javascript " src = " <?php print $SERVER_PATH ; ?>js/generate_passphrase.js " ></ script >
< script type = " text/javascript " src = " <?php print $SERVER_PATH ; ?>js/wordlist.js " ></ script >
2018-06-01 17:10:45 +01:00
< script >
2019-02-08 11:28:11 +00:00
2018-06-01 17:10:45 +01:00
function check_passwords_match () {
if ( document . getElementById ( 'password' ) . value != document . getElementById ( 'confirm' ) . value ) {
document . getElementById ( 'password_div' ) . classList . add ( " has-error " );
document . getElementById ( 'confirm_div' ) . classList . add ( " has-error " );
}
else {
document . getElementById ( 'password_div' ) . classList . remove ( " has-error " );
document . getElementById ( 'confirm_div' ) . classList . remove ( " has-error " );
}
}
function random_password () {
2019-02-08 11:28:11 +00:00
2018-06-01 17:10:45 +01:00
generatePassword ( 4 , '-' , 'password' , 'confirm' );
$ ( " #StrengthProgressBar " ) . zxcvbnProgressBar ({ passwordInput : " #password " });
}
2019-02-08 11:28:11 +00:00
2018-06-01 17:10:45 +01:00
function back_to_hidden ( passwordField , confirmField ) {
var passwordField = document . getElementById ( passwordField ) . type = 'password' ;
var confirmField = document . getElementById ( confirmField ) . type = 'password' ;
}
2019-02-08 11:28:11 +00:00
2018-06-01 17:10:45 +01:00
</ script >
2020-11-28 18:00:01 +00:00
< script >
2021-03-13 14:11:38 +00:00
function check_email_validity ( mail ) {
2020-11-28 18:00:01 +00:00
2020-12-24 18:24:41 +00:00
var check_regex = < ? php print $JS_EMAIL_REGEX ; ?>
2020-11-28 18:00:01 +00:00
2021-03-13 14:11:38 +00:00
if ( ! check_regex . test ( mail ) ) {
document . getElementById ( " mail_div " ) . classList . add ( " has-error " );
2020-12-24 18:24:41 +00:00
< ? php if ( $EMAIL_SENDING_ENABLED == TRUE ) { ?> document.getElementById("send_email_checkbox").disabled = true;<?php } ?>
2020-11-28 18:00:01 +00:00
}
else {
2021-03-13 14:11:38 +00:00
document . getElementById ( " mail_div " ) . classList . remove ( " has-error " );
2020-12-24 18:24:41 +00:00
< ? php if ( $EMAIL_SENDING_ENABLED == TRUE ) { ?> document.getElementById("send_email_checkbox").disabled = false;<?php } ?>
2020-11-28 18:00:01 +00:00
}
}
</ script >
2018-06-01 17:10:45 +01:00
< div class = " container " >
2020-01-10 12:01:31 +00:00
< div class = " col-sm-8 " >
2018-06-01 17:10:45 +01:00
< div class = " panel panel-default " >
2019-02-08 11:28:11 +00:00
< div class = " panel-heading text-center " >< ? php print $page_title ; ?> </div>
2018-06-01 17:10:45 +01:00
< div class = " panel-body text-center " >
< form class = " form-horizontal " action = " " method = " post " >
2019-02-08 11:28:11 +00:00
< ? php if ( $admin_setup == TRUE ) { ?> <input type="hidden" name="setup_admin_account" value="true"><?php } ?>
2018-06-01 17:10:45 +01:00
< input type = " hidden " name = " create_account " >
< input type = " hidden " id = " pass_score " value = " 0 " name = " pass_score " >
2021-03-13 14:11:38 +00:00
< ? php
2019-02-08 11:28:11 +00:00
2021-03-13 14:11:38 +00:00
foreach ( $attribute_map as $attribute => $attr_r ) {
$label = $attr_r [ 'label' ];
if ( $attribute == $LDAP [ 'account_attribute' ]) { $label = " <strong> $label </strong><sup>*</sup> " ; }
