Add the ability to set the server path. Get directed to the appropriate module when you log in.

Dockerfile

@@ -1,4 +1,4 @@
-FROM php:7.0-apache
+FROM php:8-apache
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -8,11 +8,7 @@ RUN apt-get update && \
         libpng-dev && \
     rm -rf /var/lib/apt/lists/*
 
-RUN docker-php-ext-configure gd \
-         --enable-gd-native-ttf \
-         --with-freetype-dir=/usr/include/freetype2 \
-         --with-png-dir=/usr/include \
-         --with-jpeg-dir=/usr/include && \
+RUN docker-php-ext-configure gd --with-freetype && \
     docker-php-ext-install -j$(nproc) gd && \
     libdir=$(find /usr -name "libldap.so*" | sed -e 's/\/usr\///' -e 's/\/libldap.so//') && \
     docker-php-ext-configure ldap --with-libdir=$libdir && \

README.md

@@ -85,6 +85,8 @@ Configuration is via environmental variables.  Please bear the following in mind
 
 * `SERVER_HOSTNAME` (default: *ldapusername.org*):  The hostname that this interface will be served from.
    
+* `SERVER_PATH` (default: */*): The path to the user manager on the webserver.  Useful if running this behind a reverse proxy.
+   
 * `ORGANISATION_NAME`: (default: *LDAP*): Your organisation's name.
    
 * `SITE_NAME` (default: *{ORGANISATION_NAME} user manager*):  Change this to replace the title in the menu, e.g. "My Company Account Management".

entrypoint

@@ -2,8 +2,15 @@
 set -e
 
 ssl_dir="/opt/ssl"
+php_dir="/opt/ldap_user_manager"
 
-if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME=ldapusermanager.org; fi
+if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi
+if [ ! "$SERVER_PATH" ]; then
+  export SERVER_PATH="/";
+  apache_alias=""
+else
+  apache_alias="Alias $SERVER_PATH $php_dir"
+fi
 
 #If LDAP_TLS_CACERT is set then write it out as a file
 #and set up the LDAP client conf to use it.
@@ -20,11 +27,11 @@ if [ "${NO_HTTPS,,}" == "true" ]; then
 <VirtualHost *:80>
 
  ServerName $SERVER_HOSTNAME
- DocumentRoot /opt/ldap_user_manager
-
+ DocumentRoot $php_dir
+ $apache_alias
  DirectoryIndex index.php index.html
 
- <Directory /opt/ldap_user_manager>
+ <Directory $php_dir>
    Require all granted
  </Directory>
 
@@ -107,8 +114,6 @@ EoCertConf
 
   cat <<EoHTTPSC >/etc/apache2/sites-enabled/lum.conf
 
-Listen 443
-
 <VirtualHost *:80>
 
  RewriteEngine On
@@ -119,11 +124,12 @@ Listen 443
 <VirtualHost _default_:443>
 
  ServerName $SERVER_HOSTNAME
- DocumentRoot /opt/ldap_user_manager
 
+ DocumentRoot $php_dir
+ $apache_alias
  DirectoryIndex index.php index.html
 
- <Directory /opt/ldap_user_manager>
+ <Directory $php_dir>
    Require all granted
  </Directory>
 
@@ -137,6 +143,8 @@ EoHTTPSC
 
 fi
 
+cat /etc/apache2/sites-enabled/lum.conf
+
 ########################
 #Run Apache
 

www/account_manager/groups.php

@@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
 include_once "module_functions.inc.php";
 set_page_access("admin");
 
-render_header("LDAP manager");
+render_header("$ORGANISATION_NAME account manager");
 render_submenu();
 
 $ldap_connection = open_ldap_connection();
@@ -70,7 +70,7 @@ render_js_username_check();
 <div class="container">
 
