Add the ability to set the server path. Get directed to the appropriate module when you log in.

This commit is contained in:
Brian Lycett 2021-04-15 15:43:53 +01:00
parent 65bee01fad
commit 769ff0f1b0
19 changed files with 132 additions and 92 deletions

View File

@ -1,4 +1,4 @@
FROM php:7.0-apache
FROM php:8-apache
RUN apt-get update && \
apt-get install -y --no-install-recommends \
@ -8,11 +8,7 @@ RUN apt-get update && \
libpng-dev && \
rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-configure gd \
--enable-gd-native-ttf \
--with-freetype-dir=/usr/include/freetype2 \
--with-png-dir=/usr/include \
--with-jpeg-dir=/usr/include && \
RUN docker-php-ext-configure gd --with-freetype && \
docker-php-ext-install -j$(nproc) gd && \
libdir=$(find /usr -name "libldap.so*" | sed -e 's/\/usr\///' -e 's/\/libldap.so//') && \
docker-php-ext-configure ldap --with-libdir=$libdir && \

View File

@ -85,6 +85,8 @@ Configuration is via environmental variables. Please bear the following in mind
* `SERVER_HOSTNAME` (default: *ldapusername.org*): The hostname that this interface will be served from.
* `SERVER_PATH` (default: */*): The path to the user manager on the webserver. Useful if running this behind a reverse proxy.
* `ORGANISATION_NAME`: (default: *LDAP*): Your organisation's name.
* `SITE_NAME` (default: *{ORGANISATION_NAME} user manager*): Change this to replace the title in the menu, e.g. "My Company Account Management".

View File

@ -2,8 +2,15 @@
set -e
ssl_dir="/opt/ssl"
php_dir="/opt/ldap_user_manager"
if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME=ldapusermanager.org; fi
if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi
if [ ! "$SERVER_PATH" ]; then
export SERVER_PATH="/";
apache_alias=""
else
apache_alias="Alias $SERVER_PATH $php_dir"
fi
#If LDAP_TLS_CACERT is set then write it out as a file
#and set up the LDAP client conf to use it.
@ -20,11 +27,11 @@ if [ "${NO_HTTPS,,}" == "true" ]; then
<VirtualHost *:80>
ServerName $SERVER_HOSTNAME
DocumentRoot /opt/ldap_user_manager
DocumentRoot $php_dir
$apache_alias
DirectoryIndex index.php index.html
<Directory /opt/ldap_user_manager>
<Directory $php_dir>
Require all granted
</Directory>
@ -107,8 +114,6 @@ EoCertConf
cat <<EoHTTPSC >/etc/apache2/sites-enabled/lum.conf
Listen 443
<VirtualHost *:80>
RewriteEngine On
@ -119,11 +124,12 @@ Listen 443
<VirtualHost _default_:443>
ServerName $SERVER_HOSTNAME
DocumentRoot /opt/ldap_user_manager
DocumentRoot $php_dir
$apache_alias
DirectoryIndex index.php index.html
<Directory /opt/ldap_user_manager>
<Directory $php_dir>
Require all granted
</Directory>
@ -137,6 +143,8 @@ EoHTTPSC
fi
cat /etc/apache2/sites-enabled/lum.conf
########################
#Run Apache

View File

@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
include_once "module_functions.inc.php";
set_page_access("admin");
render_header("LDAP manager");
render_header("$ORGANISATION_NAME account manager");
render_submenu();
$ldap_connection = open_ldap_connection();
@ -70,7 +70,7 @@ render_js_username_check();
<div class="container">
<div class="form-inline" id="new_group_div">
<form action="/<?php print $THIS_MODULE_PATH; ?>/show_group.php" method="post">
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/show_group.php" method="post">
<input type="hidden" name="new_group">
<button id="show_new_group" class="form-control btn btn-default" type="button" onclick="show_new_group_form();">New group</button>
<input type="text" class="form-control invisible" name="group_name" id="group_name" placeholder="Group name" onkeyup="check_entity_name_validity(document.getElementById('group_name').value,'new_group_div');"><button id="add_group" class="form-control btn btn-primary btn-sm invisible" type="submit">Add</button>
@ -86,7 +86,7 @@ render_js_username_check();
<tbody>
<?php
foreach ($groups as $group){
print " <tr>\n <td><a href='/$THIS_MODULE_PATH/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
print " <tr>\n <td><a href='${THIS_MODULE_PATH}/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
}
?>
</tbody>

