Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9fac4b415a | ||
|
f4c8c3d31e | ||
|
e45e71fd08 | ||
|
|
0011184a3f | ||
|
|
aa5be41b06 | ||
|
bdfd68c3b6 | ||
|
fb437b037e | ||
|
34d4f20222 | ||
|
0b65747110 | ||
|
4661aa2114 | ||
|
0a57b2f80e | ||
|
|
0fe1758572 | ||
|
4eb3737d31 | ||
|
cbdc0dacd6 |
@@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
|
||||
|
||||
phpLDAPadmin requires the following:
|
||||
a. A web server (Apache, IIS, etc).
|
||||
b. PHP 5.0.0 or newer (with LDAP support)
|
||||
b. PHP 5.5.0 or newer (with LDAP support)
|
||||
|
||||
* To install
|
||||
|
||||
|
||||
@@ -173,6 +173,10 @@ $config->custom->commands['script'] = array(
|
||||
// $config->custom->appearance['tree_width'] = null;
|
||||
# $config->custom->appearance['tree_width'] = 250;
|
||||
|
||||
/* Number of tree command icons to show, 0 = show all icons on 1 row. */
|
||||
// $config->custom->appearance['tree_icons'] = 0;
|
||||
# $config->custom->appearance['tree_icons'] = 4;
|
||||
|
||||
/* Confirm create and update operations, allowing you to review the changes
|
||||
and optionally skip attributes during the create/update operation. */
|
||||
// $config->custom->confirm['create'] = true;
|
||||
@@ -235,7 +239,7 @@ $config->custom->appearance['friendly_attrs'] = array(
|
||||
*********************************************/
|
||||
|
||||
/* Add "modify group members" link to the attribute. */
|
||||
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
|
||||
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid','sudoUser');
|
||||
|
||||
/* Configure filter for member search. This only applies to "modify group members" feature */
|
||||
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
|
||||
@@ -243,6 +247,7 @@ $config->custom->appearance['friendly_attrs'] = array(
|
||||
/* Attribute that is added to the group member attribute. */
|
||||
// $config->custom->modify_member['attr'] = 'dn';
|
||||
|
||||
|
||||
/* For Posix attributes */
|
||||
// $config->custom->modify_member['posixattr'] = 'uid';
|
||||
// $config->custom->modify_member['posixfilter'] = '(uid=*)';
|
||||
@@ -341,11 +346,16 @@ $servers->setValue('server','name','My LDAP Server');
|
||||
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
|
||||
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
|
||||
false), then all other sasl options are ignored. */
|
||||
// $servers->setValue('login','auth_type','sasl');
|
||||
# $servers->setValue('login','auth_type','sasl');
|
||||
|
||||
/* SASL auth mechanism */
|
||||
/* SASL GSSAPI auth mechanism (requires auth_type of sasl) */
|
||||
// $servers->setValue('sasl','mech','GSSAPI');
|
||||
|
||||
/* SASL PLAIN support... this mech converts simple binds to SASL
|
||||
PLAIN binds using any auth_type (or other bind_id/pass) as credentials.
|
||||
NOTE: auth_type must be simple auth compatible (ie not sasl) */
|
||||
# $servers->setValue('sasl','mech','PLAIN');
|
||||
|
||||
/* SASL authentication realm name */
|
||||
// $servers->setValue('sasl','realm','');
|
||||
# $servers->setValue('sasl','realm','EXAMPLE.COM');
|
||||
@@ -400,6 +410,12 @@ $servers->setValue('server','name','My LDAP Server');
|
||||
setup. */
|
||||
// $servers->setValue('login','class',array());
|
||||
|
||||
/* If login_attr was set to 'dn', it is possible to specify a template string to
|
||||
build the DN from. Use '%s' where user input should be inserted. A user may
|
||||
still enter the complete DN. In this case the template will not be used. */
|
||||
// $servers->setValue('login','bind_dn_template',null);
|
||||
# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
|
||||
|
||||
/* If you specified something different from 'dn', for example 'uid', as the
|
||||
login_attr above, you can optionally specify here to fall back to
|
||||
authentication with dn.