  <div class="form-inline" id="new_group_div">
-  <form action="/<?php print $THIS_MODULE_PATH; ?>/show_group.php" method="post">
+  <form action="<?php print "${THIS_MODULE_PATH}"; ?>/show_group.php" method="post">
    <input type="hidden" name="new_group">
    <button id="show_new_group" class="form-control btn btn-default" type="button" onclick="show_new_group_form();">New group</button>
    <input type="text" class="form-control invisible" name="group_name" id="group_name" placeholder="Group name" onkeyup="check_entity_name_validity(document.getElementById('group_name').value,'new_group_div');"><button id="add_group" class="form-control btn btn-primary btn-sm invisible" type="submit">Add</button>
@@ -86,7 +86,7 @@ render_js_username_check();
  <tbody>
 <?php
 foreach ($groups as $group){
- print " <tr>\n   <td><a href='/$THIS_MODULE_PATH/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
+ print " <tr>\n   <td><a href='${THIS_MODULE_PATH}/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
 }
 ?>
   </tbody>

www/account_manager/index.php

@@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
 include_once "module_functions.inc.php";
 set_page_access("admin");
 
-render_header("LDAP manager");
+render_header("$ORGANISATION_NAME account manager");
 render_submenu();
 
 $ldap_connection = open_ldap_connection();
@@ -51,7 +51,7 @@ $people = ldap_get_user_list($ldap_connection);
 
 ?>
 <div class="container">
- <form action="/<?php print $THIS_MODULE_PATH; ?>/new_user.php" method="post">
+ <form action="<?php print "${THIS_MODULE_PATH}"; ?>/new_user.php" method="post">
   <button id="add_group" class="btn btn-default" type="submit">New user</button>
  </form>
  <table class="table table-striped">
@@ -70,7 +70,7 @@ foreach ($people as $account_identifier => $attribs){
 
  $group_membership = ldap_user_group_membership($ldap_connection,$account_identifier);
 
- print " <tr>\n   <td><a href='/$THIS_MODULE_PATH/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
+ print " <tr>\n   <td><a href='${THIS_MODULE_PATH}/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
  print "   <td>" . $people[$account_identifier]['givenname'] . "</td>\n";
  print "   <td>" . $people[$account_identifier]['sn'] . "</td>\n";
  print "   <td>" . $people[$account_identifier]['mail'] . "</td>\n";

www/account_manager/module_functions.inc.php

@@ -24,7 +24,7 @@ function render_submenu() {
        else {
         print '<li>';
        }
-       print "<a href='/${THIS_MODULE_PATH}/{$path}'>" . ucwords($submodule) . "</a></li>\n";
+       print "<a href='${THIS_MODULE_PATH}/{$path}'>" . ucwords($submodule) . "</a></li>\n";
 
       }
      ?>

www/account_manager/new_user.php

@@ -8,25 +8,26 @@ include_once "module_functions.inc.php";
 
 $attribute_map = ldap_complete_account_attribute_array();
 
-if ( $_POST['setup_admin_account'] ) {
+if ( isset($_POST['setup_admin_account']) ) {
  $admin_setup = TRUE;
 
  validate_setup_cookie();
  set_page_access("setup");
 
- $completed_action="/log_in";
+ $completed_action="${SERVER_PATH}/log_in";
  $page_title="New administrator account";
 
- render_header("Setup administrator account", FALSE);
+ render_header("$ORGANISATION_NAME account manager - setup administrator account", FALSE);
 
 }
 else {
  set_page_access("admin");
 
- $completed_action="/$THIS_MODULE_PATH/";
+ $completed_action="${THIS_MODULE_PATH}/";
  $page_title="New account";
+ $admin_setup = FALSE;
 
- render_header();
+ render_header("$ORGANISATION_NAME account manager");
  render_submenu();
 }
 
@@ -37,7 +38,7 @@ $weak_password = FALSE;
 $invalid_email = FALSE;
 $disabled_email_tickbox = TRUE;
 $invalid_cn = FALSE;
-$invalid_account_attribute = FALSE;
+$invalid_account_identifier = FALSE;
 
 $new_account_r = array();
 
