Merge pull request #24 from LDAPAccountManager/2factor_auth

2factor auth
This commit is contained in:
gruberroland 2017-02-11 22:37:24 +01:00 committed by GitHub
commit 968b6ebd22
41 changed files with 2010 additions and 13580 deletions

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 17 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.4 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 24 KiB

View File

@ -1,6 +1,7 @@
<?php
namespace LAM\LIB\TWO_FACTOR;
use \selfServiceProfile;
use \LAMConfig;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@ -58,15 +59,15 @@ interface TwoFactorProvider {
*/
class PrivacyIDEAProvider implements TwoFactorProvider {
private $profile;
private $config;
/**
* Constructor.
*
* @param selfServiceProfile $profile profile
* @param TwoFactorConfiguration $config configuration
*/
public function __construct(&$profile) {
$this->profile = $profile;
public function __construct(&$config) {
$this->config = $config;
}
/**
@ -99,7 +100,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function authenticate($user, $password) {
$curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/auth";
$url = $this->config->twoFactorAuthenticationURL . "/auth";
curl_setopt($curl, CURLOPT_URL, $url);
$header = array('Accept: application/json');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
@ -137,7 +138,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function getCurl() {
$curl = curl_init();
if ($this->profile->twoFactorAuthenticationInsecure) {
if ($this->config->twoFactorAuthenticationInsecure) {
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
}
@ -154,7 +155,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function getSerialsForUser($user, $token) {
$curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/token/?user=" . $user;
$url = $this->config->twoFactorAuthenticationURL . "/token/?user=" . $user;
curl_setopt($curl, CURLOPT_URL, $url);
$header = array('Authorization: ' . $token, 'Accept: application/json');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
@ -192,7 +193,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function verify($token, $serial, $twoFactorInput) {
$curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/validate/check";
$url = $this->config->twoFactorAuthenticationURL . "/validate/check";
curl_setopt($curl, CURLOPT_URL, $url);
$options = array(
'pass' => $twoFactorInput,
@ -225,15 +226,25 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
class TwoFactorProviderService {
private $profile;
/** 2factor authentication disabled */
const TWO_FACTOR_NONE = 'none';
/** 2factor authentication via privacyIDEA */
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
private $config;
/**
* Constructor.
*
* @param selfServiceProfile $profile profile
* @param selfServiceProfile|LAMConfig $configObj profile
*/
public function __construct(&$profile) {
$this->profile = $profile;
public function __construct(&$configObj) {
if ($configObj instanceof selfServiceProfile) {
$this->config = $this->getConfigSelfService($configObj);
}
else {
$this->config = $this->getConfigAdmin($configObj);
}
}
/**
@ -244,10 +255,49 @@ class TwoFactorProviderService {
* @throws \Exception unable to get provider
*/
public function getProvider() {
if ($this->profile->twoFactorAuthentication == selfServiceProfile::TWO_FACTOR_PRIVACYIDEA) {
return new PrivacyIDEAProvider($this->profile);
if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
return new PrivacyIDEAProvider($this->config);
}
throw new \Exception('Invalid provider: ' . $this->profile->twoFactorAuthentication);
throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
}
/**
* Returns the configuration from self service.
*
* @param selfServiceProfile $profile profile
* @return TwoFactorConfiguration configuration
*/
private function getConfigSelfService(&$profile) {
$config = new TwoFactorConfiguration();
$config->twoFactorAuthentication = $profile->twoFactorAuthentication;
$config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
$config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
return $config;
}
/**
* Returns the configuration for admin interface.
*
* @param LAMConfig $conf configuration
* @return TwoFactorConfiguration configuration
*/
private function getConfigAdmin($conf) {
$config = new TwoFactorConfiguration();
$config->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
$config->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
$config->twoFactorAuthenticationURL = $conf->getTwoFactorAuthenticationURL();
return $config;
}
}
/**
* Configuration settings for 2-factor authentication.
*
* @author Roland Gruber
*/
class TwoFactorConfiguration {
public $twoFactorAuthentication = null;
public $twoFactorAuthenticationURL = null;
public $twoFactorAuthenticationInsecure = false;
}

View File

@ -1467,6 +1467,22 @@ function validateReCAPTCHA($secretKey) {
return $responseJSON->{'success'} === true;
}
/**
* Checks if the user is logged in. Stops script execution if not.
*
* @param boolean $check2ndFactor check if the 2nd factor was provided if required
*/
function enforceUserIsLoggedIn($check2ndFactor = true) {
if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login: ' . $_SERVER["SCRIPT_FILENAME"]);
die();
}
if ($check2ndFactor && isset($_SESSION['2factorRequired'])) {
die();
logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login (2nd factor not provided): ' . $_SERVER["SCRIPT_FILENAME"]);
}
}
class LAMException extends Exception {
private $title;