View File

@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
include_once "module_functions.inc.php";
set_page_access("admin");
render_header("LDAP manager");
render_header("$ORGANISATION_NAME account manager");
render_submenu();
$ldap_connection = open_ldap_connection();
@ -51,7 +51,7 @@ $people = ldap_get_user_list($ldap_connection);
?>
<div class="container">
<form action="/<?php print $THIS_MODULE_PATH; ?>/new_user.php" method="post">
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/new_user.php" method="post">
<button id="add_group" class="btn btn-default" type="submit">New user</button>
</form>
<table class="table table-striped">
@ -70,7 +70,7 @@ foreach ($people as $account_identifier => $attribs){
$group_membership = ldap_user_group_membership($ldap_connection,$account_identifier);
print " <tr>\n <td><a href='/$THIS_MODULE_PATH/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
print " <tr>\n <td><a href='${THIS_MODULE_PATH}/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
print " <td>" . $people[$account_identifier]['givenname'] . "</td>\n";
print " <td>" . $people[$account_identifier]['sn'] . "</td>\n";
print " <td>" . $people[$account_identifier]['mail'] . "</td>\n";

View File

@ -24,7 +24,7 @@ function render_submenu() {
else {
print '<li>';
}
print "<a href='/${THIS_MODULE_PATH}/{$path}'>" . ucwords($submodule) . "</a></li>\n";
print "<a href='${THIS_MODULE_PATH}/{$path}'>" . ucwords($submodule) . "</a></li>\n";
}
?>

View File

@ -8,25 +8,26 @@ include_once "module_functions.inc.php";
$attribute_map = ldap_complete_account_attribute_array();
if ( $_POST['setup_admin_account'] ) {
if ( isset($_POST['setup_admin_account']) ) {
$admin_setup = TRUE;
validate_setup_cookie();
set_page_access("setup");
$completed_action="/log_in";
$completed_action="${SERVER_PATH}/log_in";
$page_title="New administrator account";
render_header("Setup administrator account", FALSE);
render_header("$ORGANISATION_NAME account manager - setup administrator account", FALSE);
}
else {
set_page_access("admin");
$completed_action="/$THIS_MODULE_PATH/";
$completed_action="${THIS_MODULE_PATH}/";
$page_title="New account";
$admin_setup = FALSE;
render_header();
render_header("$ORGANISATION_NAME account manager");
render_submenu();
}
@ -37,7 +38,7 @@ $weak_password = FALSE;
$invalid_email = FALSE;
$disabled_email_tickbox = TRUE;
$invalid_cn = FALSE;
$invalid_account_attribute = FALSE;
$invalid_account_identifier = FALSE;
$new_account_r = array();
@ -48,7 +49,7 @@ foreach ($attribute_map as $attribute => $attr_r) {
elseif (isset($attr_r['default'])) {
$$attribute = $attr_r['default'];
}
$new_account_r[$attribute] = $$attribute;
if (isset($$attribute)) { $new_account_r[$attribute] = $$attribute; }
}
##
@ -61,7 +62,7 @@ if (isset($_GET['account_request'])) {
$sn=filter_var($_GET['last_name'], FILTER_SANITIZE_STRING);
$new_account_r['sn'] = $sn;
$uid = generate_username($first_name,$last_name);
$uid = generate_username($givenname,$sn);
$new_account_r['uid'] = $uid;
if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) {
@ -129,7 +130,7 @@ You've been set up with an account for $ORGANISATION_NAME. Your credentials are
Username: $account_identifier
Password: $password
You should change your password as soon as possible. Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}/change_password and log in using your new credentials. This will take you to a page where you can change your password.
You should change your password as soon as possible. Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}change_password and log in using your new credentials. This will take you to a page where you can change your password.
EoT;
include_once "mail_functions.inc.php";