?>
< div class = " form-group " id = " <?php print $attribute ; ?>_div " >
< label for = " <?php print $attribute ; ?> " class = " col-sm-3 control-label " >< ? php print $label ; ?> </label>
2019-02-08 11:28:11 +00:00
< div class = " col-sm-6 " >
2021-07-22 09:12:55 +01:00
< input tabindex = " <?php print $tabindex ; ?> " type = " text " class = " form-control " id = " <?php print $attribute ; ?> " name = " <?php print $attribute ; ?> " value = " <?php if (isset( $ $attribute )) { print $ $attribute ; } ?> " < ? php
if ( isset ( $attr_r [ 'onkeyup' ])) { print " onkeyup= \" ${ attr_r['onkeyup'] } ; \" " ; } ?> >
2018-06-01 17:10:45 +01:00
</ div >
</ div >
2021-03-13 14:11:38 +00:00
< ? php
2021-07-22 09:12:55 +01:00
$tabindex ++ ;
2021-03-13 14:11:38 +00:00
}
?>
2018-06-01 17:10:45 +01:00
< div class = " form-group " id = " password_div " >
2020-01-10 12:01:31 +00:00
< label for = " password " class = " col-sm-3 control-label " > Password </ label >
2018-06-01 17:10:45 +01:00
< div class = " col-sm-6 " >
2021-07-22 09:12:55 +01:00
< input tabindex = " <?php print $tabindex +1; ?> " type = " text " class = " form-control " id = " password " name = " password " onkeyup = " back_to_hidden('password','confirm'); " >
2018-06-01 17:10:45 +01:00
</ div >
< div class = " col-sm-1 " >
2021-07-22 09:12:55 +01:00
< input tabindex = " <?php print $tabindex +2; ?> " type = " button " class = " btn btn-sm " id = " password_generator " onclick = " random_password(); " value = " Generate password " >
2018-06-01 17:10:45 +01:00
</ div >
</ div >
< div class = " form-group " id = " confirm_div " >
2020-01-10 12:01:31 +00:00
< label for = " confirm " class = " col-sm-3 control-label " > Confirm </ label >
2018-06-01 17:10:45 +01:00
< div class = " col-sm-6 " >
2021-07-22 09:12:55 +01:00
< input tabindex = " <?php print $tabindex +3; ?> " type = " password " class = " form-control " id = " confirm " name = " password_match " onkeyup = " check_passwords_match() " >
2018-06-01 17:10:45 +01:00
</ div >
</ div >
2020-12-24 18:24:41 +00:00
< ? php if ( $EMAIL_SENDING_ENABLED == TRUE and $admin_setup != TRUE ) { ?>
2020-11-28 18:00:01 +00:00
< div class = " form-group " id = " send_email_div " >
< label for = " send_email " class = " col-sm-3 control-label " > </ label >
< div class = " col-sm-6 " >
2021-07-22 09:12:55 +01:00
< input tabindex = " <?php print $tabindex +4; ?> " type = " checkbox " class = " form-check-input " id = " send_email_checkbox " name = " send_email " < ? php if ( $disabled_email_tickbox == TRUE ) { print " disabled " ; } ?> > Email these credentials to the user?
2020-11-28 18:00:01 +00:00
</ div >
</ div >
< ? php } ?>
2018-06-01 17:10:45 +01:00
< div class = " form-group " >
2021-07-22 09:12:55 +01:00
< button tabindex = " <?php print $tabindex +5; ?> " type = " submit " class = " btn btn-warning " > Create account </ button >
2018-06-01 17:10:45 +01:00
</ div >
</ form >
< div class = " progress " >
< div id = " StrengthProgressBar " class = " progress-bar " ></ div >
</ div >
2021-03-13 14:11:38 +00:00
< div >< sup >& ast ; </ sup > The account identifier </ div >
2018-06-01 17:10:45 +01:00
</ div >
</ div >
</ div >
</ div >
< ? php
render_footer ();
?>