View File

@ -1,9 +1,10 @@
<?php
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -31,11 +32,13 @@ $Id$
*/
/** Used to print messages. */
include_once("status.inc");
include_once "status.inc";
/** Used to get module information. */
include_once("modules.inc");
include_once "modules.inc";
/** Used to get type information. */
include_once("types.inc");
include_once "types.inc";
/** 2-factor */
include_once '2factor.inc';
/**
* Sets the environment variables for custom SSL CA certificates.
@ -567,6 +570,13 @@ class LAMConfig {
/** job configuration */
private $jobSettings = array();
private $twoFactorAuthentication = TwoFactorProviderService::TWO_FACTOR_NONE;
private $twoFactorAuthenticationURL = 'https://localhost';
private $twoFactorAuthenticationInsecure = false;
private $twoFactorAuthenticationLabel = null;
private $twoFactorAuthenticationOptional = false;
private $twoFactorAuthenticationCaption = '';
/** List of all settings in config file */
private $settings = array("ServerURL", "useTLS", "followReferrals", 'pagedResults', "Passwd", "Admins", "treesuffix",
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", 'serverDisplayName',
@ -576,7 +586,9 @@ class LAMConfig {
'loginSearchPassword', 'timeZone', 'jobsBindUser', 'jobsBindPassword', 'jobsDatabase', 'jobToken', 'jobs',
'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName', 'pwdResetAllowSpecificPassword',
'pwdResetAllowScreenPassword', 'pwdResetForcePasswordChange', 'pwdResetDefaultPasswordOutput',
'scriptUserName', 'scriptSSHKey', 'scriptSSHKeyPassword'
'scriptUserName', 'scriptSSHKey', 'scriptSSHKeyPassword', 'twoFactorAuthentication', 'twoFactorAuthenticationURL',
'twoFactorAuthenticationInsecure', 'twoFactorAuthenticationLabel', 'twoFactorAuthenticationOptional',
'twoFactorAuthenticationCaption'
);
@ -816,6 +828,12 @@ class LAMConfig {
if (!in_array("pwdResetAllowScreenPassword", $saved)) array_push($file_array, "\n" . "pwdResetAllowScreenPassword: " . $this->pwdResetAllowScreenPassword . "\n");
if (!in_array("pwdResetForcePasswordChange", $saved)) array_push($file_array, "\n" . "pwdResetForcePasswordChange: " . $this->pwdResetForcePasswordChange . "\n");
if (!in_array("pwdResetDefaultPasswordOutput", $saved)) array_push($file_array, "\n" . "pwdResetDefaultPasswordOutput: " . $this->pwdResetDefaultPasswordOutput . "\n");
if (!in_array("twoFactorAuthentication", $saved)) array_push($file_array, "\n" . "twoFactorAuthentication: " . $this->twoFactorAuthentication . "\n");
if (!in_array("twoFactorAuthenticationURL", $saved)) array_push($file_array, "\n" . "twoFactorAuthenticationURL: " . $this->twoFactorAuthenticationURL . "\n");
if (!in_array("twoFactorAuthenticationInsecure", $saved)) array_push($file_array, "\n" . "twoFactorAuthenticationInsecure: " . $this->twoFactorAuthenticationInsecure . "\n");
if (!in_array("twoFactorAuthenticationLabel", $saved)) array_push($file_array, "\n" . "twoFactorAuthenticationLabel: " . $this->twoFactorAuthenticationLabel . "\n");
if (!in_array("twoFactorAuthenticationOptional", $saved)) array_push($file_array, "\n" . "twoFactorAuthenticationOptional: " . $this->twoFactorAuthenticationOptional . "\n");
if (!in_array("twoFactorAuthenticationCaption", $saved)) array_push($file_array, "\n" . "twoFactorAuthenticationCaption: " . $this->twoFactorAuthenticationCaption . "\n");
// check if all module settings were added
$m_settings = array_keys($this->moduleSettings);
for ($i = 0; $i < sizeof($m_settings); $i++) {
@ -2044,6 +2062,116 @@ class LAMConfig {
public function setPwdResetDefaultPasswordOutput($pwdResetDefaultPasswordOutput) {
$this->pwdResetDefaultPasswordOutput = $pwdResetDefaultPasswordOutput;
}
/**
* Returns the authentication type.
*
* @return string $twoFactorAuthentication authentication type
*/
public function getTwoFactorAuthentication() {
if (empty($this->twoFactorAuthentication)) {
return TwoFactorProviderService::TWO_FACTOR_NONE;
}
return $this->twoFactorAuthentication;
}
/**
* Sets the authentication type.
*
* @param string $twoFactorAuthentication authentication type
*/
public function setTwoFactorAuthentication($twoFactorAuthentication) {
$this->twoFactorAuthentication = $twoFactorAuthentication;
}
/**
* Returns the authentication URL.
*
* @return string $twoFactorAuthenticationURL authentication URL
*/
public function getTwoFactorAuthenticationURL() {
return $this->twoFactorAuthenticationURL;
}
/**
* Sets the authentication URL.
*
* @param string $twoFactorAuthenticationURL authentication URL
*/
public function setTwoFactorAuthenticationURL($twoFactorAuthenticationURL) {
$this->twoFactorAuthenticationURL = $twoFactorAuthenticationURL;
}
/**
* Returns if SSL certificate verification is turned off.
*
* @return bool $twoFactorAuthenticationInsecure SSL certificate verification is turned off
*/
public function getTwoFactorAuthenticationInsecure() {
return $this->twoFactorAuthenticationInsecure;
}
/**
* Sets if SSL certificate verification is turned off.
*
* @param boolean $twoFactorAuthenticationInsecure SSL certificate verification is turned off
*/
public function setTwoFactorAuthenticationInsecure($twoFactorAuthenticationInsecure) {
$this->twoFactorAuthenticationInsecure = $twoFactorAuthenticationInsecure;
}
/**
* Returns the authentication label.
*
* @return string $twoFactorAuthenticationLabel authentication label
*/
public function getTwoFactorAuthenticationLabel() {
return $this->twoFactorAuthenticationLabel;
}
/**
* Sets the authentication label.
*
* @param string $twoFactorAuthenticationLabel authentication label
*/
public function setTwoFactorAuthenticationLabel($twoFactorAuthenticationLabel) {
$this->twoFactorAuthenticationLabel = $twoFactorAuthenticationLabel;
}
/**
* Returns if 2nd factor is optional.
*
* @return bool $twoFactorAuthenticationOptional 2nd factor is optional
*/
public function getTwoFactorAuthenticationOptional() {
return $this->twoFactorAuthenticationOptional;
}
/**
* Sets if 2nd factor is optional.
*
* @param boolean $twoFactorAuthenticationOptional 2nd factor is optional
*/
public function setTwoFactorAuthenticationOptional($twoFactorAuthenticationOptional) {
$this->twoFactorAuthenticationOptional = $twoFactorAuthenticationOptional;
}
/**
* Returns the caption HTML.
*
* @return string $twoFactorAuthenticationCaption caption HTML
*/
public function getTwoFactorAuthenticationCaption() {
return $this->twoFactorAuthenticationCaption;
}
/**
* Sets the caption HTML.
*
* @param string $twoFactorAuthenticationCaption caption HTML
*/
public function setTwoFactorAuthenticationCaption($twoFactorAuthenticationCaption) {
$this->twoFactorAuthenticationCaption = $twoFactorAuthenticationCaption;
}
}