View File

@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
include_once "module_functions.inc.php";
set_page_access("admin");
render_header("LDAP manager");
render_header("$ORGANISATION_NAME account manager");
render_submenu();
$ldap_connection = open_ldap_connection();
@ -213,7 +213,7 @@ ldap_close($ldap_connection);
<div class="panel-heading clearfix">
<h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $group_cn; ?><?php if ($group_cn == $LDAP["admins_group"]) { print " <sup>(admin group)</sup>" ; } ?></h3>
<button class="btn btn-warning pull-right" onclick="show_delete_group_button();" <?php if ($group_cn == $LDAP["admins_group"]) { print "disabled"; } ?>>Delete group</button>
<form action="/<?php print $THIS_MODULE_PATH; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
</div>
<ul class="list-group">
<li class="list-group-item"><?php print $full_dn; ?></li>

View File

@ -7,7 +7,7 @@ include_once "ldap_functions.inc.php";
include_once "module_functions.inc.php";
set_page_access("admin");
render_header();
render_header("$ORGANISATION_NAME account manager");
render_submenu();
$invalid_password = FALSE;
@ -115,7 +115,7 @@ Your password for $ORGANISATION_NAME has been reset. Your new credentials are:
Username: $account_identifier
Password: $password
You should change your password as soon as possible. Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}/change_password and log in using your new credentials. This will take you to a page where you can change your password.
You should change your password as soon as possible. Go to ${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}change_password and log in using your new credentials. This will take you to a page where you can change your password.
EoT;
include_once "mail_functions.inc.php";
@ -381,7 +381,7 @@ EoT;
<div class="panel-heading clearfix">
<span class="panel-title pull-left"><h3><?php print $account_identifier; ?></h3></span>
<button class="btn btn-warning pull-right align-self-end" style="margin-top: auto;" onclick="show_delete_user_button();" <?php if ($account_identifier == $USER_ID) { print "disabled"; }?>>Delete account</button>
<form action="/<?php print $THIS_MODULE_PATH; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($account_identifier); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($account_identifier); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
</div>
<ul class="list-group">
<li class="list-group-item"><?php print $dn; ?></li>
@ -397,8 +397,8 @@ EoT;
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
$onkeyup = $attr_r['onkeyup'];
if (isset($attr_r['label'])) { $label = $attr_r['label']; } else { $label = ""; }
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $label = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
?>
<div class="form-group" id="<?php print $attribute; ?>_div">

View File

@ -18,7 +18,7 @@ if (isset($_POST['change_password'])) {
$ldap_connection = open_ldap_connection();
ldap_change_password($ldap_connection,$USER_ID,$_POST['password']) or die("change_ldap_password() failed.");
render_header("Password changed");
render_header("$ORGANISATION_NAME account manager - password changed");
?>
<div class="alert alert-success">
<p class="text-center">Your password has been changed.</p>
@ -30,7 +30,7 @@ if (isset($_POST['change_password'])) {
}
render_header('Change your LDAP password');
render_header("Change your $ORGANISATION_NAME password");
if (isset($not_strong_enough)) { ?>
<div class="alert alert-warning">
@ -56,11 +56,20 @@ if (isset($mismatched)) { ?>
<script type="text/javascript" src="/js/zxcvbn-bootstrap-strength-meter.js"></script>
<script type="text/javascript">$(document).ready(function(){ $("#StrengthProgressBar").zxcvbnProgressBar({ passwordInput: "#password" });});</script>
<div class="container">
<div class="col-sm-8">
<div class="panel panel-default">
<p>Use this form to change your <?php print $ORGANISATION_NAME; ?> password. When you start typing your new password the gauge at the bottom will show its security strength.
<br>Enter your password again in the <b>confirm</b> field. If the passwords don't match then both fields will be bordered with red.</p>
</div>
</div>
</div>
<div class="container">
<div class="col-sm-8">
<div class="panel panel-default">
<div class="panel-heading text-center">Change password</div>
<div class="panel-heading text-center">Change your password</div>
<div class="panel-body text-center">
<form class="form-horizontal" action='' method='post'>

