Functionality to upload binary files and display them in the form it's a JPEG. Added a new page to download existing binary content.

2025-01-31 13:59:19 +01:00 · 2022-04-11 15:40:15 +01:00 · 2022-04-11 15:40:15 +01:00 · 529303f22c
commit 529303f22c
parent e46e590c79
7 changed files with 200 additions and 84 deletions
--- a/README.md
+++ b/README.md
@ -344,11 +344,13 @@ LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailAlias+:Email aliases"
 ### Binary attributes
-If you have an attribute that stores the contents of a binary file (for example, a JPEG) then you can add a `^` to the end of the attribute name.  This will modify the form so that this attribute has an upload button.  If a file has already been uploaded then a link to view or download the file will be shown.  For example, to allow you to set a user's photo:
+If you have an attribute that stores the contents of a binary file (for example, a JPEG) then you can add a `^` to the end of the attribute name.  This will modify the form so that this attribute has an upload button.  If a JPEG has already been uploaded then it will display the image.  Otherwise the mime-type is displayed and there's a link for downloading the file.  For example, to allow you to set a user's photo:
 ```
 LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Photograph"
 ```
 The maximum filesize you can upload is 2MB.
 ### Caveat
--- a/www/account_manager/download.php
+++ b/www/account_manager/download.php
@ -0,0 +1,41 @@
 <?php
 set_include_path( ".:" . __DIR__ . "/../includes/");
 include_once "web_functions.inc.php";
 include_once "ldap_functions.inc.php";
 include_once "module_functions.inc.php";
 set_page_access("admin");
 if (!isset($_GET['resource_identifier']) or !isset($_GET['attribute'])) {
  exit(0);
 }
 else {
  $this_resource=ldap_escape($_GET['resource_identifier'], "", LDAP_ESCAPE_FILTER);
  $this_attribute=ldap_escape($_GET['attribute'], "", LDAP_ESCAPE_FILTER);
 }
 $exploded = ldap_explode_dn($this_resource,0);
 $filter = $exploded[0];
 $ldap_connection = open_ldap_connection();
 $ldap_search_query="($filter)";
 $ldap_search = ldap_search($ldap_connection, $this_resource, $ldap_search_query,array($this_attribute));
 if ($ldap_search) {
  $records = ldap_get_entries($ldap_connection, $ldap_search);
  if ($records['count'] == 1) {
    $this_record = $records[0];
      if (isset($this_record[$this_attribute][0])) {
        header("Content-Type: application/octet-stream");
        header("Cache-Control: no-cache private");
        header("Content-Transfer-Encoding: Binary");
        header("Content-disposition: attachment; filename='${this_resource}.${this_attribute}'");
        header("Content-Length: ". strlen($this_record[$this_attribute][0]));
        print $this_record[$this_attribute][0];
      }
  }
 }
 ?>
--- a/www/account_manager/new_user.php
+++ b/www/account_manager/new_user.php
@ -13,6 +13,7 @@ if (! array_key_exists($LDAP['account_attribute'], $attribute_map)) {
 }
 if ( isset($_POST['setup_admin_account']) ) {
  $admin_setup = TRUE;
  validate_setup_cookie();
@ -49,6 +50,17 @@ $new_account_r = array();
 foreach ($attribute_map as $attribute => $attr_r) {
  if (isset($_FILES[$attribute]['size']) and $_FILES[$attribute]['size'] > 0) {
    $this_attribute = array();
    $this_attribute['count'] = 1;
    $this_attribute[0] = file_get_contents($_FILES[$attribute]['tmp_name']);
    $$attribute = $this_attribute;
    $new_account_r[$attribute] = $this_attribute;
    unset($new_account_r[$attribute]['count']);
  }
  if (isset($_POST[$attribute])) {
    $this_attribute = array();
@ -323,7 +335,7 @@ $tabindex=1;
   <div class="panel-heading text-center"><?php print $page_title; ?></div>
   <div class="panel-body text-center">
-    <form class="form-horizontal" action="" method="post">
+    <form class="form-horizontal" action="" enctype="multipart/form-data" method="post">
     <?php if ($admin_setup == TRUE) { ?><input type="hidden" name="setup_admin_account" value="true"><?php } ?>
     <input type="hidden" name="create_account">
@ -335,8 +347,8 @@ $tabindex=1;
         if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
         if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
         if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
-         if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