View File

@ -1,4 +1,5 @@
<?PHP
<?php
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/*
$Id$
@ -31,9 +32,11 @@ $Id$
*/
/** modules */
include_once("modules.inc");
include_once "modules.inc";
/** account types */
include_once("types.inc");
include_once "types.inc";
/** 2-factor */
include_once '2factor.inc';
/**
* Returns if this is a LAM Pro installation.
@ -302,11 +305,6 @@ function isSelfService() {
*/
class selfServiceProfile {
/** 2factor authentication disabled */
const TWO_FACTOR_NONE = 'none';
/** 2factor authentication via privacyIDEA */
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
/** server address */
public $serverURL;
@ -381,7 +379,7 @@ class selfServiceProfile {
public $timeZone = 'Europe/London';
public $twoFactorAuthentication = selfServiceProfile::TWO_FACTOR_NONE;
public $twoFactorAuthentication = TwoFactorProviderService::TWO_FACTOR_NONE;
public $twoFactorAuthenticationURL = 'https://localhost';
public $twoFactorAuthenticationInsecure = false;
public $twoFactorAuthenticationLabel = null;
@ -425,7 +423,7 @@ class selfServiceProfile {
$this->enforceLanguage = true;
$this->followReferrals = 0;
$this->timeZone = 'Europe/London';
$this->twoFactorAuthentication = selfServiceProfile::TWO_FACTOR_NONE;
$this->twoFactorAuthentication = TwoFactorProviderService::TWO_FACTOR_NONE;
$this->twoFactorAuthenticationURL = 'https://localhost';
$this->twoFactorAuthenticationInsecure = false;
$this->twoFactorAuthenticationLabel = null;

View File

@ -21,6 +21,7 @@ function app_session_start() {
include_once '../../../../lib/config.inc';
include_once '../../../../lib/ldap.inc';
startSecureSession();
enforceUserIsLoggedIn();
$config_file = CONFDIR.'config.php';
$config = check_config($config_file);
# If we came via index.php, then set our $config.

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2016 Roland Gruber
2005 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -47,6 +47,7 @@ include_once('../../lib/modules.inc');
// Start session
startSecureSession();
enforceUserIsLoggedIn();
// Redirect to startpage if user is not loged in
if (!isLoggedIn()) {