View File

@ -44,7 +44,9 @@
$ORGANISATION_NAME = (getenv('ORGANISATION_NAME') ? getenv('ORGANISATION_NAME') : 'LDAP');
$SITE_NAME = (getenv('SITE_NAME') ? getenv('SITE_NAME') : "$ORGANISATION_NAME user manager");
$SERVER_HOSTNAME = (getenv('SERVER_HOSTNAME') ? getenv('SERVER_HOSTNAME') : "ldapusermanager.org");
$SERVER_PATH = (getenv('SERVER_PATH') ? getenv('SERVER_PATH') : "/");
$ENFORCE_SAFE_SYSTEM_NAMES = ((strcasecmp(getenv('ENFORCE_SAFE_SYSTEM_NAMES'),'FALSE') == 0) ? FALSE : TRUE);
$POSIX_USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');

View File

@ -216,7 +216,7 @@ function ldap_hashed_password($password) {
array_push($available_algos, $algo_name);
}
else {
error_log("$log_prefix password hashing - the system doesn't support ${algo_name}");
error_log("$log_prefix password hashing - the system doesn't support ${algo_name}",0);
}
}
$available_algos = array_merge($available_algos, $remaining_algos);
@ -224,7 +224,7 @@ function ldap_hashed_password($password) {
if (isset($PASSWORD_HASH)) {
if (!in_array($PASSWORD_HASH, $available_algos)) {
$hash_algo = $available_algos[0];
error_log("$log_prefix LDAP password: the chosen hash method ($PASSWORD_HASH) wasn't available");
error_log("$log_prefix LDAP password: the chosen hash method ($PASSWORD_HASH) wasn't available",0);
}
else {
$hash_algo = $PASSWORD_HASH;
@ -233,7 +233,7 @@ function ldap_hashed_password($password) {
else {
$hash_algo = $available_algos[0];
}
error_log("$log_prefix LDAP password: using '${hash_algo}' as the hashing method");
error_log("$log_prefix LDAP password: using '${hash_algo}' as the hashing method",0);
switch ($hash_algo) {
@ -282,14 +282,14 @@ function ldap_hashed_password($password) {
break;
case 'CLEAR':
error_log("$log_prefix password hashing - WARNING - Saving password in cleartext. This is extremely bad practice and should never ever be done in a production environment.");
error_log("$log_prefix password hashing - WARNING - Saving password in cleartext. This is extremely bad practice and should never ever be done in a production environment.",0);
$hashed_pwd = $password;
break;
}
error_log("$log_prefix password update - algo $hash_algo | pwd $hashed_pwd");
error_log("$log_prefix password update - algo $hash_algo | pwd $hashed_pwd",0);
return $hashed_pwd;
@ -346,10 +346,8 @@ function fetch_id_stored_in_ldap($ldap_connection,$type="uid") {
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['base_dn']}", $filter, array('serialNumber'));
$result = ldap_get_entries($ldap_connection, $ldap_search);
$fetched_id = $result[0]['serialnumber'][0];
if (isset($fetched_id) and is_numeric($fetched_id)){
return $fetched_id;
if (isset($result[0]['serialnumber'][0]) and is_numeric($result[0]['serialnumber'][0])){
return $result[0]['serialnumber'][0];
}
else {
return FALSE;
@ -517,6 +515,8 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
$ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
if ($ldap_search) {
$result = ldap_get_entries($ldap_connection, $ldap_search);
if ($LDAP['group_membership_uses_uid'] == FALSE) {
@ -529,6 +529,10 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
else {
return FALSE;
}
}
else {
return FALSE;
}
}
@ -600,7 +604,7 @@ function ldap_new_group($ldap_connection,$group_name) {
if (! $add_group ) {
$this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix: DEBUG add_group array: ". print_r($new_group_array,true)); }
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix: DEBUG add_group array: ". print_r($new_group_array,true),0); }
error_log($this_error,0);
}
else {
@ -965,7 +969,7 @@ function ldap_detect_rfc2307bis($ldap_connection) {
$bis_available = FALSE;
if ($LDAP['forced_rfc2307bis'] == TRUE) {
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - skipping autodetection because FORCE_RFC2307BIS is TRUE"); }
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP RFC2307BIS detection - skipping autodetection because FORCE_RFC2307BIS is TRUE",0); }
$bis_available = TRUE;
}
else {
@ -973,8 +977,8 @@ function ldap_detect_rfc2307bis($ldap_connection) {
$schema_base_query = @ ldap_read($ldap_connection,"","subschemaSubentry=*",array('subschemaSubentry'));
if (!$schema_base_query) {
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection));
error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.");
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.",0);
}
else {
$schema_base_results = @ ldap_get_entries($ldap_connection, $schema_base_query);
@ -986,7 +990,7 @@ function ldap_detect_rfc2307bis($ldap_connection) {
$objclass_query = @ ldap_read($ldap_connection,$schema_base_dn,"(objectClasses=*)",array('objectClasses'));
if (!$objclass_query) {
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection));
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
}
else {
$objclass_results = @ ldap_get_entries($ldap_connection, $objclass_query);