+         if (isset($attr_r['inputtype'])) { $inputtype = $attr_r['inputtype']; } else { $inputtype = ""; }
-         render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple,$tabindex);
+         render_attribute_fields($attribute,$label,$these_values,"",$onkeyup,$inputtype,$tabindex);
         $tabindex++;
       }
     ?>
--- a/www/account_manager/show_group.php
+++ b/www/account_manager/show_group.php
@ -40,6 +40,8 @@ if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$grou
 ######################################################################################
 $initialise_group = FALSE;
 $create_group_message = "Add members to create the new group";
 $attribute_map = $LDAP['default_group_attribute_map'];
 if (isset($LDAP['group_additional_attributes'])) {
  $attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['group_additional_attributes']);
@ -51,7 +53,7 @@ $this_group = array();
 if (isset($_POST['new_group'])) {
  $new_group = TRUE;
  $current_members = array();
-  $full_dn = "Add members to create the new group";
+  $full_dn = $create_group_message;
  $has_been = "";
 }
 elseif (isset($_POST['initialise_group'])) {
@ -78,6 +80,17 @@ foreach ($attribute_map as $attribute => $attr_r) {
    $$attribute = array();
  }
  if (isset($_FILES[$attribute]['size']) and $_FILES[$attribute]['size'] > 0) {
    $this_attribute = array();
    $this_attribute['count'] = 1;
    $this_attribute[0] = file_get_contents($_FILES[$attribute]['tmp_name']);
    $$attribute = $this_attribute;
    $to_update[$attribute] = $this_attribute;
    unset($to_update[$attribute]['count']);
  }
  if (isset($_POST[$attribute])) {
    $this_attribute = array();
@ -305,7 +318,7 @@ ldap_close($ldap_connection);
        <div class="panel-heading clearfix">
          <h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $group_cn; ?><?php if ($group_cn == $LDAP["admins_group"]) { print " <sup>(admin group)</sup>" ; } ?></h3>
          <button class="btn btn-warning pull-right" onclick="show_delete_group_button();" <?php if ($group_cn == $LDAP["admins_group"]) { print "disabled"; } ?>>Delete group</button>
-          <form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
+          <form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post" enctype="multipart/form-data"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
        </div>
        <ul class="list-group">
@ -404,9 +417,9 @@ if (count($attribute_map) > 0) { ?>
              foreach ($attribute_map as $attribute => $attr_r) {
                $label = $attr_r['label'];
                if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
                if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
                print "<div class='row'>";
-                render_attribute_fields($attribute,$label,$these_values,"",$multiple,$tabindex);
+                $dl_identifider = ($full_dn != $create_group_message) ? $full_dn : "";
                render_attribute_fields($attribute,$label,$these_values,$dl_identifider,"",$attr_r['inputtype'],$tabindex);
                print "</div>";
                $tabindex++;
              }
--- a/www/account_manager/show_user.php
+++ b/www/account_manager/show_user.php
@ -50,6 +50,7 @@ $ldap_search = ldap_search( $ldap_connection, $LDAP['user_dn'], $ldap_search_que
 #########################
 if ($ldap_search) {
 $user = ldap_get_entries($ldap_connection, $ldap_search);
@ -65,6 +66,17 @@ if ($ldap_search) {
      $$attribute = array();
    }
    if (isset($_FILES[$attribute]['size']) and $_FILES[$attribute]['size'] > 0) {
      $this_attribute = array();
      $this_attribute['count'] = 1;
      $this_attribute[0] = file_get_contents($_FILES[$attribute]['tmp_name']);
      $$attribute = $this_attribute;
      $to_update[$attribute] = $this_attribute;
      unset($to_update[$attribute]['count']);
    }
    if (isset($_POST['update_account']) and isset($_POST[$attribute])) {
      $this_attribute = array();
@ -441,7 +453,7 @@ if ($ldap_search) {
      <li class="list-group-item"><?php print $dn; ?></li>
    </li>
    <div class="panel-body">
-     <form class="form-horizontal" action="" method="post">
+     <form class="form-horizontal" action="" enctype="multipart/form-data" method="post">
      <input type="hidden" name="update_account">