View File

@ -1,9 +1,10 @@
<?php
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -37,6 +38,8 @@ include_once("../../lib/config.inc");
include_once("../../lib/modules.inc");
/** access to tools */
include_once("../../lib/tools.inc");
/** 2-factor */
include_once '../../lib/2facto.inc';
// start session
if (strtolower(session_module_name()) == 'files') {
@ -523,8 +526,40 @@ $searchPasswordInput->setIsPassword(true);
$securitySettingsContent->addElement($searchPasswordInput, true);
// HTTP authentication
$securitySettingsContent->addElement(new htmlTableExtendedInputCheckbox('httpAuthentication', ($conf->getHttpAuthentication() == 'true'), _('HTTP authentication'), '223', true), true);
$securitySettingsContent->addElement(new htmlSpacer(null, '10px'), true);
$securitySettingsContent->addElement(new htmlSpacer(null, '30px'), true);
// 2factor authentication
if (extension_loaded('curl')) {
$securitySettingsContent->addElement(new htmlSubTitle(_("2-factor authentication")), true);
$twoFactorOptions = array(
_('None') => TwoFactorProviderService::TWO_FACTOR_NONE,
_('privacyIDEA') => TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA,
);
$twoFactorSelect = new htmlTableExtendedSelect('twoFactor', $twoFactorOptions, array($conf->getTwoFactorAuthentication()), _('Provider'), '514');
$twoFactorSelect->setHasDescriptiveElements(true);
$twoFactorSelect->setTableRowsToHide(array(
TwoFactorProviderService::TWO_FACTOR_NONE => array('twoFactorURL', 'twoFactorInsecure', 'twoFactorLabel', 'twoFactorOptional', 'twoFactorCaption')
));
$twoFactorSelect->setTableRowsToShow(array(
TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA => array('twoFactorURL', 'twoFactorInsecure', 'twoFactorLabel', 'twoFactorOptional', 'twoFactorCaption')
));
$securitySettingsContent->addElement($twoFactorSelect, true);
$twoFactorUrl = new htmlTableExtendedInputField(_("Base URL"), 'twoFactorURL', $conf->getTwoFactorAuthenticationURL(), '515');
$twoFactorUrl->setRequired(true);
$securitySettingsContent->addElement($twoFactorUrl, true);
$twoFactorLabel = new htmlTableExtendedInputField(_("Label"), 'twoFactorLabel', $conf->getTwoFactorAuthenticationLabel(), '517');
$securitySettingsContent->addElement($twoFactorLabel, true);
$securitySettingsContent->addElement(new htmlTableExtendedInputCheckbox('twoFactorOptional', $conf->getTwoFactorAuthenticationOptional(), _('Optional'), '519'), true);
$securitySettingsContent->addElement(new htmlTableExtendedInputCheckbox('twoFactorInsecure', $conf->getTwoFactorAuthenticationInsecure(), _('Disable certificate check'), '516'), true);
$securitySettingsContent->addElement(new htmlSpacer(null, '5px'), true);
$twoFactorCaption = new htmlTableExtendedInputTextarea('twoFactorCaption', $conf->getTwoFactorAuthenticationCaption(), '80', '4', _("Caption"), '518');
$twoFactorCaption->setIsRichEdit(true);
$twoFactorCaption->alignment = htmlElement::ALIGN_TOP;
$securitySettingsContent->addElement($twoFactorCaption, true);
}
// new password
$securitySettingsContent->addElement(new htmlSubTitle(_("Profile password")), true);
$password1 = new htmlTableExtendedInputField(_("New password"), 'passwd1', null, '212');
$password1->setIsPassword(true);
$password2 = new htmlTableExtendedInputField(_("Reenter password"), 'passwd2');
@ -551,10 +586,12 @@ $buttonContainer->addElement($cancelButton, true);
$buttonContainer->addElement(new htmlSpacer(null, '10px'), true);
parseHtml(null, $buttonContainer, array(), false, $tabindex, 'user');
echo "</form>\n";
echo "</body>\n";
echo "</html>\n";
?>
</form>
<script type="text/javascript" src="../lib/extra/ckeditor/ckeditor.js"></script>
</body>
</html>
<?php
/**
* Checks user input and saves the entered settings.
@ -711,6 +748,15 @@ function checkInput() {
}
}
$conf->setToolSettings($toolSettings);
// 2-factor
if (extension_loaded('curl')) {
$conf->setTwoFactorAuthentication($_POST['twoFactor']);
$conf->setTwoFactorAuthenticationURL($_POST['twoFactorURL']);
$conf->setTwoFactorAuthenticationInsecure(isset($_POST['twoFactorInsecure']) && ($_POST['twoFactorInsecure'] == 'on'));
$conf->setTwoFactorAuthenticationLabel($_POST['twoFactorLabel']);
$conf->setTwoFactorAuthenticationOptional(isset($_POST['twoFactorOptional']) && ($_POST['twoFactorOptional'] == 'on'));
$conf->setTwoFactorAuthenticationCaption(str_replace(array("\r", "\n"), array('', ''), $_POST['twoFactorCaption']));
}
// check if password was changed
if (isset($_POST['passwd1']) && ($_POST['passwd1'] != '')) {
if ($_POST['passwd1'] != $_POST['passwd2']) {

View File

@ -49,6 +49,7 @@ include_once('../lib/modules.inc');
// Start session
startSecureSession();
enforceUserIsLoggedIn();
if (!checkIfWriteAccessIsAllowed()) {
die();

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2015 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
if (!checkIfWriteAccessIsAllowed()) {
die();
@ -196,10 +197,10 @@ include 'main_header.php';
$buttonContainer->addElement(new htmlHiddenInput('new_suff', implode(";", $new_suff)));
$container->addElement($buttonContainer);
addSecurityTokenToMetaHTML($container);
$tabindex = 1;
parseHtml(null, $container, array(), false, $tabindex, 'user');
echo "</form><br>\n";
echo "</div>\n";
include 'main_footer.php';