@@ -48,7 +49,7 @@ foreach ($attribute_map as $attribute => $attr_r) {
  elseif (isset($attr_r['default'])) {
   $$attribute = $attr_r['default'];
  }
- $new_account_r[$attribute] = $$attribute;
+ if (isset($$attribute)) { $new_account_r[$attribute] = $$attribute; }
 }
 
 ##
@@ -61,7 +62,7 @@ if (isset($_GET['account_request'])) {
   $sn=filter_var($_GET['last_name'], FILTER_SANITIZE_STRING);
   $new_account_r['sn'] = $sn;
 
-  $uid = generate_username($first_name,$last_name);
+  $uid = generate_username($givenname,$sn);
   $new_account_r['uid'] = $uid;
 
   if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) {
@@ -92,7 +93,7 @@ if (isset($_POST['create_account'])) {
  $password  = $_POST['password'];
  $new_account_r['password'] = $password;
  $account_identifier = $new_account_r[$LDAP["account_attribute"]];
- 
+
  if (!isset($cn) or $cn == "") { $invalid_cn = TRUE; }
  if ((!isset($account_identifier) or $account_identifier == "") and $invalid_cn != TRUE) { $invalid_account_identifier = TRUE; }
  if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $weak_password = TRUE; }
@@ -129,7 +130,7 @@ You've been set up with an account for $ORGANISATION_NAME.  Your credentials are
 Username: $account_identifier
 Password: $password
 
-You should change your password as soon as possible.  Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}/change_password and log in using your new credentials.  This will take you to a page where you can change your password.
+You should change your password as soon as possible.  Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}change_password and log in using your new credentials.  This will take you to a page where you can change your password.
 EoT;
 
       include_once "mail_functions.inc.php";

www/account_manager/show_group.php

@@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
 include_once "module_functions.inc.php";
 set_page_access("admin");
 
-render_header("LDAP manager");
+render_header("$ORGANISATION_NAME account manager");
 render_submenu();
 
 $ldap_connection = open_ldap_connection();
@@ -213,7 +213,7 @@ ldap_close($ldap_connection);
   <div class="panel-heading clearfix">
    <h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $group_cn; ?><?php if ($group_cn == $LDAP["admins_group"]) { print " <sup>(admin group)</sup>" ; } ?></h3>
    <button class="btn btn-warning pull-right" onclick="show_delete_group_button();" <?php if ($group_cn == $LDAP["admins_group"]) { print "disabled"; } ?>>Delete group</button>
-   <form action="/<?php print $THIS_MODULE_PATH; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
+   <form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
   </div>
   <ul class="list-group">
    <li class="list-group-item"><?php print $full_dn; ?></li>

www/account_manager/show_user.php

@@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
 include_once "module_functions.inc.php";
 set_page_access("admin");
 
-render_header();
+render_header("$ORGANISATION_NAME account manager");
 render_submenu();
 
 $invalid_password = FALSE;
@@ -115,7 +115,7 @@ Your password for $ORGANISATION_NAME has been reset.  Your new credentials are:
 Username: $account_identifier
 Password: $password
 
-You should change your password as soon as possible.  Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}/change_password and log in using your new credentials.  This will take you to a page where you can change your password.
+You should change your password as soon as possible.  Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}change_password and log in using your new credentials.  This will take you to a page where you can change your password.
 EoT;
 
       include_once "mail_functions.inc.php";
@@ -381,7 +381,7 @@ EoT;
     <div class="panel-heading clearfix">
      <span class="panel-title pull-left"><h3><?php print $account_identifier; ?></h3></span>
      <button class="btn btn-warning pull-right align-self-end" style="margin-top: auto;" onclick="show_delete_user_button();" <?php if ($account_identifier == $USER_ID) { print "disabled"; }?>>Delete account</button>
-     <form action="/<?php print $THIS_MODULE_PATH; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($account_identifier); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
+     <form action="<?php print "${THIS_MODULE_PATH}"; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($account_identifier); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
     </div>
     <ul class="list-group">
       <li class="list-group-item"><?php print $dn; ?></li>
@@ -397,8 +397,8 @@ EoT;
 <?php
 
