checkPassword($_SESSION["mainconf_password"]))) { require('mainlogin.php'); exit(); } if (isset($_POST['cancel'])) { // back to login metaRefresh('../login.php'); exit(); } $errors = array(); $messages = array(); // check if submit button was pressed if (isset($_POST['submitFormData'])) { // set master password if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) { if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) { $cfg->setPassword($_POST['masterpassword']); $msg = _("New master password set successfully."); unset($_SESSION["mainconf_password"]); } else { $errors[] = _("Master passwords are different or empty!"); } } // set license if (isLAMProVersion()) { $licenseLines = explode("\n", $_POST['license']); $licenseLines = array_map('trim', $licenseLines); $cfg->setLicenseLines($licenseLines); } // set session timeout $cfg->sessionTimeout = $_POST['sessionTimeout']; // set allowed hosts if (isset($_POST['allowedHosts'])) { $allowedHosts = $_POST['allowedHosts']; $allowedHostsList = explode("\n", $allowedHosts); for ($i = 0; $i < sizeof($allowedHostsList); $i++) { $allowedHostsList[$i] = trim($allowedHostsList[$i]); // ignore empty lines if ($allowedHostsList[$i] == "") { unset($allowedHostsList[$i]); continue; } // check each line $ipRegex = '/^[0-9a-f\\.:\\*]+$/i'; if (!preg_match($ipRegex, $allowedHostsList[$i]) || (strlen($allowedHostsList[$i]) > 15)) { $errors[] = sprintf(_("The IP address %s is invalid!"), htmlspecialchars(str_replace('%', '%%', $allowedHostsList[$i]))); } } $allowedHosts = implode(",", $allowedHostsList); } else { $allowedHosts = ""; } $cfg->allowedHosts = $allowedHosts; // set allowed hosts for self service if (isLAMProVersion()) { if (isset($_POST['allowedHostsSelfService'])) { $allowedHostsSelfService = $_POST['allowedHostsSelfService']; $allowedHostsSelfServiceList = explode("\n", $allowedHostsSelfService); for ($i = 0; $i < sizeof($allowedHostsSelfServiceList); $i++) { $allowedHostsSelfServiceList[$i] = trim($allowedHostsSelfServiceList[$i]); // ignore empty lines if ($allowedHostsSelfServiceList[$i] == "") { unset($allowedHostsSelfServiceList[$i]); continue; } // check each line $ipRegex = '/^[0-9a-f\\.:\\*]+$/i'; if (!preg_match($ipRegex, $allowedHostsSelfServiceList[$i]) || (strlen($allowedHostsSelfServiceList[$i]) > 15)) { $errors[] = sprintf(_("The IP address %s is invalid!"), htmlspecialchars(str_replace('%', '%%', $allowedHostsSelfServiceList[$i]))); } } $allowedHostsSelfService = implode(",", $allowedHostsSelfServiceList); } else { $allowedHostsSelfService = ""; } $cfg->allowedHostsSelfService = $allowedHostsSelfService; } // set session encryption if (function_exists('openssl_random_pseudo_bytes')) { $encryptSession = 'false'; if (isset($_POST['encryptSession']) && ($_POST['encryptSession'] == 'on')) { $encryptSession = 'true'; } $cfg->encryptSession = $encryptSession; } // set log level $cfg->logLevel = $_POST['logLevel']; // set log destination if ($_POST['logDestination'] == "none") { $cfg->logDestination = "NONE"; } elseif ($_POST['logDestination'] == "syslog") { $cfg->logDestination = "SYSLOG"; } elseif ($_POST['logDestination'] == "remote") { $cfg->logDestination = "REMOTE:" . $_POST['logRemote']; $remoteParts = explode(':', $_POST['logRemote']); if ((sizeof($remoteParts) !== 2) || !get_preg($remoteParts[0], 'DNSname') || !get_preg($remoteParts[1], 'digit')) { $errors[] = _("Please enter a valid remote server in format \"server:port\"."); } } else { if (isset($_POST['logFile']) && ($_POST['logFile'] != "") && preg_match("/^[a-z0-9\\/\\\\:\\._-]+$/i", $_POST['logFile'])) { $cfg->logDestination = $_POST['logFile']; } else { $errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, \\, ., :, _ and -."); } } // password policies $cfg->passwordMinLength = $_POST['passwordMinLength']; $cfg->passwordMinLower = $_POST['passwordMinLower']; $cfg->passwordMinUpper = $_POST['passwordMinUpper']; $cfg->passwordMinNumeric = $_POST['passwordMinNumeric']; $cfg->passwordMinSymbol = $_POST['passwordMinSymbol']; $cfg->passwordMinClasses = $_POST['passwordMinClasses']; $cfg->checkedRulesCount = $_POST['passwordRulesCount']; $cfg->passwordMustNotContain3Chars = isset($_POST['passwordMustNotContain3Chars']) && ($_POST['passwordMustNotContain3Chars'] == 'on') ? 'true' : 'false'; $cfg->passwordMustNotContainUser = isset($_POST['passwordMustNotContainUser']) && ($_POST['passwordMustNotContainUser'] == 'on') ? 'true' : 'false'; if (function_exists('curl_init')) { $cfg->externalPwdCheckUrl = $_POST['externalPwdCheckUrl']; if (!empty($cfg->externalPwdCheckUrl) && (strpos($cfg->externalPwdCheckUrl, '{SHA1PREFIX}') === false)) { $errors[] = _('The URL for the external password check is invalid.'); } } if (isset($_POST['sslCaCertUpload'])) { if (!isset($_FILES['sslCaCert']) || ($_FILES['sslCaCert']['size'] == 0)) { $errors[] = _('No file selected.'); } else { $handle = fopen($_FILES['sslCaCert']['tmp_name'], "r"); $data = fread($handle, 10000000); fclose($handle); $sslReturn = $cfg->uploadSSLCaCert($data); if ($sslReturn !== true) { $errors[] = $sslReturn; } else { $messages[] = _('You might need to restart your webserver for changes to take effect.'); } } } if (isset($_POST['sslCaCertDelete'])) { $cfg->deleteSSLCaCert(); $messages[] = _('You might need to restart your webserver for changes to take effect.'); } if (isset($_POST['sslCaCertImport'])) { $matches = array(); if (preg_match('/^ldaps:\\/\\/([a-zA-Z0-9_\\.-]+)(:([0-9]+))?$/', $_POST['serverurl'], $matches)) { $port = '636'; if (isset($matches[3]) && !empty($matches[3])) { $port = $matches[3]; } $pemResult = getLDAPSSLCertificate($matches[1], $port); if ($pemResult !== false) { $messages[] = _('Imported certificate from server.'); $messages[] = _('You might need to restart your webserver for changes to take effect.'); $cfg->uploadSSLCaCert($pemResult); } else { $errors[] = _('Unable to import server certificate. Please use the upload function.'); } } else { $errors[] = _('Invalid server name. Please enter "server" or "server:port".'); } } foreach ($_POST as $key => $value) { if (strpos($key, 'deleteCert_') === 0) { $index = substr($key, strlen('deleteCert_')); $cfg->deleteSSLCaCert($index); } } // mail EOL if (isLAMProVersion()) { $cfg->mailEOL = $_POST['mailEOL']; } $cfg->errorReporting = $_POST['errorReporting']; // save settings if (isset($_POST['submit'])) { $cfg->save(); if (sizeof($errors) == 0) { metaRefresh('../login.php?confMainSavedOk=1'); exit(); } } } echo $_SESSION['header']; printHeaderContents(_("Edit general settings"), '../..'); ?>
LDAP Account Manager |