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2007 - 2013 Roland Gruber
Copyright (C) 2007 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
setlanguage();

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -38,6 +38,7 @@ include_once("../../lib/config.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
setlanguage();

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2010 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
setlanguage();

View File

@ -1,4 +1,6 @@
<?php
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/*
$Id$
@ -324,6 +326,14 @@ function display_LoginPage($config_object, $cfgMain) {
StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk']));
echo "<br>";
}
if (isset($_GET['2factor']) && ($_GET['2factor'] == 'error')) {
StatusMessage('ERROR', _("Unable to start 2-factor authentication."));
echo "<br>";
}
elseif (isset($_GET['2factor']) && ($_GET['2factor'] == 'noToken')) {
StatusMessage('ERROR', _("Unable to start 2-factor authentication because no tokens were found."));
echo "<br>";
}
if (!empty($config_object)) {
?>
<br><br>
@ -636,8 +646,20 @@ if(!empty($_POST['checklogin'])) {
addSecurityTokenToSession();
// logging
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
// Load main frame
metaRefresh("./main.php");
// Load main frame or 2 factor page
if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
metaRefresh("./main.php");
}
else {
$_SESSION['2factorRequired'] = true;
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER'];
}
else {
$_SESSION['user2factor'] = $_POST['username'];
}
metaRefresh("./login2Factor.php");
}
die();
}
else {

View File

@ -0,0 +1,241 @@
<?php
namespace LAM\LOGIN;
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
use \htmlResponsiveRow;
use \htmlGroup;
use \htmlOutputText;
use \htmlSpacer;
use \htmlSelect;
use \htmlInputField;
use \htmlButton;
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* This page redirects to the correct start page after checking 2nd factor.
*
* @package main
* @author Roland Gruber
*/
/** config object */
include_once '../lib/config.inc';
// start session
startSecureSession();
setlanguage();
$config = $_SESSION['config'];
$ldap = $_SESSION['ldap'];
$credentials = $ldap->decrypt_login();
$password = $credentials[1];
$user = $_SESSION['user2factor'];
if (get_preg($user, 'dn')) {
$user = extractRDNValue($user);
}
// get serials
try {
$service = new TwoFactorProviderService($config);
$provider = $service->getProvider();
$serials = $provider->getSerials($user, $password);
}
catch (\Exception $e) {
logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());
metaRefresh("login.php?2factor=error");
die();
}
$twoFactorLabel = empty($config->getTwoFactorAuthenticationLabel()) ? _('PIN+Token') : $config->getTwoFactorAuthenticationLabel();
if (sizeof($serials) == 0) {
if ($config->getTwoFactorAuthenticationOptional()) {
unset($_SESSION['2factorRequired']);
unset($_SESSION['user2factor']);
metaRefresh("main.php");
die();
}
else {
metaRefresh("login.php?2factor=noToken");
die();
}
}
if (isset($_POST['logout'])) {
// destroy session
session_destroy();
unset($_SESSION);
// redirect to login page
metaRefresh("login.php");
exit();
}
if (isset($_POST['submit'])) {
$twoFactorInput = $_POST['2factor'];
$serial = $_POST['serial'];
if (empty($twoFactorInput) || !in_array($serial, $serials)) {
$errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));
}
else {
$twoFactorValid = false;
try {
$twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);
}
catch (\Exception $e) {
logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());
}
if ($twoFactorValid) {
unset($_SESSION['2factorRequired']);
unset($_SESSION['user2factor']);
metaRefresh("main.php");
die();
}
else {
$errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));
}
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html class="no-js">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<title><?php echo _("Login"); ?></title>
<link rel="stylesheet" type="text/css" href="../style/responsive/105_normalize.css">
<link rel="stylesheet" type="text/css" href="../style/responsive/110_foundation.css">
<?php
// include all CSS files
$cssDirName = dirname(__FILE__) . '/../style';
$cssDir = dir($cssDirName);
$cssFiles = array();
$cssEntry = $cssDir->read();
while ($cssEntry !== false) {
if (substr($cssEntry, strlen($cssEntry) - 4, 4) == '.css') {
$cssFiles[] = $cssEntry;
}
$cssEntry = $cssDir->read();
}
sort($cssFiles);
foreach ($cssFiles as $cssEntry) {
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../style/" . $cssEntry . "\">\n";
}
if (isset($profile->additionalCSS) && ($profile->additionalCSS != '')) {
$CSSlinks = explode("\n", $profile->additionalCSS);
for ($i = 0; $i < sizeof($CSSlinks); $i++) {
$CSSlinks[$i] = trim($CSSlinks[$i]);
if ($CSSlinks[$i] == '') {
continue;
}
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"" . $CSSlinks[$i] . "\">\n";
}
}
?>
</head>
<body class="admin">
<?php
// include all JavaScript files
$jsDirName = dirname(__FILE__) . '/lib';
$jsDir = dir($jsDirName);
$jsFiles = array();
while ($jsEntry = $jsDir->read()) {
if (substr($jsEntry, strlen($jsEntry) - 3, 3) != '.js') continue;
$jsFiles[] = $jsEntry;
}
sort($jsFiles);
foreach ($jsFiles as $jsEntry) {
echo "<script type=\"text/javascript\" src=\"lib/" . $jsEntry . "\"></script>\n";
}
?>
<script type="text/javascript" src="lib/extra/responsive/200_modernizr.js"></script>
<script type="text/javascript" src="lib/extra/responsive/250_foundation.js"></script>
<table border=0 width="100%" class="lamHeader ui-corner-all">
<tr>
<td align="left" height="30">
<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">LDAP Account Manager</a>
</td>
<td align="right" height=20>
</td>
</tr>
</table>
<br><br>
<form enctype="multipart/form-data" action="login2Factor.php" method="post" autocomplete="off">
<?php
echo $config->getTwoFactorAuthenticationCaption();
?>
<div class="centeredTable">
<div class="roundedShadowBox limitWidth">
<?php
$group = new htmlGroup();
$row = new htmlResponsiveRow();
// error
if (!empty($errorMessage)) {
$row->add(new \htmlStatusMessage('ERROR', $errorMessage), 12);
$row->add(new htmlSpacer('1em', '1em'), 12);
}
// serial
$row->add(new htmlOutputText(_('Serial number')), 12, 12, 12, 'text-left');
$serialSelect = new htmlSelect('serial', $serials);
$row->add($serialSelect, 12);
// token
$row->add(new htmlOutputText($twoFactorLabel), 12, 12, 12, 'text-left');
$twoFactorInput = new htmlInputField('2factor', '');
$twoFactorInput->setFieldSize(null);
$twoFactorInput->setIsPassword(true);
$row->add($twoFactorInput, 12);
$row->add(new htmlSpacer('1em', '1em'), 12);
$submit = new htmlButton('submit', _("Submit"));
$submit->setCSSClasses(array('fullwidth'));
$row->add($submit, 12, 12, 12, 'fullwidth');
$row->add(new htmlSpacer('0.5em', '0.5em'), 12);
$logout = new htmlButton('logout', _("Cancel"));
$logout->setCSSClasses(array('fullwidth'));
$row->add($logout, 12);
$group->addElement($row);
$tabindex = 1;
addSecurityTokenToMetaHTML($group);
parseHtml(null, $group, array(), false, $tabindex, 'user');
?>
</div>
</div>
</form>
<br><br>
<script type="text/javascript">
$(document).foundation();
myElement = document.getElementsByName('2factor')[0];
myElement.focus();
</script>
</body>
</html>

