First implementation of a page to set mail and phone attributes

ltb-project · Oct 3, 2023 · 12b6195 · 12b6195
1 parent 2fde27f
commit 12b6195
Show file tree

Hide file tree

Showing 4 changed files with 214 additions and 0 deletions.
diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -303,6 +303,12 @@
 # Changing it will also invalidate all previous tokens and SMS codes
 $keyphrase = "secret";
 
+# Use attributes update page
+$use_attributes = false;
+$attribute_mail = "mail";
+$attribute_phone = "mobile";
+$who_change_attributes = "manager";
+
 # Reset URL (if behind a reverse proxy)
 #$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];
 

diff --git a/htdocs/index.php b/htdocs/index.php
@@ -169,6 +169,7 @@
 if ( $use_questions ) { array_push( $available_actions, "resetbyquestions", "setquestions"); }
 if ( $use_tokens ) { array_push( $available_actions, "resetbytoken", "sendtoken"); }
 if ( $use_sms ) { array_push( $available_actions, "resetbytoken", "sendsms"); }
+if ( $use_attributes ) { array_push( $available_actions, "setattributes" ); }
 
 # Ensure requested action is available, or fall back to default
 if ( ! in_array($action, $available_actions) ) { $action = $default_action; }
@@ -274,6 +275,9 @@
 if (isset($extended_error_msg)) { $smarty->assign('extended_error_msg', $extended_error_msg); }
 //if (isset($var)) { $smarty->assign('var', $var); }
 
+if (isset($use_attributes) && $use_attributes && isset($attribute_mail)) { $smarty->assign('attribute_mail_update', true); }
+if (isset($use_attributes) && $use_attributes && isset($attribute_phone)) { $smarty->assign('attribute_phone_update', true); }
+
 # Assign messages
 $smarty->assign('lang',$lang);
 foreach ($messages as $key => $message) {