|
||||
@@ -420,6 +436,9 @@ $servers->setValue('server','name','My LDAP Server');
|
||||
/* Set to true if you would like to initially open the first level of each tree. */
|
||||
// $servers->setValue('appearance','open_tree',false);
|
||||
|
||||
/* Set to true to display authorization ID in place of login dn (PHP 7.2+) */
|
||||
// $servers->setValue('appearance','show_authz',false);
|
||||
|
||||
/* This feature allows phpLDAPadmin to automatically determine the next
|
||||
available uidNumber for a new entry. */
|
||||
// $servers->setValue('auto_number','enable',true);
|
||||
@@ -573,4 +592,19 @@ $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','p
|
||||
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
|
||||
$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
|
||||
*/
|
||||
|
||||
|
||||
/***********************************************************************************
|
||||
* If you want to configure Google reCAPTCHA on autentication form, do so below. *
|
||||
* Remove the commented lines and use this section as a template for all *
|
||||
* reCAPTCHA v2 Generate on https://www.google.com/recaptcha/ *
|
||||
* *
|
||||
* IMPORTANT: Select reCAPTCHA v2 on Type of reCAPTCHA *
|
||||
***********************************************************************************/
|
||||
|
||||
|
||||
$config->custom->session['reCAPTCHA-enable'] = false;
|
||||
$config->custom->session['reCAPTCHA-key-site'] = '<put-here-key-site>';
|
||||
$config->custom->session['reCAPTCHA-key-server'] = '<put-here-key-server>';
|
||||
|
||||
?>
|
||||
|
||||
@@ -11,27 +11,44 @@
|
||||
|
||||
require './common.php';
|
||||
|
||||
$user = array();
|
||||
$user['login'] = get_request('login');
|
||||
$user['password'] = get_request('login_pass');
|
||||
$pass = true;
|
||||
if ($_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-enable')) {
|
||||
$pass = !IsRobot(get_request('g-recaptcha-response'));
|
||||
}
|
||||
|
||||
if ($user['login'] && ! strlen($user['password']))
|
||||
system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('You left the password blank.'),
|
||||
'type'=>'warn'),
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',get_request('server_id','REQUEST')));
|
||||
if ($pass) {
|
||||
$user = array();
|
||||
$user['login'] = get_request('login');
|
||||
$user['password'] = get_request('login_pass');
|
||||
|
||||
if ($user['login'] && !strlen($user['password'])) {
|
||||
system_message(array(
|
||||
'title' => _('Authenticate to server'),
|
||||
'body' => _('You left the password blank.'),
|
||||
'type' => 'warn'),
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s', get_request('server_id', 'REQUEST')));
|
||||
}
|
||||
|
||||
if ($app['server']->login($user['login'], $user['password'], 'user')) {
|
||||
system_message(array(
|
||||
'title' => _('Authenticate to server'),
|
||||
'body' => _('Successfully logged into server.'),
|
||||
'type' => 'info'),
|
||||
sprintf('cmd.php?server_id=%s', get_request('server_id', 'REQUEST')));
|
||||
} else {
|
||||
system_message(array(
|
||||
'title' => _('Failed to Authenticate to server'),
|
||||
'body' => _('Invalid Username or Password.'),
|
||||
'type' => 'error'),
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s', get_request('server_id', 'REQUEST')));
|
||||
}
|
||||
|
||||
} else {
|
||||
system_message(array(
|
||||
'title' => _('Authenticate to server'),
|
||||
'body' => _('Incorrect captcha.'),
|
||||
'type' => 'warn'),
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s', get_request('server_id', 'REQUEST')));
|
||||
}
|
||||
|
||||
if ($app['server']->login($user['login'],$user['password'],'user'))
|
||||
system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('Successfully logged into server.'),
|
||||
'type'=>'info'),
|
||||