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -44,6 +44,7 @@ include_once("../lib/ldap.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// log message
$ldapUser = $_SESSION['ldap']->decrypt_login();

View File

@ -4,7 +4,7 @@ namespace LAM\INIT;
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -36,6 +36,7 @@ include_once '../lib/profiles.inc';
// start session
startSecureSession();
enforceUserIsLoggedIn();
setlanguage();

View File

@ -63,6 +63,7 @@ class lamAjax {
validateSecurityToken(false);
if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
enforceUserIsLoggedIn();
if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {
if (!isset($_SESSION['account'])) die();
$module = $_SESSION['account']->getAccountModule($_GET['module']);
@ -82,12 +83,13 @@ class lamAjax {
}
$jsonInput = $_POST['jsonInput'];
if ($function == 'passwordStrengthCheck') {
lamAjax::checkPasswordStrength($jsonInput);
}
enforceUserIsLoggedIn();
if ($function == 'passwordChange') {
lamAjax::managePasswordChange($jsonInput);
}
elseif ($function == 'passwordStrengthCheck') {
lamAjax::checkPasswordStrength($jsonInput);
}
elseif ($function == 'upload') {
include_once('../../lib/upload.inc');
$typeManager = new \LAM\TYPES\TypeManager();

View File

@ -21,7 +21,7 @@ use \htmlInputTextarea;
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2013 - 2016 Roland Gruber
Copyright (C) 2013 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -57,6 +57,7 @@ include_once("../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -50,6 +50,7 @@ include_once("../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -15,13 +15,12 @@ use \htmlInputFileUpload;
use \htmlHelpLink;
use \htmlInputField;
use \htmlHiddenInput;
use \htmlDiv;
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2005 - 2016 Roland Gruber
2005 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -60,6 +59,7 @@ include_once("../../lib/modules.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -19,7 +19,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2007 - 2016 Roland Gruber
2007 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -62,6 +62,7 @@ include_once('../../lib/xml_parser.inc');
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -18,7 +18,7 @@ use \htmlInputField;
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -54,6 +54,7 @@ include_once("../../lib/config.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -12,7 +12,7 @@ use \htmlHiddenInput;
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -52,6 +52,7 @@ include_once("../../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -3,7 +3,7 @@
$Id$
Copyright (C) 2004 David Smith
modified to fit for LDAP Account Manager 2005 - 2012 Roland Gruber
modified to fit for LDAP Account Manager 2005 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -29,8 +29,8 @@ $Id$
* @author David Smith
* @author Roland Gruber
*/
/** security functions */
include_once("../../lib/security.inc");
/** access to LDAP server */
@ -42,6 +42,7 @@ require_once("../../lib/schema.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
checkIfToolIsActive('toolSchemaBrowser');
@ -51,7 +52,7 @@ include '../main_header.php';
$view = isset( $_GET['view'] ) ? $_GET['view'] : 'objectClasses';
$viewvalue = isset( $_GET['viewvalue'] ) ? $_GET['viewvalue'] : null;
$viewvalue = isset( $_GET['viewvalue'] ) ? $_GET['viewvalue'] : null;
if( trim( $viewvalue ) == "" )
$viewvalue = null;
if( ! is_null( $viewvalue ) )
@ -89,7 +90,7 @@ if( $view == 'syntaxes' ) {
echo "<tr><th>" . _('Syntax OID') . "</th><th>" . _('Description') . "</th></tr>\n";
flush();
$counter=1;
$schema_syntaxes = get_schema_syntaxes(null);
$schema_syntaxes = get_schema_syntaxes(null);
if( ! $schema_syntaxes ) StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
foreach( $schema_syntaxes as $syntax ) {
$counter++;
@ -107,7 +108,7 @@ if( $view == 'syntaxes' ) {
flush();
$schema_attrs = get_schema_attributes(null);
$schema_object_classes = get_schema_objectclasses(null);
if( ! $schema_attrs || ! $schema_object_classes )
if( ! $schema_attrs || ! $schema_object_classes )
StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
?>
@ -116,7 +117,7 @@ if( $view == 'syntaxes' ) {
<select name="viewvalue" onChange="submit()">
<option value=""> - all -</option>
<?php foreach( $schema_attrs as $attr ) {
<?php foreach( $schema_attrs as $attr ) {
echo( '<option value="'
.$attr->getName()
.'" '
@ -130,7 +131,7 @@ if( $view == 'syntaxes' ) {
<br />
<table class="schema_attr" width="100%">
<?php
<?php
foreach( $schema_attrs as $attr ) {
if ( is_null( $viewvalue ) || 0 == strcasecmp( $viewvalue, $attr->getName() ) ) {
if( ! is_null( $viewvalue ) )
@ -218,13 +219,13 @@ if( $view == 'syntaxes' ) {
echo number_format( $attr->getMaxLength() ) ." ";
if ( $attr->getMaxLength()>1) {echo _('characters');}