   foreach ($attribute_map as $attribute => $attr_r) {
-    $label   = $attr_r['label'];
-    $onkeyup = $attr_r['onkeyup'];
+    if (isset($attr_r['label'])) { $label = $attr_r['label']; } else { $label = ""; }
+    if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $label = ""; }
     if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
   ?>
      <div class="form-group" id="<?php print $attribute; ?>_div">

www/change_password/index.php

@@ -18,7 +18,7 @@ if (isset($_POST['change_password'])) {
   $ldap_connection = open_ldap_connection();
   ldap_change_password($ldap_connection,$USER_ID,$_POST['password']) or die("change_ldap_password() failed.");
 
-  render_header("Password changed");
+  render_header("$ORGANISATION_NAME account manager - password changed");
   ?>
   <div class="alert alert-success">
   <p class="text-center">Your password has been changed.</p>
@@ -30,7 +30,7 @@ if (isset($_POST['change_password'])) {
 
 }
 
-render_header('Change your LDAP password');
+render_header("Change your $ORGANISATION_NAME password");
 
 if (isset($not_strong_enough)) {  ?>
 <div class="alert alert-warning">
@@ -58,9 +58,18 @@ if (isset($mismatched)) {  ?>
 
 <div class="container">
  <div class="col-sm-8">
+   <div class="panel panel-default">
+    <p>Use this form to change your <?php print $ORGANISATION_NAME; ?> password.  When you start typing your new password the gauge at the bottom will show its security strength.
+    <br>Enter your password again in the <b>confirm</b> field.  If the passwords don't match then both fields will be bordered with red.</p>
+   </div>
+ </div>
+</div>
 
-  <div class="panel panel-default"> 
-   <div class="panel-heading text-center">Change password</div>
+<div class="container">
+ <div class="col-sm-8">
+
+  <div class="panel panel-default">
+   <div class="panel-heading text-center">Change your password</div>
    <div class="panel-body text-center">
    
     <form class="form-horizontal" action='' method='post'>

www/includes/config.inc.php

@@ -44,7 +44,9 @@
 
  $ORGANISATION_NAME = (getenv('ORGANISATION_NAME') ? getenv('ORGANISATION_NAME') : 'LDAP');
  $SITE_NAME = (getenv('SITE_NAME') ? getenv('SITE_NAME') : "$ORGANISATION_NAME user manager");
+
  $SERVER_HOSTNAME = (getenv('SERVER_HOSTNAME') ? getenv('SERVER_HOSTNAME') : "ldapusermanager.org");
+ $SERVER_PATH = (getenv('SERVER_PATH') ? getenv('SERVER_PATH') : "/");
 
  $ENFORCE_SAFE_SYSTEM_NAMES = ((strcasecmp(getenv('ENFORCE_SAFE_SYSTEM_NAMES'),'FALSE') == 0) ? FALSE : TRUE);
  $POSIX_USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');

www/includes/ldap_functions.inc.php

@@ -216,7 +216,7 @@ function ldap_hashed_password($password) {
      array_push($available_algos, $algo_name);
    }
    else {
-     error_log("$log_prefix password hashing - the system doesn't support ${algo_name}");
+     error_log("$log_prefix password hashing - the system doesn't support ${algo_name}",0);
    }
  }
  $available_algos = array_merge($available_algos, $remaining_algos);
@@ -224,7 +224,7 @@ function ldap_hashed_password($password) {
  if (isset($PASSWORD_HASH)) {
    if (!in_array($PASSWORD_HASH, $available_algos)) {
      $hash_algo = $available_algos[0];
-     error_log("$log_prefix LDAP password: the chosen hash method ($PASSWORD_HASH) wasn't available");
+     error_log("$log_prefix LDAP password: the chosen hash method ($PASSWORD_HASH) wasn't available",0);
    }
    else {
      $hash_algo = $PASSWORD_HASH;
@@ -233,7 +233,7 @@ function ldap_hashed_password($password) {
  else {
    $hash_algo = $available_algos[0];
  }
- error_log("$log_prefix LDAP password: using '${hash_algo}' as the hashing method");
+ error_log("$log_prefix LDAP password: using '${hash_algo}' as the hashing method",0);
 