sprintf('cmd.php?server_id=%s',get_request('server_id','REQUEST')));
|
||||
else
|
||||
system_message(array(
|
||||
'title'=>_('Failed to Authenticate to server'),
|
||||
'body'=>_('Invalid Username or Password.'),
|
||||
'type'=>'error'),
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',get_request('server_id','REQUEST')));
|
||||
?>
|
||||
|
||||
@@ -65,7 +65,7 @@ if ($app['server']->getAuthType() == 'http') {
|
||||
|
||||
# HTML Login Form
|
||||
} else {
|
||||
echo '<form action="cmd.php" method="post">';
|
||||
echo '<form action="cmd.php" method="post" autocomplete="off">';
|
||||
echo '<div>';
|
||||
echo '<input type="hidden" name="cmd" value="login" />';
|
||||
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
||||
@@ -80,7 +80,7 @@ if ($app['server']->getAuthType() == 'http') {
|
||||
|
||||
printf('<tr><td><b>%s:</b></td></tr>',
|
||||
$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
|
||||
($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
|
||||
($app['server']->getValue('login','attr') == 'dn' ? ($app['server']->getValue('login', 'bind_dn_template') ? _('User Name') . ' / ' . _('Login DN') : _('Login DN')) : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
|
||||
|
||||
printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
|
||||
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
|
||||
@@ -90,6 +90,13 @@ if ($app['server']->getAuthType() == 'http') {
|
||||
echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';
|
||||
echo '<tr><td colspan="2"> </td></tr>';
|
||||
|
||||
#reCAPTCHA
|
||||
if ($_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-enable')) {
|
||||
echo '<script src="https://www.google.com/recaptcha/api.js"></script>';
|
||||
echo '<tr><td><div class="g-recaptcha" data-sitekey="'.$_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-key-site').'"></div></td></tr>';
|
||||
echo '<tr><td colspan="2"> </td></tr>';
|
||||
}
|
||||
|
||||
# If Anon bind allowed, then disable the form if the user choose to bind anonymously.
|
||||
if ($app['server']->isAnonBindAllowed())
|
||||
printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="form_field_toggle_enable(this,[\'login\',\'password\'],\'login\')" id="anonymous_bind_checkbox" /></td></tr>',
|
||||
|
||||
@@ -65,7 +65,7 @@ for ($i=0;$i<count($possible_values);$i++) {
|
||||
if (preg_match("/^".$request['attr']."$/i",$_SESSION[APPCONFIG]->getValue('modify_member','posixgroupattr')))
|
||||
$possible_members[$i] = $possible_values[$i][$_SESSION[APPCONFIG]->getValue('modify_member','posixattr')][0];
|
||||
else
|
||||
$possible_members[$i] = $possible_values[$i][$_SESSION[APPCONFIG]->getValue('modify_member','attr')];
|
||||
$possible_members[$i] = $possible_values[$i][$_SESSION[APPCONFIG]->getValue('modify_member','attr')][0];
|
||||
}
|
||||
|
||||
# Show only user that are not already in group.
|
||||
|
||||
@@ -45,7 +45,8 @@ class HTMLTree extends Tree {
|
||||
if (! $onlytree) {
|
||||
$this->draw_menu();
|
||||
|
||||
if ($server->getAuthType() != 'config')
|
||||
if (($server->getAuthType() != 'config') ||
|
||||
$server->getValue('appearance', 'show_authz'))
|
||||
$this->draw_logged_in_user();
|
||||
else
|
||||
printf('<tr><td class="blank" colspan="%s"> </td></tr>',$this->getDepth()+3);
|
||||
@@ -183,10 +184,15 @@ class HTMLTree extends Tree {
|
||||
|
||||
$links = '';
|
||||
|
||||
$i = 0;
|
||||
$icons = $_SESSION[APPCONFIG]->getValue('appearance','tree_icons');
|
||||
if (is_array($_SESSION[APPCONFIG]->getValue('menu','session')))
|
||||
foreach ($_SESSION[APPCONFIG]->getValue('menu','session') as $link => $title) {
|
||||
if ($this->get_menu_item($link))
|
||||
$links .= sprintf('<td class="server_links">%s</td>',$this->get_menu_item($link));
|
||||
|
||||
if ($icons && ++$i%$icons == 0)
|
||||
$links .= '</tr><tr>';