else { echo _('character') ;}
}
}
echo "</td>\n";
echo "</tr>\n\n";
echo "<tr class=\"" . (++$counter%2==0?'even':'odd') . "\">\n";
echo "<td>"._('Aliases')."</td>\n";
echo "<td>";
echo "<td>";
if( count( $attr->getAliases() ) == 0 )
echo '('._('none').')';
else
@ -251,7 +252,7 @@ if( $view == 'syntaxes' ) {
echo "</table>\n";
} elseif( $view == 'matching_rules' ) {
$schema_matching_rules = get_schema_matching_rules(null);
$schema_matching_rules = get_schema_matching_rules(null);
echo '<small>' . _('Jump to a matching rule').'</small><br />';
echo '<form action="schema.php" method="get">';
echo '<input type="hidden" name="view" value="matching_rules" />';
@ -260,7 +261,7 @@ if( $view == 'syntaxes' ) {
foreach( $schema_matching_rules as $rule ) {
echo '<option value="'.$rule->getName().'"'.($rule->getName()==$viewvalue? ' selected ': '').'>'.$rule->getName().'</option>';
}
echo '</select>';
echo '<input type="submit" value="'._('Go').'" />';
echo '</form>';
@ -268,7 +269,7 @@ if( $view == 'syntaxes' ) {
echo "<tr><th>" . _('Matching rule OID') . "</th><th>" . _('Name') . "</th><th>"._('Used by attributes')."</th></tr>\n";
flush();
$counter=1;
$schema_matching_rules = get_schema_matching_rules(null);
$schema_matching_rules = get_schema_matching_rules(null);
if( ! $schema_matching_rules ) StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
foreach( $schema_matching_rules as $rule ) {
$counter++;
@ -300,7 +301,7 @@ if( $view == 'syntaxes' ) {
}
echo "</table>\n";
} elseif( $view == 'objectClasses' ) {
} elseif( $view == 'objectClasses' ) {
flush();
$schema_oclasses = get_schema_objectclasses(null);
if( ! $schema_oclasses ) StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
@ -310,7 +311,7 @@ if( $view == 'syntaxes' ) {
<select name="viewvalue"
onChange="submit()">
<option value=""> - all - </option>
<?php foreach( $schema_oclasses as $name => $oclass ) {
<?php foreach( $schema_oclasses as $name => $oclass ) {
echo '<option value="'
.$oclass->getName()
.'"'
@ -323,8 +324,8 @@ if( $view == 'syntaxes' ) {
<?php flush(); ?>
<?php foreach( $schema_oclasses as $name => $oclass ) {
foreach( $oclass->getSupClasses() as $parent_name ) {
<?php foreach( $schema_oclasses as $name => $oclass ) {
foreach( $oclass->getSupClasses() as $parent_name ) {
$parent_name = $parent_name;
if( isset( $schema_oclasses[ $parent_name ] ) ) {
$schema_oclasses[ $parent_name ]->addChildObjectClass( $oclass->getName() );
@ -337,9 +338,9 @@ if( $view == 'syntaxes' ) {
<?php foreach( $schema_oclasses as $name => $oclass ) {
if ( $viewvalue==null || 0 == strcasecmp( $viewvalue, $oclass->getName() ) ){
if( ! is_null( $viewvalue ) )
$viewed = true;
$viewed = true;
?>
<h4 class="schema_oclass"><?php echo $oclass->getName(); ?></h4>
<h4 class="schema_oclass_sub"><?php echo _('OID'); ?>: <b><?php echo $oclass->getOID(); ?></b></h4>
<?php if( $oclass->getDescription() ) { ?>
@ -350,12 +351,12 @@ if( $view == 'syntaxes' ) {
<h4 class="schema_oclass_sub"><?php echo _('This object class is obsolete.'); ?></h4>
<?php } ?>
<h4 class="schema_oclass_sub"><?php echo _('Inherits from'); ?>: <b><?php
<h4 class="schema_oclass_sub"><?php echo _('Inherits from'); ?>: <b><?php
if( count( $oclass->getSupClasses() ) == 0 )
echo "(" . _('none') . ")";
else
foreach( $oclass->getSupClasses() as $i => $object_class ) {
echo '<a title="' . _('Jump to an object class') . ' "
echo '<a title="' . _('Jump to an object class') . ' "
href="?view='.$view.'&amp;viewvalue='.htmlspecialchars( $object_class ) ;
echo '">' . htmlspecialchars( $object_class ) . '</a>';
if( $i < count( $oclass->getSupClasses() ) - 1 )
@ -363,14 +364,14 @@ if( $view == 'syntaxes' ) {
}
?></b></h4>
<h4 class="schema_oclass_sub"><?php echo _('Parent to'); ?>: <b><?php
<h4 class="schema_oclass_sub"><?php echo _('Parent to'); ?>: <b><?php
if( 0 == strcasecmp( $oclass->getName(), 'top' ) )
echo "(<a href=\"schema.php?view=objectClasses\">all</a>)";
elseif( count( $oclass->getChildObjectClasses() ) == 0 )
echo "(" . _('none') . ")";
else
foreach( $oclass->getChildObjectClasses() as $i => $object_class ) {
echo '<a title="' . _('Jump to an object class') . ' "
echo '<a title="' . _('Jump to an object class') . ' "
href="?view='.$view.'&amp;viewvalue='.htmlspecialchars( $object_class ) ;
echo '">' . htmlspecialchars( $object_class ) . '</a>';
if( $i < count( $oclass->getChildObjectClasses() ) - 1 )
@ -400,12 +401,12 @@ if( $view == 'syntaxes' ) {
echo "</li>\n";
}
echo "</ul>";
} else
} else
echo "<center>(" . _('none') . ")</center>\n";
?>
</td>
<td width="50%">
<?php
<?php
if( count( $oclass->getMayAttrs($schema_oclasses) ) > 0 ) {
echo '<ul class="schema">';
foreach( $oclass->getMayAttrs($schema_oclasses) as $attr ) {
@ -422,7 +423,7 @@ if( $view == 'syntaxes' ) {
}
echo "</ul>";
}
else
else
echo "<center>(" . _('none') . ")</center>\n";
?>