  switch ($hash_algo) {
 
@@ -282,14 +282,14 @@ function ldap_hashed_password($password) {
     break;
 
   case 'CLEAR':
-    error_log("$log_prefix password hashing - WARNING - Saving password in cleartext. This is extremely bad practice and should never ever be done in a production environment.");
+    error_log("$log_prefix password hashing - WARNING - Saving password in cleartext. This is extremely bad practice and should never ever be done in a production environment.",0);
     $hashed_pwd = $password;
     break;
 
 
  }
 
- error_log("$log_prefix password update - algo $hash_algo | pwd $hashed_pwd");
+ error_log("$log_prefix password update - algo $hash_algo | pwd $hashed_pwd",0);
 
  return $hashed_pwd;
 
@@ -346,10 +346,8 @@ function fetch_id_stored_in_ldap($ldap_connection,$type="uid") {
   $ldap_search = @ ldap_search($ldap_connection, "${LDAP['base_dn']}", $filter, array('serialNumber'));
   $result = ldap_get_entries($ldap_connection, $ldap_search);
 
-  $fetched_id = $result[0]['serialnumber'][0];
-
-  if (isset($fetched_id) and is_numeric($fetched_id)){
-    return $fetched_id;
+  if (isset($result[0]['serialnumber'][0]) and is_numeric($result[0]['serialnumber'][0])){
+    return $result[0]['serialnumber'][0];
   }
   else {
     return FALSE;
@@ -517,17 +515,23 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
 
  $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
  $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
- $result = ldap_get_entries($ldap_connection, $ldap_search);
 
- if ($LDAP['group_membership_uses_uid'] == FALSE) {
-  $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
- }
+ if ($ldap_search) {
+   $result = ldap_get_entries($ldap_connection, $ldap_search);
 
- if (preg_grep ("/^${username}$/i", $result[0][$LDAP['group_membership_attribute']])) {
-  return TRUE;
+   if ($LDAP['group_membership_uses_uid'] == FALSE) {
+     $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
+   }
+
+   if (preg_grep ("/^${username}$/i", $result[0][$LDAP['group_membership_attribute']])) {
+     return TRUE;
+   }
+   else {
+     return FALSE;
+   }
  }
  else {
-  return FALSE;
+   return FALSE;
  }
 
 }
@@ -600,7 +604,7 @@ function ldap_new_group($ldap_connection,$group_name) {
 
    if (! $add_group ) {
     $this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
-    if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix: DEBUG add_group array: ". print_r($new_group_array,true)); }
+    if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix: DEBUG add_group array: ". print_r($new_group_array,true),0); }
     error_log($this_error,0);
    }
    else {
@@ -965,7 +969,7 @@ function ldap_detect_rfc2307bis($ldap_connection) {
  $bis_available = FALSE;
 
  if ($LDAP['forced_rfc2307bis'] == TRUE) {
-  if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - skipping autodetection because FORCE_RFC2307BIS is TRUE"); }
+  if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - skipping autodetection because FORCE_RFC2307BIS is TRUE",0); }
   $bis_available = TRUE;
  }
  else {
@@ -973,8 +977,8 @@ function ldap_detect_rfc2307bis($ldap_connection) {
   $schema_base_query = @ ldap_read($ldap_connection,"","subschemaSubentry=*",array('subschemaSubentry'));
 
   if (!$schema_base_query) {
-   error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection));
-   error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available.  Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.");
+   error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
+   error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available.  Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.",0);
   }
   else {
    $schema_base_results = @ ldap_get_entries($ldap_connection, $schema_base_query);
@@ -986,7 +990,7 @@ function ldap_detect_rfc2307bis($ldap_connection) {
 