|
||||
}
|
||||
|
||||
# Finally add our logout link.
|
||||
@@ -344,7 +350,7 @@ class HTMLTree extends Tree {
|
||||
|
||||
$server = $this->getServer();
|
||||
|
||||
$logged_in_dn = $server->getLogin(null);
|
||||
$logged_in_dn = $server->displayLogin(null);
|
||||
echo '<tr>';
|
||||
echo '<td class="spacer"></td>';
|
||||
printf('<td class="logged_in" colspan="%s">%s: ',$this->getDepth()+3-1,_('Logged in as'));
|
||||
|
||||
@@ -200,7 +200,7 @@ class TemplateRender extends PageRender {
|
||||
$next_number = $vals;
|
||||
|
||||
foreach ($mod as $calc) {
|
||||
$operand = $calc{0};
|
||||
$operand = $calc[0];
|
||||
$operator = substr ($calc,1);
|
||||
|
||||
switch ($operand) {
|
||||
@@ -264,6 +264,9 @@ class TemplateRender extends PageRender {
|
||||
*
|
||||
* * arg 8 (for MultiList)
|
||||
* - size of displayed list (default: 10 lines)
|
||||
*
|
||||
* * arg 9
|
||||
* - if whether to include parent in sub query TRUE|FALSE
|
||||
*/
|
||||
case 'MultiList':
|
||||
case 'PickList':
|
||||
@@ -322,6 +325,9 @@ class TemplateRender extends PageRender {
|
||||
$vals = array();
|
||||
|
||||
foreach ($picklistvalues as $key => $values) {
|
||||
if (! empty($args[9]) && $container == $key)
|
||||
continue;
|
||||
|
||||
$display = $args[3];
|
||||
|
||||
foreach ($matchall[1] as $key => $arg) {
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*/
|
||||
|
||||
/** The minimum version of PHP required to run phpLDAPadmin. */
|
||||
define('REQUIRED_PHP_VERSION','5.0.0');
|
||||
define('REQUIRED_PHP_VERSION','5.5.0');
|
||||
|
||||
/**
|
||||
* The config class contains all our configuration settings for a session.
|
||||
@@ -261,6 +261,10 @@ class Config {
|
||||
'desc'=>'LDAP search filter for the tree entries',
|
||||
'default'=>'(objectClass=*)');
|
||||
|
||||
$this->default->appearance['tree_icons'] = array(
|
||||
'desc'=>'Number of Tree Icons to display on a row',
|
||||
'default'=>0);
|
||||
|
||||
# PLA will not display the header and footer parts in minimal mode.
|
||||
$this->default->appearance['minimalMode'] = array(
|
||||
'desc'=>'Minimal mode hides header and footer parts',
|
||||
@@ -444,7 +448,7 @@ class Config {
|
||||
*/
|
||||
$this->default->modify_member['groupattr'] = array(
|
||||
'desc'=>'Group member attributes',
|
||||
'default'=>array('member','uniqueMember','memberUid'));
|
||||
'default'=>array('member','uniqueMember','memberUid','uid'));
|
||||
|
||||
/**
|
||||
* Attribute that is added to the group member attribute. For groupOfNames or groupOfUniqueNames this is dn,
|
||||
@@ -574,6 +578,20 @@ class Config {
|
||||
$this->default->search['time_limit'] = array(
|
||||
'desc'=>'Maximum time to allow unlimited size_limit searches to the ldap server',
|
||||
'default'=>120);
|
||||
|
||||
/* reCAPTCHA Login */
|
||||
|
||||
$this->default->session['reCAPTCHA-enable'] = array(
|
||||
'desc'=>'Status reCAPTCHA (true | false)',
|
||||
'default'=>false);
|
||||
|
||||
$this->default->session['reCAPTCHA-key-site'] = array(
|
||||
'desc'=>'Site Key',
|
||||
'default'=>"<put-here-key-site>");
|
||||
|
||||
$this->default->session['reCAPTCHA-key-server'] = array(
|
||||
'desc'=>'Server key',
|
||||
'default'=>"<put-here-key-server>");
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -574,6 +574,10 @@ class Datastore {
|
||||
'desc'=>'User Login ID to bind to this DS',
|
||||
'default'=>null);
|
||||
|
||||
$this->default->login['bind_dn_template'] = array(
|
||||
'desc'=>'Template string for user login DN to bind to this DS. Use \'%s\' where user input should be inserted.',
|
||||
'default'=>null);
|
||||
|
||||
$this->default->login['bind_pass'] = array(
|
||||
'desc'=>'User Login Password to bind to this DS',
|
||||
'default'=>null);
|
||||
|
||||
@@ -195,7 +195,7 @@ class ldap extends DS {
|
||||
|
||||
# If SASL has been configured for binding, then start it now.
|
||||
if ($this->isSASLEnabled())
|
||||
$bind['result'] = $this->startSASL($resource,$method);
|
||||
$bind['result'] = $this->startSASL($resource,$method,$bind['id'],$bind['pass']);
