From 5474c4c26d842ec1864255107ceaed9a0e00c1be Mon Sep 17 00:00:00 2001
From: surfrock66 <surfrock66@sr66-hda.hda.surfrock66.com>
Date: Thu, 17 Feb 2022 15:01:49 -0800
Subject: [PATCH] 2022.02.17 - Commit by jgullo - This commit furthers work to
 decouple the starting point from the original organization and move certain
 branding and naming to the configuration file.  A large part of this was to
 modularize the connection to the AD/LDAP server, which was intended to be
 easy to adapt to other orgs and configurations, but had a lot of stuff baked
 in specific to the org's AD configuration.  One thing I found was that the
 LDAP lookup found in web/includes/getContacts.php is REALLY difficult to
 modularize given the possible diversity in objectClasses, directory
 structure, attribute utilization, etc.  To account for this, we created a
 fairly sane default directory connection configuration at
 web/includes/getContacts.php.sample which a new implementation should copy
 and rename to getContacts.php, then modify based on the needs of your
 organization.

---
 web/config.php.sample                         |  17 +++
 web/includes/footer.php                       |  10 +-
 ...getContacts.php => getContacts.php.sample} | 101 +++++++++++++-----
 web/includes/header.php                       |   4 +-
 web/index.php                                 |  24 ++++-
 5 files changed, 121 insertions(+), 35 deletions(-)
 rename web/includes/{getContacts.php => getContacts.php.sample} (60%)

diff --git a/web/config.php.sample b/web/config.php.sample
index 3a9ed828..8e5db3a3 100644
--- a/web/config.php.sample
+++ b/web/config.php.sample
@@ -3,6 +3,9 @@
 // Page Title
 //define("TITLE","Sample Web Phone");
 
+// Page Footer Text
+//define("Footer","&copy; Sample Footer Line");
+
 
 // SIP Realm
 //define("REALM","sample realm");
@@ -89,8 +92,19 @@
 // SimpleSAMLPhp Logout Return URL
 //define("SAMLRETURNURL","https://domain.tld");
 
+// SimpleSAMLPhp Attribute Map - givenName
+//define("SAMLATTRGIVENNAME","givenName");
+
+// SimpleSAMLPhp Attribute Map - surame
+//define("SAMLATTRSURNAME","sn");
+
+// SimpleSAMLPhp Attribute Map - extension
+//define("SAMLATTREXT","extension");
+
 
 // LDAP Credentials
+// For LDAP lookup to work, you must copy includes/getContacts.php.sample to includes/getContacts.php
+//  Any further LDAP filtering or configuration will happen there
 
 // LDAP/AD URI
 //define("LDAPURI","ldaps://sampleserver.sampledomain.tld:636");
@@ -104,6 +118,9 @@
 // LDAP Base DN
 //define("LDAPBASEDN","dc=SAMPLEDOMAIN,dc=TLD");
 
+// LDAP Search Filter
+//define("LDAPSEARCHFILTER","(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))");
+
 
 // MySQL Credentials
 
diff --git a/web/includes/footer.php b/web/includes/footer.php
index 2dbfb3bd..13c46de2 100644
--- a/web/includes/footer.php
+++ b/web/includes/footer.php
@@ -1,7 +1,15 @@
 