View File

@ -23,7 +23,7 @@ function send_email($recipient_email,$recipient_name,$subject,$body) {
$mail->Password = $SMTP['pass'];
}
if ($MAIL['tls'] == TRUE) { $mail->SMTPSecure = "tls"; }
if ($EMAIL['tls'] == TRUE) { $mail->SMTPSecure = "tls"; }
$mail->setFrom($EMAIL['from_address'], $EMAIL['from_name']);
$mail->addAddress($recipient_email, $recipient_name);

View File

@ -12,7 +12,7 @@ $SENT_HEADERS = FALSE;
$SESSION_TIMED_OUT = FALSE;
$paths=explode('/',getcwd());
$THIS_MODULE_PATH=end($paths);
$THIS_MODULE=end($paths);
$GOOD_ICON = "&#9745;";
$WARN_ICON = "&#9888;";
@ -33,6 +33,9 @@ else {
include ("config.inc.php"); # get local settings
include ("modules.inc.php"); # module definitions
if (substr($SERVER_PATH, -1) != "/") { $SERVER_PATH .= "/"; }
$THIS_MODULE_PATH="${SERVER_PATH}${THIS_MODULE}";
validate_passkey_cookie();
######################################################
@ -191,7 +194,7 @@ function log_out($method='normal') {
# Delete the passkey from the database and the passkey cookie
global $USER_ID;
global $USER_ID, $SERVER_PATH;
setcookie('orf_cookie', "", time()-20000, '/', '', '', TRUE);
setcookie('sessto_cookie', "", time()-20000, '/', '', '', TRUE);
@ -200,7 +203,7 @@ function log_out($method='normal') {
@ unlink("/tmp/$filename");
if ($method == 'auto') { $options = "?logged_out"; } else { $options = ""; }
header("Location: //${_SERVER["HTTP_HOST"]}/index.php$options\n\n");
header("Location: //${_SERVER["HTTP_HOST"]}${SERVER_PATH}index.php$options\n\n");
}
@ -232,6 +235,19 @@ function render_header($title="",$menu=TRUE) {
render_menu();
}
if (isset($_GET['logged_in'])) {
?>
<script>
window.setTimeout(function() { $(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); }); }, 10000);
</script>
<div class="alert alert-success">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">You've logged in successfully.</p>
</div>
<?php
}
$SENT_HEADERS = TRUE;
}
@ -244,7 +260,7 @@ function render_menu() {
#Render the navigation menu.
#The menu is dynamically rendered the $MODULES hash
global $SITE_NAME, $MODULES, $THIS_MODULE_PATH, $VALIDATED, $IS_ADMIN, $USER_ID;
global $SITE_NAME, $MODULES, $THIS_MODULE, $VALIDATED, $IS_ADMIN, $USER_ID, $SERVER_PATH;
?>
<nav class="navbar navbar-default">
@ -268,13 +284,13 @@ function render_menu() {
}
#print "<p>$module - access is $access & show is $show_this_module</p>";
if ($show_this_module == TRUE ) {