      <input type="hidden" id="pass_score" value="0" name="pass_score">
@ -451,10 +463,10 @@ if ($ldap_search) {
        foreach ($attribute_map as $attribute => $attr_r) {
          $label = $attr_r['label'];
          if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
          if (isset($attr_r['inputtype'])) { $inputtype = $attr_r['inputtype']; } else { $inputtype = ""; }
          if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
          if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
-          if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
+          render_attribute_fields($attribute,$label,$these_values,$dn,$onkeyup,$inputtype);
          render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple);
        }
      ?>
--- a/www/includes/ldap_functions.inc.php
+++ b/www/includes/ldap_functions.inc.php
@ -733,22 +733,17 @@ function ldap_complete_attribute_array($default_attributes,$additional_attribute
      $this_r = array();
      $kv = explode(":", $this_attr);
      $attr_name = strtolower(filter_var($kv[0], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
      $this_r['inputtype'] = "singleinput";
      if (substr($attr_name, -1) == '+') {
-        $this_r['multiple'] = TRUE;
+        $this_r['inputtype'] = "multipleinput";
        $attr_name = rtrim($attr_name, '+');
      }
      else {
        $this_r['multiple'] = FALSE;
      }
      if (substr($attr_name, -1) == '^') {
-        $this_r['binary'] = TRUE;
+        $this_r['inputtype'] = "binary";
        $attr_name = rtrim($attr_name, '^');
      }
      else {
        $this_r['binary'] = FALSE;
      }
      if (preg_match('/^[a-zA-Z0-9\-]+$/', $attr_name) == 1) {
--- a/www/includes/web_functions.inc.php
+++ b/www/includes/web_functions.inc.php
@ -42,8 +42,6 @@ $DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT),
                                 'samesite' => 'strict'
                               );
 validate_passkey_cookie();
 if ($REMOTE_HTTP_HEADERS_LOGIN) {
  login_via_headers();
 } else {
@ -114,6 +112,9 @@ function validate_passkey_cookie() {
  global $SESSION_TIMEOUT, $IS_ADMIN, $USER_ID, $VALIDATED, $log_prefix, $SESSION_TIMED_OUT, $SESSION_DEBUG;
  $this_time=time();
  $VALIDATED = FALSE;
  unset($USER_ID);
  $IS_ADMIN = FALSE;
  if (isset($_COOKIE['orf_cookie'])) {
@ -121,10 +122,7 @@ function validate_passkey_cookie() {
    $filename = preg_replace('/[^a-zA-Z0-9]/','_', $user_id);
    $session_file = @ file_get_contents("/tmp/$filename");
    if (!$session_file) {
-   $VALIDATED = FALSE;
+      if ($SESSION_DEBUG == TRUE) {  error_log("$log_prefix Session: orf_cookie was sent by the client but the session file wasn't found at /tmp/$filename",0); }
   unset($USER_ID);
   $IS_ADMIN = FALSE;
   if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Session: orf_cookie was sent by the client but the session file wasn't found at /tmp/$filename",0); }
    }
    else {
      list($f_passkey,$f_is_admin,$f_time) = explode(":",$session_file);
@ -132,11 +130,11 @@ function validate_passkey_cookie() {
        if ($f_is_admin == 1) { $IS_ADMIN = TRUE; }
        $VALIDATED = TRUE;
        $USER_ID=$user_id;
-    if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Setup session: Cookie and session file values match for user ${user_id} - VALIDATED (ADMIN = ${IS_ADMIN})",0); }
+        if ($SESSION_DEBUG == TRUE) {  error_log("$log_prefix Setup session: Cookie and session file values match for user ${user_id} - VALIDATED (ADMIN = ${IS_ADMIN})",0); }
        set_passkey_cookie($USER_ID,$IS_ADMIN);
      }
      else {
-    if ( $SESSION_DEBUG == TRUE ) {
+        if ($SESSION_DEBUG == TRUE) {
          $this_error="$log_prefix Session: orf_cookie was sent by the client and the session file was found at /tmp/$filename, but";
          if (empty($c_passkey)) { $this_error .= " the cookie passkey wasn't set;"; }
          if ($c_passkey != $f_passkey) { $this_error .= " the session file passkey didn't match the cookie passkey;"; }
@ -148,15 +146,16 @@ function validate_passkey_cookie() {
  }
  else {
-  if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: orf_cookie wasn't sent by the client.",0); }
+    if ($SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: orf_cookie wasn't sent by the client.",0); }
    if (isset($_COOKIE['sessto_cookie'])) {