|
||||
|
||||
# Normal bind...
|
||||
else
|
||||
@@ -255,7 +255,7 @@ class ldap extends DS {
|
||||
if (! is_null($user)) {
|
||||
# If login,attr is set to DN, then user should be a DN
|
||||
if (($this->getValue('login','attr') == 'dn') || $method != 'user')
|
||||
$userDN = $user;
|
||||
$userDN = $this->getValue('login', 'bind_dn_template') ? $this->fillDNTemplate($user) : $user;
|
||||
else
|
||||
$userDN = $this->getLoginID($user,'login');
|
||||
|
||||
@@ -512,6 +512,15 @@ class ldap extends DS {
|
||||
return $this->getBaseDN();
|
||||
}
|
||||
|
||||
private function fillDNTemplate($user) {
|
||||
foreach($this->getLoginBaseDN() as $base)
|
||||
if(substr_compare($user, $base, -strlen($base)) === 0)
|
||||
return $user; // $user already passed as DN
|
||||
|
||||
// fill template
|
||||
return sprintf($this->getValue('login', 'bind_dn_template'), preg_replace('/([,\\\\#+<>;"=])/', '\\\\$1', $user));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the login classes that a user must have to login
|
||||
*/
|
||||
@@ -579,6 +588,8 @@ class ldap extends DS {
|
||||
* Users may configure phpLDAPadmin to use SASL in config,php thus:
|
||||
* <code>
|
||||
* $servers->setValue('login','auth_type','sasl');
|
||||
* OR
|
||||
* $servers->setValue('sasl','mech','PLAIN');
|
||||
* </code>
|
||||
*
|
||||
* @return boolean
|
||||
@@ -587,8 +598,11 @@ class ldap extends DS {
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
if ($this->getValue('login','auth_type') != 'sasl')
|
||||
return false;
|
||||
if (! in_array($this->getValue('login','auth_type'), array('sasl'))) {
|
||||
// check if SASL mech uses login from other auth_types
|
||||
if (! in_array(strtolower($this->getValue('sasl', 'mech')), array('plain')))
|
||||
return false;
|
||||
}
|
||||
|
||||
if (! function_exists('ldap_sasl_bind')) {
|
||||
error(_('SASL has been enabled in your config, but your PHP install does not support SASL. SASL will be disabled.'),'warn');
|
||||
@@ -606,7 +620,7 @@ class ldap extends DS {
|
||||
*
|
||||
* @todo This has not been tested, please let the developers know if this function works as expected.
|
||||
*/
|
||||
private function startSASL($resource,$method) {
|
||||
private function startSASL($resource,$method,$login,$pass) {
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
@@ -616,8 +630,8 @@ class ldap extends DS {
|
||||
if ($method == 'anon')
|
||||
return false;
|
||||
|
||||
# At the moment, we have only implemented GSSAPI
|
||||
if (! in_array(strtolower($this->getValue('sasl','mech')),array('gssapi'))) {
|
||||
# At the moment, we have only implemented GSSAPI and PLAIN
|
||||
if (! in_array(strtolower($this->getValue('sasl','mech')),array('gssapi','plain'))) {
|
||||
system_message(array(
|
||||
'title'=>_('SASL Method not implemented'),
|
||||
'body'=>sprintf('<b>%s</b>: %s %s',_('Error'),$this->getValue('sasl','mech'),_('has not been implemented yet')),
|
||||
@@ -626,8 +640,15 @@ class ldap extends DS {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (strtolower($this->getValue('sasl','mech')) == 'plain') {
|
||||
return @ldap_sasl_bind($resource,NULL,$pass,'PLAIN',
|
||||
$this->getValue('sasl','realm'),
|
||||
$login,
|
||||
$this->getValue('sasl','props'));
|
||||
}
|
||||
|
||||
if (! isset($CACHE['login_dn']))
|
||||
$CACHE['login_dn'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method);
|
||||
$CACHE['login_dn'] = $login;
