ldap-user-manager/www/log_in/index.php

<?php

set_include_path( ".:" . __DIR__ . "/../includes/");

include "web_functions.inc.php";
include "ldap_functions.inc.php";

if (isset($_GET["unauthorised"])) { $display_unauth = TRUE; }
if (isset($_GET["session_timeout"])) { $display_logged_out = TRUE; }
if (isset($_GET["redirect_to"])) { $redirect_to = $_GET["redirect_to"]; }

if (isset($_GET['logged_out'])) {
?>
<div class="alert alert-warning">
<p class="text-center">You've been automatically logged out because you've been inactive for over
<?php print $SESSION_TIMEOUT; ?> minutes. Click on the 'Log in' link to get back into the system.</p>
</div>
<?php
}


if (isset($_POST["user_id"]) and isset($_POST["password"])) {

 $ldap_connection = open_ldap_connection();
 $account_id = ldap_auth_username($ldap_connection,$_POST["user_id"],$_POST["password"]);
 $is_admin = ldap_is_group_member($ldap_connection,$LDAP['admins_group'],$account_id);

 ldap_close($ldap_connection);

 if ($account_id != FALSE) {

  set_passkey_cookie($account_id,$is_admin);
  if (isset($_POST["redirect_to"])) {
   header("Location: //{$_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");
  }
  else {
   if ($IS_ADMIN) { $default_module = "account_manager"; } else { $default_module = "change_password"; }
   header("Location: //{$_SERVER['HTTP_HOST']}{$SERVER_PATH}$default_module?logged_in\n\n");
  }
 }
 else {
  header("Location: //{$_SERVER['HTTP_HOST']}{$THIS_MODULE_PATH}/index.php?invalid\n\n");
 }

}
else {

 render_header("$ORGANISATION_NAME account manager - log in");

 ?>
<div class="container">
 <div class="col-sm-8 col-sm-offset-2">

  <div class="panel panel-default">
   <div class="panel-heading text-center">Log in</div>
   <div class="panel-body text-center">

   <?php if (isset($display_unauth)) { ?>
   <div class="alert alert-warning">
    Please log in to continue
   </div>
   <?php } ?>

   <?php if (isset($display_logged_out)) { ?>
   <div class="alert alert-warning">
    You were logged out because your session expired. Log in again to continue.
   </div>
   <?php } ?>

   <?php if (isset($_GET["invalid"])) { ?>
   <div class="alert alert-warning">
    The username and/or password are unrecognised.
   </div>
   <?php } ?>

   <form class="form-horizontal" action='' method='post'>
    <?php if (isset($redirect_to) and ($redirect_to != "")) { ?><input type="hidden" name="redirect_to" value="<?php print htmlspecialchars($redirect_to); ?>"><?php } ?>

    <div class="form-group">
     <label for="username" class="col-sm-4 control-label"><?php print $SITE_LOGIN_FIELD_LABEL; ?></label>
     <div class="col-sm-6">
      <input type="text" class="form-control" id="user_id" name="user_id">
     </div>
    </div>

    <div class="form-group">
     <label for="password" class="col-sm-4 control-label">Password</label>
     <div class="col-sm-6">
      <input type="password" class="form-control" id="confirm" name="password">
     </div>
    </div>

    <div class="form-group">
     <button type="submit" class="btn btn-default">Log in</button>
    </div>

   </form>
  </div>
 </div>
</div>
<?php
}
render_footer();
?>
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<?php`

Code tidy, encode URLs and add no-https option 2020-01-10 12:01:31 +00:00			`set_include_path( ".:" . __DIR__ . "/../includes/");`

			`include "web_functions.inc.php";`
			`include "ldap_functions.inc.php";`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00			`if (isset($_GET["unauthorised"])) { $display_unauth = TRUE; }`
			`if (isset($_GET["session_timeout"])) { $display_logged_out = TRUE; }`
			`if (isset($_GET["redirect_to"])) { $redirect_to = $_GET["redirect_to"]; }`

			`if (isset($_GET['logged_out'])) {`
			`?>`
			`<div class="alert alert-warning">`
			`<p class="text-center">You've been automatically logged out because you've been inactive for over`
			`<?php print $SESSION_TIMEOUT; ?> minutes. Click on the 'Log in' link to get back into the system.</p>`
			`</div>`
			`<?php`
			`}`


Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`if (isset($_POST["user_id"]) and isset($_POST["password"])) {`

			`$ldap_connection = open_ldap_connection();`
Add ability to define which LDAP attribute is used to log in. (#212) 2023-07-20 16:23:52 +01:00			`$account_id = ldap_auth_username($ldap_connection,$_POST["user_id"],$_POST["password"]);`
			`$is_admin = ldap_is_group_member($ldap_connection,$LDAP['admins_group'],$account_id);`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`ldap_close($ldap_connection);`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
Add ability to define which LDAP attribute is used to log in. (#212) 2023-07-20 16:23:52 +01:00			`if ($account_id != FALSE) {`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
Add ability to define which LDAP attribute is used to log in. (#212) 2023-07-20 16:23:52 +01:00			`set_passkey_cookie($account_id,$is_admin);`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00			`if (isset($_POST["redirect_to"])) {`
fix string deprecation (#184) 2023-01-10 10:51:18 +01:00			`header("Location: //{$_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`}`
			`else {`
Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`if ($IS_ADMIN) { $default_module = "account_manager"; } else { $default_module = "change_password"; }`
fix string deprecation (#184) 2023-01-10 10:51:18 +01:00			`header("Location: //{$_SERVER['HTTP_HOST']}{$SERVER_PATH}$default_module?logged_in\n\n");`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`}`
			`}`
			`else {`
fix string deprecation (#184) 2023-01-10 10:51:18 +01:00			`header("Location: //{$_SERVER['HTTP_HOST']}{$THIS_MODULE_PATH}/index.php?invalid\n\n");`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`}`