View File

@ -3,18 +3,18 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2009 - 2012 Roland Gruber
Copyright (C) 2009 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -35,6 +35,7 @@ include_once("../lib/config.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
checkIfToolIsActive('toolServerInformation');

View File

@ -3,18 +3,18 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2012 Roland Gruber
Copyright (C) 2006 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -35,6 +35,7 @@ include_once("../../lib/config.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2016 Roland Gruber
Copyright (C) 2006 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -36,6 +36,7 @@ include_once("../../lib/config.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2007 - 2016 Roland Gruber
Copyright (C) 2007 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../../lib/schema.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

View File

@ -3,18 +3,18 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2011 Roland Gruber
Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -37,6 +37,7 @@ include_once("../lib/tools.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
setlanguage();

View File

@ -3,18 +3,18 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2010 - 2011 Roland Gruber
Copyright (C) 2010 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -36,6 +36,7 @@ include_once("../../lib/config.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
setlanguage();

View File

@ -48,6 +48,7 @@ include_once('../../lib/modules.inc');
// Start session
startSecureSession();
enforceUserIsLoggedIn();
// check if this tool may be run
checkIfToolIsActive('toolFileUpload');

View File

@ -45,6 +45,7 @@ include_once('../../lib/pdf.inc');
// Start session
startSecureSession();
enforceUserIsLoggedIn();
// check if this tool may be run
checkIfToolIsActive('toolFileUpload');

View File

@ -62,6 +62,7 @@ include_once('../../lib/upload.inc');
// Start session
startSecureSession();
enforceUserIsLoggedIn();
// check if this tool may be run
checkIfToolIsActive('toolFileUpload');

1
lam/tmp/.gitignore vendored
View File

@ -1 +0,0 @@
/*.jpg