|
||||
|
||||
$CACHE['authz_id'] = '';
|
||||
|
||||
@@ -918,7 +939,7 @@ class ldap extends DS {
|
||||
$dn = $this->getContainer($dn);
|
||||
|
||||
if ($dn == $top)
|
||||
break;
|
||||
continue;
|
||||
|
||||
} elseif($value)
|
||||
$dn = sprintf('%s,%s',$value,$dn);
|
||||
|
||||
@@ -28,6 +28,10 @@ class ldap_pla extends ldap {
|
||||
'desc'=>'Whether to initially open each tree',
|
||||
'default'=>false);
|
||||
|
||||
$this->default->appearance['show_authz'] = array(
|
||||
'desc'=>'Enable display of authorization ID as login',
|
||||
'default'=>false);
|
||||
|
||||
$this->default->login['fallback_dn'] = array(
|
||||
'desc'=>'If the attribute base login fails, see if a DN was entered',
|
||||
'default'=>false);
|
||||
@@ -655,5 +659,23 @@ class ldap_pla extends ldap {
|
||||
$_SESSION['ACTIVITY'][$this->getIndex()] = $this->inactivityTime();
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return login, or authorization ID if show_authz enabled
|
||||
*/
|
||||
public function displayLogin($method=null) {
|
||||
// check for whoami function, added in 7.2
|
||||
if ($this->getValue('appearance', 'show_authz') && function_exists('ldap_exop_whoami')) {
|
||||
$result = @ldap_exop_whoami($this->connect($method));
|
||||
if ($result) // strip any dn: or u: prefix
|
||||
$result = preg_replace('/^(u|dn):/i', '', $result);
|
||||
else // fall back to login on error
|
||||
$result = $this->getLogin($method);
|
||||
return $result;
|
||||
}
|
||||
else {
|
||||
return $this->getLogin($method);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -223,7 +223,7 @@ abstract class Export {
|
||||
*/
|
||||
protected function isSafeAscii($str) {
|
||||
for ($i=0;$i<strlen($str);$i++)
|
||||
if (ord($str{$i}) < 32 || ord($str{$i}) > 127)
|
||||
if (ord($str[$i]) < 32 || ord($str[$i]) > 127)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
||||
@@ -1638,7 +1638,7 @@ function get_icon($server_id,$dn,$object_classes=array()) {
|
||||
|
||||
# Return icon filename based upon objectClass value
|
||||
if (in_array('sambaaccount',$object_classes) &&
|
||||
'$' == $rdn{ strlen($rdn) - 1 })
|
||||
'$' == $rdn[ strlen($rdn) - 1 ])
|
||||
return 'nt_machine.png';
|
||||
|
||||
if (in_array('sambaaccount',$object_classes))
|
||||
@@ -2156,7 +2156,8 @@ function password_types() {
|
||||
|
||||
return array(
|
||||
''=>'clear',
|
||||
'blowfish'=>'blowfish',
|
||||
'bcrypt'=>'bcrypt',
|
||||
'blowfish'=>'blowfish',
|
||||
'crypt'=>'crypt',
|
||||
'ext_des'=>'ext_des',
|
||||
'md5'=>'md5',
|
||||
@@ -2258,6 +2259,19 @@ function pla_password_hash($password_clear,$enc_type) {
|
||||
|
||||
break;
|
||||
|
||||
case 'bcrypt':
|
||||
$options = [
|
||||
'cost' => 8,
|
||||
];
|
||||
#Checking if password_hash() function is available.
|
||||
if (function_exists('password_hash'))
|
||||
$new_value = sprintf('{BCRYPT}%s',base64_encode(password_hash($password_clear, PASSWORD_BCRYPT, $options)));
|
||||
else
|
||||
error(_('Your PHP install does not have the password_hash() function. Cannot do BCRYPT hashes.'),'error','index.php');
|
||||
|
||||
break;
|
||||
|
||||
|
||||
case 'smd5':
|
||||
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
|
||||
mt_srand((double)microtime()*1000000);
|
||||
@@ -2311,6 +2325,7 @@ function pla_password_hash($password_clear,$enc_type) {
|
||||
* @return Boolean True if the clear password matches the hash, and false otherwise.