if ($module == $THIS_MODULE_PATH) {
if ($module == $THIS_MODULE) {
print "<li class='active'>";
}
else {
print '<li>';
}
print "<a href='/{$module}/'>$this_module_name</a></li>\n";
print "<a href='${SERVER_PATH}{$module}/'>$this_module_name</a></li>\n";
}
}
?>
@ -306,7 +322,7 @@ function render_footer() {
function set_page_access($level) {
global $IS_ADMIN, $IS_SETUP_ADMIN, $VALIDATED, $log_prefix, $SESSION_DEBUG, $SESSION_TIMED_OUT;
global $IS_ADMIN, $IS_SETUP_ADMIN, $VALIDATED, $log_prefix, $SESSION_DEBUG, $SESSION_TIMED_OUT, $SERVER_PATH;
#Set the security level needed to view a page.
#This should be one of the first pieces of code
@ -318,7 +334,7 @@ function set_page_access($level) {
return;
}
else {
header("Location: //" . $_SERVER["HTTP_HOST"] . "/setup/index.php?unauthorised\n\n");
header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}setup/index.php?unauthorised\n\n");
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: UNAUTHORISED: page security level is 'setup' but IS_SETUP_ADMIN isn't TRUE",0); }
exit(0);
}
@ -331,7 +347,7 @@ function set_page_access($level) {
return;
}
else {
header("Location: //" . $_SERVER["HTTP_HOST"] . "/log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: no access to page ($reason): page security level is 'admin' but IS_ADMIN = '${IS_ADMIN}' and VALIDATED = '${VALIDATED}' (user) ",0); }
exit(0);
}
@ -342,7 +358,7 @@ function set_page_access($level) {
return;
}
else {
header("Location: //" . $_SERVER["HTTP_HOST"] . "/log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: no access to page ($reason): page security level is 'user' but VALIDATED = '${VALIDATED}'",0); }
exit(0);
}

View File

@ -34,17 +34,19 @@ if (isset($_POST["user_id"]) and isset($_POST["password"])) {
header("Location: //${_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");
}
else {
header("Location: //${_SERVER['HTTP_HOST']}/index.php?logged_in\n\n");
if ($IS_ADMIN) { $default_module = "account_manager"; } else { $default_module = "change_password"; }
header("Location: //${_SERVER['HTTP_HOST']}${SERVER_PATH}$default_module?logged_in\n\n");
}
}
else {
header("Location: //${_SERVER['HTTP_HOST']}/${THIS_MODULE_PATH}/index.php?invalid\n\n");
header("Location: //${_SERVER['HTTP_HOST']}${THIS_MODULE_PATH}/index.php?invalid\n\n");
}
}
else {
render_header("Log in");
render_header("$ORGANISATION_NAME account manager - log in");
?>
<div class="container">