     $objclass_query = @ ldap_read($ldap_connection,$schema_base_dn,"(objectClasses=*)",array('objectClasses'));
     if (!$objclass_query) {
-     error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection));
+     error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
     }
     else {
      $objclass_results = @ ldap_get_entries($ldap_connection, $objclass_query);

www/includes/mail_functions.inc.php

@@ -23,7 +23,7 @@ function send_email($recipient_email,$recipient_name,$subject,$body) {
     $mail->Password = $SMTP['pass'];
   }
 
-  if ($MAIL['tls'] == TRUE) { $mail->SMTPSecure = "tls"; }
+  if ($EMAIL['tls'] == TRUE) { $mail->SMTPSecure = "tls"; }
 
   $mail->setFrom($EMAIL['from_address'], $EMAIL['from_name']);
   $mail->addAddress($recipient_email, $recipient_name);

www/includes/web_functions.inc.php

@@ -12,7 +12,7 @@ $SENT_HEADERS = FALSE;
 $SESSION_TIMED_OUT = FALSE;
 
 $paths=explode('/',getcwd());
-$THIS_MODULE_PATH=end($paths);
+$THIS_MODULE=end($paths);
 
 $GOOD_ICON = "☑";
 $WARN_ICON = "⚠";
@@ -33,6 +33,9 @@ else {
 include ("config.inc.php");    # get local settings
 include ("modules.inc.php");   # module definitions
 
+if (substr($SERVER_PATH, -1) != "/") { $SERVER_PATH .= "/"; }
+$THIS_MODULE_PATH="${SERVER_PATH}${THIS_MODULE}";
+
 validate_passkey_cookie();
 
 ######################################################
@@ -191,7 +194,7 @@ function log_out($method='normal') {
 
  # Delete the passkey from the database and the passkey cookie
 
- global $USER_ID;
+ global $USER_ID, $SERVER_PATH;
 
  setcookie('orf_cookie', "", time()-20000, '/', '', '', TRUE);
  setcookie('sessto_cookie', "", time()-20000, '/', '', '', TRUE);
@@ -200,7 +203,7 @@ function log_out($method='normal') {
  @ unlink("/tmp/$filename");
 
  if ($method == 'auto') { $options = "?logged_out"; } else { $options = ""; }
- header("Location:  //${_SERVER["HTTP_HOST"]}/index.php$options\n\n");
+ header("Location:  //${_SERVER["HTTP_HOST"]}${SERVER_PATH}index.php$options\n\n");
 
 }
 
@@ -232,6 +235,19 @@ function render_header($title="",$menu=TRUE) {
   render_menu();
  }
 
+ if (isset($_GET['logged_in'])) {
+
+  ?>
+  <script>
+    window.setTimeout(function() { $(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); }); }, 10000);
+  </script>
+  <div class="alert alert-success">
+    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
+    <p class="text-center">You've logged in successfully.</p>
+  </div>
+  <?php
+
+ }
  $SENT_HEADERS = TRUE;
 
 }
@@ -244,7 +260,7 @@ function render_menu() {
  #Render the navigation menu.
  #The menu is dynamically rendered the $MODULES hash
 
- global $SITE_NAME, $MODULES, $THIS_MODULE_PATH, $VALIDATED, $IS_ADMIN, $USER_ID;
+ global $SITE_NAME, $MODULES, $THIS_MODULE, $VALIDATED, $IS_ADMIN, $USER_ID, $SERVER_PATH;
 