diff --git a/htdocs/setattributes.php b/htdocs/setattributes.php
@@ -0,0 +1,143 @@
+<?php
+#==============================================================================
+# LTB Self Service Password
+#
+# Copyright (C) 2009 Clement OUDOT
+# Copyright (C) 2009 LTB-project.org
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# GPL License: http://www.gnu.org/licenses/gpl.txt
+#
+#==============================================================================
+
+# This page is called to set value for an LDAP attribute
+
+#==============================================================================
+# POST parameters
+#==============================================================================
+# Initiate vars
+$result = "";
+$login = $presetLogin;
+$password = "";
+$ldap = "";
+$userdata = [];
+$userdn = "";
+$mail = "";
+$phone ="";
+
+if (isset($_POST["mail"]) and $_POST["mail"]) { $mail = strval($_POST["mail"]); }
+if (isset($_POST["phone"]) and $_POST["phone"]) { $phone = strval($_POST["phone"]); }
+if (isset($_REQUEST["login"]) and $_REQUEST["login"]) { $login = strval($_REQUEST["login"]); }
+ else { $result = "loginrequired"; }
+if (isset($_POST["password"]) and $_POST["password"]) { $password = strval($_POST["password"]); }
+ else { $result = "passwordrequired"; }
+if (! isset($_POST["password"]) and ! isset($_REQUEST["login"]))
+ { $result = "emptyattributesform"; }
+
+# Check the entered username for characters that our installation doesn't support
+if ( $result === "" ) {
+ $result = check_username_validity($login,$login_forbidden_chars);
+}
+
+#==============================================================================
+# Check captcha
+#==============================================================================
+if ( ( $result === "" ) and $use_captcha) { $result = global_captcha_check();}
+
+#==============================================================================
+# Check password
+#==============================================================================
+if ( $result === "" ) {
+
+ # Connect to LDAP
+ $ldap = ldap_connect($ldap_url);
+ ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+ if ( $ldap_starttls && !ldap_start_tls($ldap) ) {
+ $result = "ldaperror";
+ error_log("LDAP - Unable to use StartTLS");
+ } else {
+
+ # Bind
+ if ( isset($ldap_binddn) && isset($ldap_bindpw) ) {
+ $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
+ } else {
+ $bind = ldap_bind($ldap);
+ }
+
+ if ( !$bind ) {
+ $result = "ldaperror";
+ $errno = ldap_errno($ldap);
+ if ( $errno ) {
+ error_log("LDAP - Bind error $errno (".ldap_error($ldap).")");
+ }
+ } else {
+
+ # Search for user
+ $ldap_filter = str_replace("{login}", $login, $ldap_filter);
+ $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+
+ $errno = ldap_errno($ldap);
+ if ( $errno ) {
+ $result = "ldaperror";
+ error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
+ } else {
+
+ # Get user DN
+ $entry = ldap_first_entry($ldap, $search);
+
+ if( !$entry ) {
+ $result = "badcredentials";
+ error_log("LDAP - User $login not found");
+ } else {
+
+ $userdn = ldap_get_dn($ldap, $entry);
+
+ # Bind with password
+ $bind = ldap_bind($ldap, $userdn, $password);
+ if ( !$bind ) {
+ $result = "badcredentials";
+ $errno = ldap_errno($ldap);
+ if ( $errno ) {
+ error_log("LDAP - Bind user error $errno (".ldap_error($ldap).")");
+ }
+}}}}}}
+
+#==============================================================================
+# Register attributes
+#==============================================================================
+if ( $result === "" ) {
+
+ # Rebind as Manager if needed
+ if ( $who_change_attributes == "manager" ) {
+ $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
+ }
+
+ if ($attribute_mail and $mail) {
+ $userdata[$attribute_mail][0] = $mail;
+ }
+
+ if ($attribute_phone and $phone) {
+ $userdata[$attribute_phone][0] = $phone;
+ }
+
+ $replace = ldap_mod_replace($ldap, $userdn , $userdata);
+
+ $errno = ldap_errno($ldap);
+ if ( $errno ) {
+ $result = "attributesmoderror";
+ error_log("LDAP - Modify attributes (error $errno (".ldap_error($ldap).")");
+ } else {
+ $result = "attributeschanged";
+ }
+
+}
diff --git a/templates/setattributes.tpl b/templates/setattributes.tpl
@@ -0,0 +1,61 @@
+{if $show_help}
+ <div class="help alert alert-warning">
+ <p><i class="fa fa-fw fa-info-circle"></i> {$msg_setattributeshelp|unescape: "html" nofilter}</p>
+ </div>
+{/if}
+<div class="alert alert-info">
+<form action="#" method="post" class="form-horizontal">
+ <div class="form-group">
+ <label for="login" class="col-sm-4 control-label">{$msg_login}</label>
+ <div class="col-sm-8">
+ <div class="input-group">
+ <span class="input-group-addon"><i class="fa fa-fw fa-user"></i></span>
+ <input type="text" name="login" id="login" value="{$login}" class="form-control" placeholder="{$msg_login}" />
+ </div>
+ </div>
+ </div>
+ <div class="form-group">
+ <label for="password" class="col-sm-4 control-label">{$msg_password}</label>
+ <div class="col-sm-8">
+ <div class="input-group">
+ <span class="input-group-addon"><i class="fa fa-fw fa-lock"></i></span>
+ <input type="password" autocomplete="current-password" name="password" id="password" class="form-control" placeholder="{$msg_password}" />
+ </div>
+ </div>
+ </div>
+
+ {if ($attribute_mail_update)} 
+ <div class="form-group">
+ <label for="mail" class="col-sm-4 control-label">{$msg_mail}</label>
+ <div class="col-sm-8">
+ <div class="input-group">
+ <span class="input-group-addon"><i class="fa fa-fw fa-envelope-o"></i></span>
+ <input type="text" name="mail" id="mail" class="form-control" placeholder="{$msg_mail}" />
+ </div>
+ </div>
+ </div>
+ {/if}
+ {if ($attribute_phone_update)} 
+ <div class="form-group">
+ <label for="phone" class="col-sm-4 control-label">{$msg_phone}</label>
+ <div class="col-sm-8">
+ <div class="input-group">
+ <span class="input-group-addon"><i class="fa fa-fw fa-phone"></i></span>
+ <input type="text" name="phone" id="phone" class="form-control" placeholder="{$msg_phone}" />
+ </div>
+ </div>
+ </div>
+ {/if}
+
+ {if ($use_captcha)}
+ {include file="captcha.tpl"}
+ {/if}
+ <div class="form-group">
+ <div class="col-sm-offset-4 col-sm-8">
+ <button type="submit" class="btn btn-success">
+ <i class="fa fa-fw fa-check-square-o"></i> {$msg_submit}
+ </button>
+ </div>
+ </div>
+</form>
+</div>