LDAP Account Manager

= 5.1 if (version_compare(phpversion(), '5.1.0') < 0) { echo "\n\n"; echo "\n\n"; echo "\n"; echo "\n \n"; echo "\n"; echo "\n"; echo "LDAP Account Manager\n"; echo "\n"; StatusMessage("ERROR", "LAM needs PHP 5 greater or equal as 5.1.0!", "Please upgrade your PHP installation."); echo "

"; echo ""; exit(); } /** security functions */ include_once("../lib/security.inc"); /** self service functions */ include_once("../lib/selfService.inc"); // check environment $criticalErrors = array(); // check if PHP has session support if (! function_exists('session_start')) { $criticalErrors[] = array("ERROR", "Your PHP has no session support!", "Please install the session extension for PHP."); } // check if PHP has LDAP support if (! function_exists('ldap_search')) { $criticalErrors[] = array("ERROR", "Your PHP has no LDAP support!", "Please install the LDAP extension for PHP."); } // check if PHP has gettext support if (! function_exists('gettext') || !function_exists('_')) { $criticalErrors[] = array("ERROR", "Your PHP has no gettext support!", "Please install gettext for PHP."); } // check if PHP has XML support if (! function_exists('utf8_decode')) { $criticalErrors[] = array("ERROR", "Your PHP has no XML support!", "Please install the XML extension for PHP."); } // check if PHP has GD support if (! function_exists('getimagesize')) { $criticalErrors[] = array("ERROR", "Your PHP has no GD support!", "Please install the GD extension for PHP."); } // check file permissions $writableDirs = array('sess', 'tmp'); for ($i = 0; $i < sizeof($writableDirs); $i++) { $path = realpath('../') . "/" . $writableDirs[$i]; if (!is_writable($path)) { $criticalErrors[] = array("ERROR", 'The directory %s is not writable for the web server. Please change your file permissions.', '', array($path)); } } // check session auto start if (ini_get("session.auto_start") == "1") { $criticalErrors[] = array("ERROR", "Please deactivate session.auto_start in your php.ini. LAM will not work if it is activated."); } // check memory limit $memLimit = ini_get('memory_limit'); if (isset($memLimit) && ($memLimit != '') && (substr(strtoupper($memLimit), strlen($memLimit) - 1) == 'M')) { if (intval(substr($memLimit, 0, strlen($memLimit) - 1)) < 64) { $criticalErrors[] = array("ERROR", "Please increase the \"memory_limit\" parameter in your php.ini to at least \"64M\".", "Your current memory limit is $memLimit."); } } // check PCRE regex system if (!@preg_match('/^\p{L}+$/u', "abc")) { $criticalErrors[] = array("ERROR", "Your PCRE library has no complete Unicode support. Please upgrade libpcre or compile with \"--enable-unicode-properties\"."); } // stop login if critical errors occured if (sizeof($criticalErrors) > 0) { echo "\n\n"; echo "\n\n"; echo "\n"; echo "\n \n"; echo "\n"; echo "\n"; echo "LDAP Account Manager\n"; echo "\n"; for ($i = 0; $i < sizeof($criticalErrors); $i++) { call_user_func_array("StatusMessage", $criticalErrors[$i]); echo "

"; } echo ""; exit(); } /** access to configuration options */ include_once("../lib/config.inc"); // Include config.inc which provides Config class // set session save path if (strtolower(session_module_name()) == 'files') { session_save_path("../sess"); } session_start(); // Start LDAP Account Manager session // save last selected login profile if(isset($_POST['profile'])) { setcookie("lam_default_profile", $_POST['profile'], time() + 365*60*60*24); } /** * Displays the login window. * * @param object $config_object current active configuration */ function display_LoginPage($config_object) { logNewMessage(LOG_DEBUG, "Display login page"); global $error_message; // generate 256 bit key and initialization vector for user/passwd-encryption // check if we can use /dev/random otherwise use /dev/urandom or rand() if(function_exists('mcrypt_create_iv')) { $key = @mcrypt_create_iv(32, MCRYPT_DEV_URANDOM); if (! $key) { srand((double)microtime()*1234567); $key = mcrypt_create_iv(32, MCRYPT_RAND); } $iv = @mcrypt_create_iv(32, MCRYPT_DEV_URANDOM); if (! $iv) { srand((double)microtime()*1234567); $iv = mcrypt_create_iv(32, MCRYPT_RAND); } // save both in cookie setcookie("Key", base64_encode($key), 0, "/"); setcookie("IV", base64_encode($iv), 0, "/"); } $_SESSION['language'] = $config_object->get_defaultLanguage(); $current_language = explode(":",$_SESSION['language']); $_SESSION['header'] = "\n\n"; $_SESSION['header'] .= "\n\n"; $_SESSION['header'] .= "\n"; $_SESSION['header'] .= "\n "; // loading available languages from language.conf file $languagefile = "../config/language"; if(is_file($languagefile) == True) { $file = fopen($languagefile, "r"); $i = 0; while(!feof($file)) { $line = fgets($file, 1024); if($line == "" || $line == "\n" || $line[0] == "#") continue; // ignore comment and empty lines $value = explode(":", $line); $languages[$i]["link"] = $value[0] . ":" . $value[1]; $languages[$i]["descr"] = $value[2]; if(rtrim($line) == $_SESSION["language"]) { $languages[$i]["default"] = "YES"; } else { $languages[$i]["default"] = "NO"; } $i++; } fclose($file); } $profiles = getConfigProfiles(); setlanguage(); // setting correct language echo $_SESSION["header"]; ?> LDAP Account Manager -Login- \n"; echo "\n"; echo "\n"; ?>