			`}`
			`else {`

Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`render_header("$ORGANISATION_NAME account manager - log in");`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
			`?>`
			`<div class="container">`
Next release (#151) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. * Add support for consuming docker / kubernetes secrets passed as _FILE environment variables (#136) * mod: condense Dockerfile * add: _FILE feature add: list of sensitive env_vars * mod: sorted env_var list * add: complete current env_var list * fix: formatting * mod: revert Dockerfile to prev. version * mod: updated comment to be more descriptive mod: rename variables to be more descriptive * rem: list of env_var; no longer needed. mod: env_file_replace function ^ search for all <env_var>_FILE variables and replace ^ <env_var> if the file exists and is not empty mod: env_file_replace comment Co-authored-by: pyunramura <jeremy.cummings@live.com> * Update the README with information on using _FILE * Change username regex variables * Named server certs, as suggested by @huzvar * Update LDAP filter method as suggested by @xgaia * Feature/http header username (#120) * Implement Remote Headers Auth * Hide Logout on Remote Sessions * Add Explanation for REMOTRE_HTTP_HEADERS_LOGIN settiing Co-authored-by: Damian Galli <damian.galli@galli.site> * Updated Readme, fixed random number generation for ARM systems, fixed JS to generate the username * Fix issues #124 and #126 * Change badges to buttons for list counts * Don't secretly set displayName * Add Group Additional (#113) * Add doku Group additional. * Read Group additional configuration. * New group add Additional objectclasses * Allow for attributes that take multiple values. * Updated README * Formatting fixes, fix parsing params from account requests, initial code for the simple interface flag. * Add attribute fields for groups and allow user-defined attributes to be displayed. Move alert banner JS to a function. * Update entries with any missing additional objectclasses when updating entries. Update README to describe changes. Initial work to allow file uploads for attributes. * Functionality to upload binary files and display them in the form it's a JPEG. Added a new page to download existing binary content. * Bugfixes for compatibility with older osixia/openldap versions. Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES. * Update version number in README. Co-authored-by: Monsieur X <xgaia@gmx.com> Co-authored-by: pyunramura <35285259+pyunramura@users.noreply.github.com> Co-authored-by: pyunramura <jeremy.cummings@live.com> Co-authored-by: Damian Galli <da.ga@live.de> Co-authored-by: Damian Galli <damian.galli@galli.site> Co-authored-by: huzvar <89766648+huzvar@users.noreply.github.com> 2022-04-12 15:43:21 +01:00			`<div class="col-sm-8 col-sm-offset-2">`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00			`<div class="panel panel-default">`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<div class="panel-heading text-center">Log in</div>`
			`<div class="panel-body text-center">`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
			`<?php if (isset($display_unauth)) { ?>`
			`<div class="alert alert-warning">`
			`Please log in to continue`
			`</div>`
			`<?php } ?>`

			`<?php if (isset($display_logged_out)) { ?>`
			`<div class="alert alert-warning">`
			`You were logged out because your session expired. Log in again to continue.`
			`</div>`
			`<?php } ?>`

Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<?php if (isset($_GET["invalid"])) { ?>`
			`<div class="alert alert-warning">`
			`The username and/or password are unrecognised.`
			`</div>`
			`<?php } ?>`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<form class="form-horizontal" action='' method='post'>`
Bugfixes including SHOW_POSIX_ATTRIBUTES not working for new accounts. 2022-10-10 13:55:14 +01:00			`<?php if (isset($redirect_to) and ($redirect_to != "")) { ?><input type="hidden" name="redirect_to" value="<?php print htmlspecialchars($redirect_to); ?>"><?php } ?>`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<div class="form-group">`
Add ability to define which LDAP attribute is used to log in. (#212) 2023-07-20 16:23:52 +01:00			`<label for="username" class="col-sm-4 control-label"><?php print $SITE_LOGIN_FIELD_LABEL; ?></label>`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<div class="col-sm-6">`
			`<input type="text" class="form-control" id="user_id" name="user_id">`
			`</div>`
			`</div>`

			`<div class="form-group">`
			`<label for="password" class="col-sm-4 control-label">Password</label>`
			`<div class="col-sm-6">`
			`<input type="password" class="form-control" id="confirm" name="password">`
			`</div>`
			`</div>`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<div class="form-group">`
			`<button type="submit" class="btn btn-default">Log in</button>`
			`</div>`
Christmas jingles (#55) * Add account requests, email user on password update, RFC2307BIS autodetection and various bug fixes. * Remove test.php 2020-12-24 18:24:41 +00:00
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`</form>`
			`</div>`
			`</div>`
			`</div>`
			`<?php`
			`}`
			`render_footer();`
			`?>`