|
||||
*/
|
||||
function password_check($cryptedpassword,$plainpassword,$attribute='userpassword') {
|
||||
$plainpassword = htmlspecialchars_decode($plainpassword);
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
@@ -2363,6 +2378,23 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
#BCRYPT hashed passwords
|
||||
case 'bcrypt':
|
||||
# Check php password_verify support before using it
|
||||
if (function_exists('password_verify')) {
|
||||
$hash = base64_decode($cryptedpassword);
|
||||
if (password_verify($plainpassword, $hash)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
} else {
|
||||
error(_('Your PHP install does not have the password_verify() function. Cannot do Bcrypt hashes.'),'error','index.php');
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
# Salted MD5
|
||||
case 'smd5':
|
||||
@@ -3217,4 +3249,30 @@ function isAjaxEnabled() {
|
||||
else
|
||||
return false;
|
||||
}
|
||||
/**
|
||||
* Check if user is a robot with reCAPTCHA
|
||||
**/
|
||||
function IsRobot($gResponse){
|
||||
$isRobot = true;
|
||||
$url = 'https://www.google.com/recaptcha/api/siteverify';
|
||||
$data = array(
|
||||
'secret' => $_SESSION[APPCONFIG]->getValue('session','reCAPTCHA-key-server'),
|
||||
'response' => $gResponse
|
||||
);
|
||||
$options = array(
|
||||
'http' => array (
|
||||
'method' => 'POST','header' =>
|
||||
'Content-Type: application/x-www-form-urlencoded',
|
||||
'content' => http_build_query($data)
|
||||
)
|
||||
);
|
||||
$context = stream_context_create($options);
|
||||
$verify = file_get_contents($url, false, $context);
|
||||
$captcha_success = json_decode($verify);
|
||||
if ($captcha_success->success) {
|
||||
$isRobot = false;
|
||||
}
|
||||
return $isRobot;
|
||||
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
* element priority. 1 otherwise.
|
||||
*/
|
||||
function sort_array_by_priority($a,$b) {
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',257,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
return (($a['priority'] < $b['priority']) ? -1 : 1 );
|
||||
@@ -68,7 +68,7 @@ function run_hook($hook_name,$args) {
|
||||
/* Execution of procedures attached is done using a numeric order
|
||||
* since all procedures have been attached to the hook with a
|
||||
* numerical weight. */
|
||||
while (list($key,$hook) = each($hooks[$hook_name])) {
|
||||
foreach ($hooks[$hook_name] as $key=>$hook) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Calling HOOK Function (%s)(%s)',257,0,__FILE__,__LINE__,__METHOD__,
|
||||
$hook['hook_function'],$args);
|
||||
@@ -159,7 +159,7 @@ function remove_hook($hook_name,$hook_function,$priority,$rollback_function) {
|
||||
if (array_key_exists($hook_name,$_SESSION[APPCONFIG]->hooks)) {
|
||||
reset($_SESSION[APPCONFIG]->hooks[$hook_name]);
|
||||
|
||||
while (list($key,$hook) = each($_SESSION[APPCONFIG]->hooks[$hook_name])) {
|
||||
foreach ($_SESSION[APPCONFIG]->hooks[$hook_name] as $key=>$hook) {
|
||||
if (($priority >= 0 && $priority == $hook['priority']) ||
|
||||
($hook_function && $hook_function == $hook['hook_function']) ||
|
||||
($rollback_function && $rollback_function == $hook['rollback_function'])) {
|
||||
|
||||
@@ -48,6 +48,7 @@
|
||||
1.3.6.1.1.13.1 "Pre-Read Controls" "" "The Pre-Read request control, indicates that a copy of the entry before application of update is to be returned."
|
||||
1.3.6.1.1.13.2 "Post-Read Controls" "" "The Pre-Read request control, indicates that a copy of the entry before application of update is to be returned."
|
||||
1.3.6.1.1.14 "Modify-Increment Extension" "RFC 4525" "An extension to the Lightweight Directory Access Protocol (LDAP) Modify operation to support an increment capability."
|
||||
1.3.6.1.1.22 "Don't Use Copy Control" "RFC 9171" "When the control is attached to an LDAP request, the requested operation MUST NOT be performed on copied information. That is, the requested operation MUST be performed on original information."
|
||||
1.3.6.1.4.1.42.2.27.8.5.1 "passwordPolicyRequest"
|
||||
1.3.6.1.4.1.42.2.27.9.5.2 "GetEffectiveRights control" "" "May be used to determine what operations a given user may perform on a specified entry."
|
||||
1.3.6.1.4.1.1466.101.119.1 "Dynamic Directory Services Refresh Request" "RFC 2589"
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user