         <footer class="footer fixed-bottom">
             <div class="container">
-                <p class="text-muted text-center"><small>&copy; SEIU Local 1000 - <?php echo date("Y"); ?>. All Rights Reserved.</small></p>
+<?php
+$footerText = "";
+if ( defined ( 'FOOTER' ) ) {
+    if ( !empty ( FOOTER ) ) {
+        $footerText = FOOTER . " - ";
+    }
+}
+?>
+                <p class="text-muted text-center"><small><?php echo $footerText.date("Y"); ?>. All Rights Reserved.</small></p>
             </div>
             <!-- Creates all ATL/COM objects right now
                 Will open confirmation dialogs if not already done
diff --git a/web/includes/getContacts.php b/web/includes/getContacts.php.sample
similarity index 60%
rename from web/includes/getContacts.php
rename to web/includes/getContacts.php.sample
index e4027c09..bdf8df82 100644
--- a/web/includes/getContacts.php
+++ b/web/includes/getContacts.php.sample
@@ -17,7 +17,6 @@
             $ldapbindpass = LDAPBINDPASS;
             $ldapbasedn = LDAPBASEDN;
             $ldap_connection = ldap_connect( $ldapuri );
-
             if (FALSE === $ldap_connection) {
                 // Uh-oh, something is wrong...
                 echo 'Unable to connect to the ldap server';
@@ -30,26 +29,31 @@
             if ( TRUE === ldap_bind ( $ldap_connection, $ldapbinduser, $ldapbindpass ) ) {
                 //Get standard users and contacts
                 $search_filter = '(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
+                if ( defined ( 'LDAPSEARCHFILTER' ) ) {
+                    if ( !empty ( LDAPSEARCHFILTER ) ) {
+                        $search_filter = LDAPSEARCHFILTER;
+                    }
+                }
 
-                $attr = array("dn","samaccountname","givenname","sn","title","department","telephonenumber","mobile");
+                //
+                // If the attribute list for directory information is different than what is pulled here, modify it
+                //
+                $attr = array("dn","samaccountname","cn","givenname","sn","title","department","telephonenumber","homePhone","mobile");
  
                 //Connect to LDAP
                 $result = ldap_search($ldap_connection, $ldapbasedn, $search_filter, $attr);
-
                 if (FALSE !== $result) {
                     $entries = ldap_get_entries($ldap_connection, $result);
- 
                     // Uncomment the below if you want to write all entries to debug somethingthing 
                     //echo "<pre>";
                     //var_dump($entries);
                     //echo "</pre>";
-
-                    $ADUsers = array();
+                    $DirUsers = array();
 
                     //For each account returned by the search
                     for ($x = 0; $x < $entries['count']; $x++) {
                         //
-                        //Retrieve values from Active Directory
+                        //Retrieve values from Active Directory or LDAP
                         //
          
                         //Distinguished Name
@@ -61,7 +65,10 @@
                             }
                         }
 
-                        if ( ( strpos ( $LDAP_dn, 'Users' ) !== false ) && ( strpos ( $LDAP_dn, 'Inactive'  ) == false ) ) {
+                        //
+                        // Uncomment this and the corresponding closing bracket if you need to do further AD filtering based on the structure of your org
+                        //
+                        //if ( ( strpos ( $LDAP_dn, 'Users' ) !== false ) && ( strpos ( $LDAP_dn, 'Inactive'  ) == false ) ) {
 
                             // Phone Number 
                             $LDAP_PhoneNumber = "";
@@ -81,19 +88,46 @@
                                 }
                             }
 
-                            if ( ( $LDAP_PhoneNumber !== "" ) || ( $LDAP_MobilePhone !== "" ) ) {
+                            //
+                            // In this example, "homePhone" is an attribute which can have multiple values, hence it comes in as an array and must be handled differently
+                            //
+                            //Home phone
+                            $LDAP_HomePhone = "";
+                            if (!empty($entries[$x]['homephone'][0])) {
+                                if ( is_array( $entries[$x]['homephone'][0] ) ) {
+                                    $LDAP_HomePhone = $entries[$x]['homephone'][0][1];
+                                } else {
+                                    $LDAP_HomePhone = $entries[$x]['homephone'][0];
+                                }
+                                if ($LDAP_HomePhone == "NULL") {
+                                    $LDAP_HomePhone = "";
+                                }
+                            }
+                       
+
+                            if ( ( $LDAP_PhoneNumber !== "" ) || ( $LDAP_MobilePhone !== "" ) || ( $LDAP_HomePhone !== "" ) ) {
 