  ?>
   <nav class="navbar navbar-default">
@@ -268,13 +284,13 @@ function render_menu() {
       }
       #print "<p>$module - access is $access & show is $show_this_module</p>";
       if ($show_this_module == TRUE ) {
-       if ($module == $THIS_MODULE_PATH) {
+       if ($module == $THIS_MODULE) {
         print "<li class='active'>";
        }
        else {
         print '<li>';
        }
-       print "<a href='/{$module}/'>$this_module_name</a></li>\n";
+       print "<a href='${SERVER_PATH}{$module}/'>$this_module_name</a></li>\n";
       }
      }
      ?>
@@ -306,7 +322,7 @@ function render_footer() {
 
 function set_page_access($level) {
 
- global $IS_ADMIN, $IS_SETUP_ADMIN, $VALIDATED, $log_prefix, $SESSION_DEBUG, $SESSION_TIMED_OUT;
+ global $IS_ADMIN, $IS_SETUP_ADMIN, $VALIDATED, $log_prefix, $SESSION_DEBUG, $SESSION_TIMED_OUT, $SERVER_PATH;
 
  #Set the security level needed to view a page.
  #This should be one of the first pieces of code
@@ -318,7 +334,7 @@ function set_page_access($level) {
    return;
   }
   else {
-   header("Location: //" . $_SERVER["HTTP_HOST"] . "/setup/index.php?unauthorised\n\n");
+   header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}setup/index.php?unauthorised\n\n");
    if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Session: UNAUTHORISED: page security level is 'setup' but IS_SETUP_ADMIN isn't TRUE",0); }
    exit(0);
   }
@@ -331,7 +347,7 @@ function set_page_access($level) {
    return;
   }
   else {
-   header("Location: //" . $_SERVER["HTTP_HOST"] . "/log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
+   header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
    if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Session: no access to page ($reason): page security level is 'admin' but IS_ADMIN = '${IS_ADMIN}' and VALIDATED = '${VALIDATED}' (user) ",0); }
    exit(0);
   }
@@ -342,7 +358,7 @@ function set_page_access($level) {
    return;
   }
   else {
-   header("Location: //" . $_SERVER["HTTP_HOST"] . "/log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
+   header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
    if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Session: no access to page ($reason): page security level is 'user' but VALIDATED = '${VALIDATED}'",0); }
    exit(0);
   }

www/log_in/index.php

@@ -34,17 +34,19 @@ if (isset($_POST["user_id"]) and isset($_POST["password"])) {
    header("Location: //${_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");
   }
   else {
-   header("Location: //${_SERVER['HTTP_HOST']}/index.php?logged_in\n\n");
+
+   if ($IS_ADMIN) { $default_module = "account_manager"; } else { $default_module = "change_password"; }
+   header("Location: //${_SERVER['HTTP_HOST']}${SERVER_PATH}$default_module?logged_in\n\n");
   }
  }
  else {
-  header("Location: //${_SERVER['HTTP_HOST']}/${THIS_MODULE_PATH}/index.php?invalid\n\n");
+  header("Location: //${_SERVER['HTTP_HOST']}${THIS_MODULE_PATH}/index.php?invalid\n\n");
  }
 
 }
 else {
 
- render_header("Log in");
+ render_header("$ORGANISATION_NAME account manager - log in");
 
  ?>
 <div class="container">

www/request_account/index.php

@@ -3,9 +3,9 @@
 set_include_path( ".:" . __DIR__ . "/../includes/");
 session_start();
 
-include "web_functions.inc.php";
+include_once "web_functions.inc.php";
 
-render_header("Request an account");
+render_header("$ORGANISATION_NAME - request an account");
 
 if ($ACCOUNT_REQUESTS_ENABLED == FALSE) {
 
@@ -65,7 +65,7 @@ if($_POST) {
 
     $mail_subject = "$firstname $lastname has requested an account for $ORGANISATION_NAME.";
 
