Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request Administrator's Credentials adhoc #21

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Request Administrator's Credentials adhoc #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cdf3182
Setting bind user in configuration is not safe in some deployments,
GeKasap Sep 24, 2020
f9dfe33
Update lockaccount.php
GeKasap Sep 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions conf/config.inc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@
$resetpassword_reset_default = true;
$use_unlockaccount = true;
$use_lockaccount = true;
$always_authenticate_admin = false;

# Language
$lang ="en";
Expand Down
1 change: 1 addition & 0 deletions htdocs/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
$smarty->assign('resetpassword_reset_default',$resetpassword_reset_default);
$smarty->assign('use_unlockaccount',$use_unlockaccount);
$smarty->assign('use_lockaccount',$use_lockaccount);
$smarty->assign('always_authenticate_admin',$always_authenticate_admin);

# Assign messages
$smarty->assign('lang',$lang);
Expand Down
9 changes: 6 additions & 3 deletions htdocs/lockaccount.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,20 @@
$result = "";
$dn = "";
$password = "";
$ldap_binddn = "";
$ldap_bindpw = "";

if (isset($_POST["dn"]) and $_POST["dn"]) {
$dn = $_POST["dn"];
} else {
$result = "dnrequired";
}

if ($result === "") {
require_once("../conf/config.inc.php");
require_once("../lib/ldap.inc.php");
require_once("../lib/authenticate_admin.inc.php");

require_once("../conf/config.inc.php");
require_once("../lib/ldap.inc.php");
if ($result === "") {

# Connect to LDAP
$ldap_connection = wp_ldap_connect($ldap_url, $ldap_starttls, $ldap_binddn, $ldap_bindpw);
Expand Down
9 changes: 5 additions & 4 deletions htdocs/resetpassword.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,12 @@
$pwdreset = $_POST["pwdreset"];
}

if ($result === "") {
require_once("../conf/config.inc.php");
require_once("../lib/ldap.inc.php");
require_once("../lib/posthook.inc.php");
require_once("../lib/authenticate_admin.inc.php");

require_once("../conf/config.inc.php");
require_once("../lib/ldap.inc.php");
require_once("../lib/posthook.inc.php");
if ($result === "") {

# Connect to LDAP
$ldap_connection = wp_ldap_connect($ldap_url, $ldap_starttls, $ldap_binddn, $ldap_bindpw);
Expand Down
7 changes: 4 additions & 3 deletions htdocs/unlockaccount.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,11 @@
$result = "dnrequired";
}

if ($result === "") {
require_once("../conf/config.inc.php");
require_once("../lib/ldap.inc.php");
require_once("../lib/authenticate_admin.inc.php");

require_once("../conf/config.inc.php");
require_once("../lib/ldap.inc.php");
if ($result === "") {

# Connect to LDAP
$ldap_connection = wp_ldap_connect($ldap_url, $ldap_starttls, $ldap_binddn, $ldap_bindpw);
Expand Down
4 changes: 4 additions & 0 deletions lang/en.inc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,5 +78,9 @@
$messages['unlockaccount'] = "Unlock account";
$messages['unlockdate'] = "Automatic unlock date:";
$messages['welcome'] = "Welcome to LDAP Tool Box service desk";
$messages['label_admin_credentials'] = "Administrator's Credentials";
$messages['admin_username'] = "Administrator's username";
$messages['admin_password'] = "Administrator's password";
$messages['admincredentialsrequired'] = "Administrator's Credentials required";

?>
4 changes: 4 additions & 0 deletions lang/fr.inc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,5 +78,9 @@
$messages['unlockaccount'] = "Débloquer le compte";
$messages['unlockdate'] = "Date de déblocage automatique :";
$messages['welcome'] = "Bienvenue sur le guichet de service LDAP Tool Box";
$messages['label_admin_credentials'] = "Informations d'identification de l'administrateur";
$messages['admin_username'] = "Nom d'utilisateur de l'administrateur";
$messages['admin_password'] = "Mot de passe administrateur";
$messages['admincredentialsrequired'] = "Informations d'identification de l'administrateur requises";

?>
15 changes: 15 additions & 0 deletions lib/authenticate_admin.inc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?php
/*
* Reset password in LDAP directory
*/

if($result === "" and $always_authenticate_admin) {
if(isset($_POST["admin_username"]) and $_POST["admin_username"] and isset($_POST["admin_password"]) and $_POST["admin_password"]) {
$ldap_binddn = $ldap_login_attribute ."=" . $_POST["admin_username"] ."," . $ldap_user_base;
$ldap_bindpw = $_POST["admin_password"];
} else {
$result = "admincredentialsrequired";
}
}

?>
39 changes: 39 additions & 0 deletions templates/display.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,19 @@
</div>
</div>
</div>
{if $always_authenticate_admin}
<div class="form-group">
<div class="input-group"><p>{$msg_label_admin_credentials}</p></div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-fw fa-user-circle"></i></span>
<input type="text" name="admin_username" id="admin_username" class="form-control" placeholder="{$msg_admin_username}" />
</div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-fw fa-lock"></i></span>
<input type="password" name="admin_password" id="admin_password" class="form-control" placeholder="{$msg_admin_password}" />
</div>
</div>
{/if}
<div class="form-group">
<button type="submit" class="btn btn-success">
<i class="fa fa-fw fa-check-square-o"></i> {$msg_submit}
Expand Down Expand Up @@ -208,6 +221,19 @@
<div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotunlocked}</div>
{/if}
<input type="hidden" name="dn" value="{$dn}" />
{if $always_authenticate_admin}
<div class="form-group">
<div class="input-group"><p>{$msg_label_admin_credentials}</p></div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-fw fa-user-circle"></i></span>
<input type="text" name="admin_username" id="admin_username" class="form-control" placeholder="{$msg_admin_username}" />
</div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-fw fa-lock"></i></span>
<input type="password" name="admin_password" id="admin_password" class="form-control" placeholder="{$msg_admin_password}" />
</div>
</div>
{/if}
<div class="form-group">
<button type="submit" class="btn btn-success">
<i class="fa fa-fw fa-unlock"></i> {$msg_unlockaccount}
Expand Down Expand Up @@ -235,6 +261,19 @@
<div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotlocked}</div>
{/if}
<input type="hidden" name="dn" value="{$dn}" />
{if $always_authenticate_admin}
<div class="form-group">
<div class="input-group"><p>{$msg_label_admin_credentials}</p></div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-fw fa-user-circle"></i></span>
<input type="text" name="admin_username" id="admin_username" class="form-control" placeholder="{$msg_admin_username}" />
</div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-fw fa-lock"></i></span>
<input type="password" name="admin_password" id="admin_password" class="form-control" placeholder="{$msg_admin_password}" />
</div>
</div>
{/if}
<div class="form-group">
<button type="submit" class="btn btn-success">
<i class="fa fa-fw fa-lock"></i> {$msg_lockaccount}
Expand Down