-                                //Windows Usernaame
-                                $LDAP_samaccountname = "";
+                                //
+                                // The following code blocks will construct the strings available in the directory search dropdown.
+                                // While this should be a sane starting point, you can modify or adapt this as needed for your organization.
+                                //
+
+                                //Usernaame
+                                $LDAP_accountname = "";
                                 if (!empty($entries[$x]['samaccountname'][0])) {
-                                    $LDAP_samaccountname = $entries[$x]['samaccountname'][0];
-                                    if ($LDAP_samaccountname == "NULL") {
-                                        $LDAP_samaccountname = "";
+                                    $LDAP_accountname = $entries[$x]['samaccountname'][0];
+                                    if ($LDAP_accountname == "NULL") {
+                                        $LDAP_accountname = "";
+                                    }
+                                } elseif (!empty($entries[$x]['cn'][0])) {
+                                    $LDAP_accountname = $entries[$x]['cn'][0];
+                                    if ($LDAP_accountname == "NULL") {
+                                        $LDAP_accountname = "";
                                     }
                                 } else {
-                                    //#There is no samaccountname s0 assume this is an AD contact record so generate a unique username
+                                    //#There is no samaccountname or cn so assume this is an AD contact record so generate a unique username
                                     $LDAP_uSNCreated = $entries[$x]['usncreated'][0];
-                                    $LDAP_samaccountname = "CONTACT_" . $LDAP_uSNCreated;
+                                    $LDAP_accountname = "CONTACT_" . $LDAP_uSNCreated;
                                 }
  
                                 //Last Name
@@ -103,6 +137,11 @@
                                     if ($LDAP_LastName == "NULL") {
                                         $LDAP_LastName = "";
                                     }
+                                } elseif (!empty($entries[$x]['surname'][0])) {
+                                    $LDAP_LastName = $entries[$x]['surname'][0];
+                                    if ($LDAP_LastName == "NULL") {
+                                        $LDAP_LastName = "";
+                                    }
                                 }
  
                                 //First Name
@@ -117,7 +156,7 @@
                                 //Department
                                 $LDAP_Department = "";
                                 if (!empty($entries[$x]['department'][0])) {
-                                    $LDAP_Department = $entries[$x]['department'][0];
+                                    $LDAP_Department = ", ".$entries[$x]['department'][0];
                                     if ($LDAP_Department == "NULL") {
                                         $LDAP_Department = "";
                                     }
@@ -126,35 +165,39 @@
                                 //Job Title
                                 $LDAP_JobTitle = "";
                                 if (!empty($entries[$x]['title'][0])) {
-                                    $LDAP_JobTitle = $entries[$x]['title'][0];
+                                    $LDAP_JobTitle = " - ".$entries[$x]['title'][0];
                                     if ($LDAP_JobTitle == "NULL") {
                                         $LDAP_JobTitle = "";
                                     }
                                 }
                                 if ( $LDAP_PhoneNumber !== "" ) {
-                                    $userData = array($LDAP_LastName, $LDAP_FirstName, $LDAP_JobTitle, $LDAP_Department, $LDAP_PhoneNumber, "Phone #");
-                                    array_push ( $ADUsers, $userData );
+                                    $userData = array($LDAP_LastName, $LDAP_FirstName, $LDAP_JobTitle, $LDAP_Department, $LDAP_PhoneNumber, " - Phone #");
+                                    array_push ( $DirUsers, $userData );
                                 }
                                 if ( $LDAP_MobilePhone !== "" ) {
-                                    $userData = array($LDAP_LastName, $LDAP_FirstName, $LDAP_JobTitle, $LDAP_Department, $LDAP_MobilePhone, "Mobile #");
-                                    array_push ( $ADUsers, $userData );
+                                    $userData = array($LDAP_LastName, $LDAP_FirstName, $LDAP_JobTitle, $LDAP_Department, $LDAP_MobilePhone, " - Mobile #");
+                                    array_push ( $DirUsers, $userData );
                                 }
-                            }
+                                if ( $LDAP_HomePhone !== "" ) {
+                                    $userData = array($LDAP_LastName, $LDAP_FirstName, $LDAP_JobTitle, $LDAP_Department, $LDAP_HomePhone, " - Home #");
+                                    array_push ( $DirUsers, $userData );
+                                }
+                            //}
                         }
                     }
 