-$link_url="${SITE_PROTOCOL}${SERVER_HOSTNAME}/account_manager/new_user.php?account_request&first_name=$firstname&last_name=$lastname&email=$email";
+$link_url="${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}account_manager/new_user.php?account_request&first_name=$firstname&last_name=$lastname&email=$email";
 
 if (!isset($email)) { $email = "n/a"; }
 if (!isset($notes)) { $notes = "n/a"; }
@@ -85,10 +85,10 @@ EoT;
      include_once "mail_functions.inc.php";
      $sent_email = send_email($ACCOUNT_REQUESTS_EMAIL,"$ORGANISATION_NAME account requests",$mail_subject,$mail_body);
      if ($sent_email) {
-       $sent_email_message .= "  Thank you. The request was sent and the administrator will process it as soon as possible.";
+       $sent_email_message = "  Thank you. The request was sent and the administrator will process it as soon as possible.";
      }
      else {
-       $sent_email_message .= "  Unfortunately the request wasn't sent because of a technical problem.";
+       $sent_email_message = "  Unfortunately the request wasn't sent because of a technical problem.";
      }
      ?>
       <div class="container">

www/setup/index.php

@@ -13,16 +13,16 @@ if (isset($_POST["admin_password"])) {
 
  if ($user_auth != FALSE) {
   set_setup_cookie($user_auth);
-  header("Location: //${_SERVER["HTTP_HOST"]}/${THIS_MODULE_PATH}/run_checks.php\n\n");
+  header("Location: //${_SERVER["HTTP_HOST"]}${THIS_MODULE_PATH}/run_checks.php\n\n");
  }
  else {
-  header("Location: //${_SERVER["HTTP_HOST"]}/${THIS_MODULE_PATH}/index.php?invalid\n\n");
+  header("Location: //${_SERVER["HTTP_HOST"]}${THIS_MODULE_PATH}/index.php?invalid\n\n");
  }
 
 }
 else {
 
- render_header("Setup log in");
+ render_header("$ORGANISATION_NAME account manager setup - log in");
 
  if (isset($_GET["invalid"])) {
  ?>

www/setup/run_checks.php

@@ -9,7 +9,7 @@ include_once "module_functions.inc.php";
 validate_setup_cookie();
 set_page_access("setup");
 
-render_header();
+render_header("$ORGANISATION_NAME account manager setup");
 
 $show_finish_button = TRUE;
 
@@ -22,7 +22,7 @@ $ldap_connection = open_ldap_connection();
     });
 </script>
 <div class="form-group">
-  <form action="<?php print "/$THIS_MODULE_PATH/setup_ldap.php"; ?>" method="post">
+  <form action="<?php print "${THIS_MODULE_PATH}/setup_ldap.php"; ?>" method="post">
   <input type="hidden" name="fix_problems">
 
 
@@ -249,7 +249,7 @@ if ($show_finish_button == TRUE) {
 ?>
      </form>
      <div class='well'>
-      <form action="/log_in">
+      <form action="${SERVER_PATH}log_in">
        <input type='submit' class="btn btn-success center-block" value='Done'>
       </form>
      </div>

www/setup/setup_ldap.php

@@ -9,7 +9,7 @@ include_once "module_functions.inc.php";
 validate_setup_cookie();
 set_page_access("setup");
 
-render_header();
+render_header("$ORGANISATION_NAME account manager setup");
 
 $ldap_connection = open_ldap_connection();
 
@@ -138,7 +138,7 @@ if (isset($_POST['fix_problems'])) {
 
   ?>
   <div class="form-group">
-  <form action="<?php print "/account_manager/new_user.php"; ?>" method="post">
+  <form action="<?php print "${SERVER_PATH}account_manager/new_user.php"; ?>" method="post">
   <input type="hidden" name="setup_admin_account">
   <?php
   print "$li_fail The LDAP administration group is empty. ";
@@ -167,7 +167,7 @@ if (isset($_POST['fix_problems'])) {
  ?>
  </form>
  <div class='well'>
-  <form action="/">
+  <form action="${SERVER_PATH}">
    <input type='submit' class="btn btn-success center-block" value='Finished' class='center-block'>
   </form>
  </div>
@@ -186,7 +186,7 @@ if (isset($_POST['fix_problems'])) {
  ?>
  </form>
  <div class='well'>
-  <form action="/setup/run_checks.php">
+  <form action="${SERVER_PATH}setup/run_checks.php">
    <input type='submit' class="btn btn-danger center-block" value='< Re-run setup' class='center-block'>
   </form>
  </div>