" . _("Want more features? Get LAM Pro!") . ""; } ?>

"; } } // check TLS $useTLS = $config_object->getUseTLS(); if (isset($useTLS) && ($useTLS == "yes")) { if (!function_exists('ldap_start_tls')) { StatusMessage("ERROR", "Your PHP installation does not support TLS encryption!"); echo "
"; } } // check if session expired if (isset($_GET['expired'])) { StatusMessage("ERROR", _("Your session expired, please log in again.")); echo "
"; } ?>


	getLoginMethod() == LAMConfig::LOGIN_LIST) { echo ''; } else { echo ''; } ?>


" tabindex="4">
" . $error_message . ""; } ?>

Pro: " . LAMVersion() . " "; logNewMessage(LOG_DEBUG, "LAM Pro " . LAMVersion()); } else { echo "LDAP Account Manager: " . LAMVersion() . " "; logNewMessage(LOG_DEBUG, "LAM " . LAMVersion()); } ?>

getLoginMethod() == LAMConfig::LOGIN_SEARCH) { $searchFilter = $_SESSION['config']->getLoginSearchFilter(); $searchFilter = str_replace('%USER%', $username ,$searchFilter); $searchSuccess = true; $searchError = ''; $searchLDAP = new Ldap($_SESSION['config']); $searchLDAPResult = $searchLDAP->connect('', '', true); if (! ($searchLDAPResult == 0)) { $searchSuccess = false; $searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . @ldap_error($searchLDAP->server()); } else { $searchResult = @ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER); if ($searchResult) { $searchInfo = @ldap_get_entries($searchLDAP->server(), $searchResult); if ($searchInfo) { $searchInfo = cleanLDAPResult($searchInfo); if (sizeof($searchInfo) == 0) { $searchSuccess = false; $searchError = _('Wrong password/user name combination. Please try again.'); } elseif (sizeof($searchInfo) > 1) { $searchSuccess = false; $searchError = _('The given user name matches multiple LDAP entries.'); } else { $username = $searchInfo[0]['dn']; } } else { $searchSuccess = false; $searchError = _('Unable to find the user name in LDAP.'); if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . ldap_error($searchLDAP->server()); } } else { $searchSuccess = false; $searchError = _('Unable to find the user name in LDAP.'); if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . ldap_error($searchLDAP->server()); } } if (!$searchSuccess) { $error_message = $searchError; logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in. ' . $searchError . ''); $searchLDAP->close(); display_LoginPage($_SESSION['config']); exit(); } $searchLDAP->close(); } // try to connect to LDAP $result = $_SESSION['ldap']->connect($username,$_POST['passwd']); // Connect to LDAP server for verifing username/password if($result === 0) {// Username/password correct. Do some configuration and load main frame. $_SESSION['loggedIn'] = true; $_SESSION['language'] = $_POST['language']; // Write selected language in session $current_language = explode(":",$_SESSION['language']); $_SESSION['header'] = "\n\n"; $_SESSION['header'] .= "\n\n"; $_SESSION['header'] .= "\n"; $_SESSION['header'] .= "\n "; // set security settings for session $_SESSION['sec_session_id'] = session_id(); $_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['sec_sessionTime'] = time(); // logging logNewMessage(LOG_NOTICE, 'User ' . $_POST['username'] . ' (' . $clientSource . ') successfully logged in.'); // Load main frame metaRefresh("./main.php"); die(); } else { if ($result === False) { // connection failed $error_message = _("Cannot connect to specified LDAP server. Please try again."); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); display_LoginPage($_SESSION['config']); exit(); } elseif ($result == 81) { // connection failed $error_message = _("Cannot connect to specified LDAP server. Please try again."); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); display_LoginPage($_SESSION['config']); exit(); } elseif ($result == 49) { // user name/password invalid. Return to login page. $error_message = _("Wrong password/user name combination. Please try again."); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (wrong password).'); display_LoginPage($_SESSION['config']); exit(); } else { // other errors $error_message = _("LDAP error, server says:") . "\n
($result) " . ldap_err2str($result); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); display_LoginPage($_SESSION['config']); exit(); } } } } // Reload loginpage after a profile change elseif(!empty($_POST['profileChange'])) { logNewMessage(LOG_DEBUG, "Change server profile to " . $_POST['profile']); $_SESSION['config'] = new LAMConfig($_POST['profile']); // Recreate the config object with the submited display_LoginPage($_SESSION['config']); // Load login page } // Load login page else { $default_Config = new LAMCfgMain(); $default_Profile = $default_Config->default; if(isset($_COOKIE["lam_default_profile"])) { $default_Profile = $_COOKIE["lam_default_profile"]; } $_SESSION["config"] = new LAMConfig($default_Profile); // Create new Config object $_SESSION["cfgMain"] = $default_Config; // Create new CfgMain object display_LoginPage($_SESSION["config"]); // Load Login page } ?>