      $this_session_timeout = $_COOKIE['sessto_cookie'];
      if ($this_time >= $this_session_timeout) {
        $SESSION_TIMED_OUT = TRUE;
-    if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: The session had timed-out (over $SESSION_TIMEOUT mins idle).",0); }
+        if ($SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: The session had timed-out (over $SESSION_TIMEOUT mins idle).",0); }
      }
    }
  }
 }
@ -621,18 +620,17 @@ function render_dynamic_field_js() {
 ######################################################
-function render_attribute_fields($attribute,$label,$values_r,$onkeyup="",$multiple=FALSE,$tabindex=null) {
+function render_attribute_fields($attribute,$label,$values_r,$resource_identifier,$onkeyup="",$inputtype="",$tabindex=null) {
-?>
+  global $THIS_MODULE_PATH;
  ?>
     <div class="form-group" id="<?php print $attribute; ?>_div">
       <label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
       <div class="col-sm-6" id="<?php print $attribute; ?>_input_div">
-       <?php if ($multiple != TRUE) { ?>
+       <?php if($inputtype == "multipleinput") {
         <input <?php if (isset($tabindex)) { ?>tabindex="<?php print $tabindex; ?>" <?php } ?>type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>" <?php if ($onkeyup != "") { print "onkeyup=\"$onkeyup\""; } ?>>
       <?php }
             else {
             ?><div class="input-group">
                  <input type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>[]" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>">
                  <div class="input-group-btn"><button type="button" class="btn btn-default" onclick="add_field_to('<?php print $attribute; ?>')">+</i></button></div>
@ -645,12 +643,55 @@ function render_attribute_fields($attribute,$label,$values_r,$onkeyup="",$multip
                 print "</script>";
               }
             }
             elseif ($inputtype == "binary") {
               $button_text="Browse";
               $file_button_action="disabled";
               $description="Select a file to upload";
               $mimetype="";
               if (isset($values_r[0])) {
                 $this_file_info = new finfo(FILEINFO_MIME_TYPE);
                 $mimetype = $this_file_info->buffer($values_r[0]);
                 if (strlen($mimetype) > 23) { $mimetype = substr($mimetype,0,19) . "..."; }
                 $description="Download $mimetype file (" . human_readable_filesize(strlen($values_r[0])) . ")";
                 $button_text="Replace file";
                 if ($resource_identifier != "") {
                   $this_url="//${_SERVER['HTTP_HOST']}${THIS_MODULE_PATH}/download.php?resource_identifier=${resource_identifier}&attribute=${attribute}";
                   $file_button_action="onclick=\"window.open('$this_url','_blank');\"";
                 }
               }
               if ($mimetype == "image/jpeg") {
                 $this_image = base64_encode($values_r[0]);
                 print "<img class='img-thumbnail' src='data:image/jpeg;base64,$this_image'>";
                 $description="";
               }
               else {
               ?>
                 <button type="button" <?php print $file_button_action; ?> class="btn btn-default" id="<?php print $attribute; ?>-file-info"><?php print $description; ?></button>
               <?php } ?>
               <label class="btn btn-default">
                 <?php print $button_text; ?><input <?php if (isset($tabindex)) { ?>tabindex="<?php print $tabindex; ?>" <?php } ?>type="file" style="display:none" onchange="$('#<?php print $attribute; ?>-file-info').text(this.files[0].name)" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>">
               </label>
            <?php
            }
            else { ?>
              <input <?php if (isset($tabindex)) { ?>tabindex="<?php print $tabindex; ?>" <?php } ?>type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>" <?php if ($onkeyup != "") { print "onkeyup=\"$onkeyup\""; } ?>>
            <?php
            }
            ?>
       </div>
     </div>
-<?php
+  <?php
 }
 ######################################################
 function human_readable_filesize($bytes) {
  for($i = 0; ($bytes / 1024) > 0.9; $i++, $bytes /= 1024) {}
  return round($bytes, [0,0,1,2,2,3,3,4,4][$i]).['B','kB','MB','GB','TB','PB','EB','ZB','YB'][$i];
 }