                     // Sort the results by last name, first name, and number type
-                    $column_lastname = array_column ( $ADUsers, 1 );
-                    $column_firstname = array_column ( $ADUsers, 0 );
-                    $column_type = array_column ( $ADUsers, 5 );
-                    array_multisort ( $column_lastname, SORT_ASC, $column_firstname, SORT_ASC, $column_type, SORT_DESC, $ADUsers  );
+                    $column_lastname = array_column ( $DirUsers, 1 );
+                    $column_firstname = array_column ( $DirUsers, 0 );
+                    $column_type = array_column ( $DirUsers, 5 );
+                    array_multisort ( $column_lastname, SORT_ASC, $column_firstname, SORT_ASC, $column_type, SORT_DESC, $DirUsers  );
 
                     $contactLookup = array();
 
-                    foreach( $ADUsers as $user ) {
+                    foreach( $DirUsers as $user ) {
                         $userData = array (
                             "lookupName" => $user[1] . " " . $user[0],
-                            "displayText" => $user[0] . ", " . $user[1] . " - " . $user[2] . ", " . $user[3] . " - " . $user[5] . ": " . $user[4],
+                            "displayText" => $user[0] . ", " . $user[1] . $user[2] . $user[3] . $user[5] . ": " . $user[4],
                             "number" => $user[4]
                         );
                         
diff --git a/web/includes/header.php b/web/includes/header.php
index 59062ef1..65637022 100644
--- a/web/includes/header.php
+++ b/web/includes/header.php
@@ -27,7 +27,7 @@
             $pageTitle = TITLE;
         }
     }
-        echo "<title>$pageTitle</title>";
+        echo "\n        <title>$pageTitle</title>\n";
 ?>
         <meta name="viewport" content="width=device-width, initial-scale=1.0" />
         <meta name="Keywords" content="doubango, sipML5, VoIP, HTML5, WebRTC, RTCWeb, SIP, IMS, Video chat, VP8" />
@@ -404,7 +404,7 @@ function selectContact(event) {
                                 </div>
                                 <div class="col-10 branding mt-1">
                                     <div class="logo">
-                                        <img src="/images/logo.svg" alt="SEIU Local 1000" />
+                                        <img src="./images/logo.svg" alt="Logo Image" />
                                     </div>
                                 </div>
                             </div>
diff --git a/web/index.php b/web/index.php
index 4eeb6167..99dffd54 100644
--- a/web/index.php
+++ b/web/index.php
@@ -35,9 +35,27 @@
             $_SESSION['as'] = new SimpleSAML_Auth_Simple( SAMLSPNAME );
             $_SESSION['as']->requireAuth();
             $attributes = $_SESSION['as']->getAttributes();
-            $_SESSION['givenname'] = $attributes['givenname'][0];
-            $_SESSION['surname'] = $attributes['surname'][0];
-            $_SESSION['extension'] = $attributes['extension'][0];
+            $attrGivenName = "givenname";
+            if ( defined ( 'SAMLATTRGIVENNAME' ) ) {
+                if ( !empty ( SAMLATTRGIVENNAME ) ) {
+                    $attrGivenName = SAMLATTRGIVENNAME;
+                }
+            }
+            $_SESSION['givenname'] = $attributes[$attrGivenName][0];
+            $attrSurname = "surname";
+            if ( defined ( 'SAMLATTRSURNAME' ) ) {
+                if ( !empty ( SAMLATTRSURNAME ) ) {
+                    $attrSurname = SAMLATTRSURNAME;
+                }
+            }
+            $_SESSION['surname'] = $attributes[$attrSurname][0];
+            $attrExtension = "extension";
+            if ( defined ( 'SAMLATTREXT' ) ) {
+                if ( !empty ( SAMLATTREXT ) ) {
+                    $attrExtension = SAMLATTREXT;
+                }
+            }
+            $_SESSION['extension'] = $attributes[$attrExtension][0];
             // 2020.12.16 - Edit by jgullo - Populate variables from saml to input later
             if ( !empty ( $_SESSION['givenname'] ) || !empty ( $_SESSION['surname'] ) ) {
                 $fullName = $_SESSION['givenname']." ".$_SESSION['surname'];