View File

@ -3,9 +3,9 @@
set_include_path( ".:" . __DIR__ . "/../includes/");
session_start();
include "web_functions.inc.php";
include_once "web_functions.inc.php";
render_header("Request an account");
render_header("$ORGANISATION_NAME - request an account");
if ($ACCOUNT_REQUESTS_ENABLED == FALSE) {
@ -65,7 +65,7 @@ if($_POST) {
$mail_subject = "$firstname $lastname has requested an account for $ORGANISATION_NAME.";
$link_url="${SITE_PROTOCOL}${SERVER_HOSTNAME}/account_manager/new_user.php?account_request&first_name=$firstname&last_name=$lastname&email=$email";
$link_url="${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}account_manager/new_user.php?account_request&first_name=$firstname&last_name=$lastname&email=$email";
if (!isset($email)) { $email = "n/a"; }
if (!isset($notes)) { $notes = "n/a"; }
@ -85,10 +85,10 @@ EoT;
include_once "mail_functions.inc.php";
$sent_email = send_email($ACCOUNT_REQUESTS_EMAIL,"$ORGANISATION_NAME account requests",$mail_subject,$mail_body);
if ($sent_email) {
$sent_email_message .= " Thank you. The request was sent and the administrator will process it as soon as possible.";
$sent_email_message = " Thank you. The request was sent and the administrator will process it as soon as possible.";
}
else {
$sent_email_message .= " Unfortunately the request wasn't sent because of a technical problem.";
$sent_email_message = " Unfortunately the request wasn't sent because of a technical problem.";
}
?>
<div class="container">

View File

@ -13,16 +13,16 @@ if (isset($_POST["admin_password"])) {
if ($user_auth != FALSE) {
set_setup_cookie($user_auth);
header("Location: //${_SERVER["HTTP_HOST"]}/${THIS_MODULE_PATH}/run_checks.php\n\n");
header("Location: //${_SERVER["HTTP_HOST"]}${THIS_MODULE_PATH}/run_checks.php\n\n");
}
else {
header("Location: //${_SERVER["HTTP_HOST"]}/${THIS_MODULE_PATH}/index.php?invalid\n\n");
header("Location: //${_SERVER["HTTP_HOST"]}${THIS_MODULE_PATH}/index.php?invalid\n\n");
}
}
else {
render_header("Setup log in");
render_header("$ORGANISATION_NAME account manager setup - log in");
if (isset($_GET["invalid"])) {
?>

View File

@ -9,7 +9,7 @@ include_once "module_functions.inc.php";
validate_setup_cookie();
set_page_access("setup");
render_header();
render_header("$ORGANISATION_NAME account manager setup");
$show_finish_button = TRUE;
@ -22,7 +22,7 @@ $ldap_connection = open_ldap_connection();
});
</script>
<div class="form-group">
<form action="<?php print "/$THIS_MODULE_PATH/setup_ldap.php"; ?>" method="post">
<form action="<?php print "${THIS_MODULE_PATH}/setup_ldap.php"; ?>" method="post">
<input type="hidden" name="fix_problems">
@ -249,7 +249,7 @@ if ($show_finish_button == TRUE) {
?>
</form>
<div class='well'>
<form action="/log_in">
<form action="${SERVER_PATH}log_in">
<input type='submit' class="btn btn-success center-block" value='Done'>
</form>
</div>

View File

@ -9,7 +9,7 @@ include_once "module_functions.inc.php";
validate_setup_cookie();
set_page_access("setup");
render_header();
render_header("$ORGANISATION_NAME account manager setup");
$ldap_connection = open_ldap_connection();
@ -138,7 +138,7 @@ if (isset($_POST['fix_problems'])) {
?>
<div class="form-group">
<form action="<?php print "/account_manager/new_user.php"; ?>" method="post">
<form action="<?php print "${SERVER_PATH}account_manager/new_user.php"; ?>" method="post">
<input type="hidden" name="setup_admin_account">
<?php
print "$li_fail The LDAP administration group is empty. ";
@ -167,7 +167,7 @@ if (isset($_POST['fix_problems'])) {
?>
</form>
<div class='well'>
<form action="/">
<form action="${SERVER_PATH}">
<input type='submit' class="btn btn-success center-block" value='Finished' class='center-block'>
</form>
</div>
@ -186,7 +186,7 @@ if (isset($_POST['fix_problems'])) {
?>
</form>
<div class='well'>
<form action="/setup/run_checks.php">
<form action="${SERVER_PATH}setup/run_checks.php">
<input type='submit' class="btn btn-danger center-block" value='< Re-run setup' class='center-block'>
</form>
</div>