Morph01/PHP-LDAP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance user creation and editing with role assignment and secure password handling (ldaps merci guillaume)

Browse Source
This commit is contained in:
Morph01
2025-02-05 02:55:25 -08:00
committed by Morph01
parent fcc7e22fdb
commit 0fac3057b8
4 changed files with 65 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
controllers/create_user.php
View File

@@ -14,6 +14,9 @@ if (!isset($_SESSION["login"]) || !$_SESSION["is_admin"]) {
// Récupérer les données de la session et du formulaire
$admin_username = $_SESSION['sAMAccountName']; // sAMAccountName de l'admin connecté
$ou_dn = $_POST['ou_dn']; // OU cible pour la création
$role = $_POST['role']; // Rôle de l'utilisateur
$crypted_password = iconv('UTF-8', 'UTF-16LE', '"' . $_POST['password'] . '"');
// Récupérer les attributs du nouvel utilisateur depuis le formulaire
$entry = [
@@ -22,8 +25,11 @@ $entry = [
'givenName' => $_POST['firstname'],
'sn' => $_POST['lastname'],
'mail' => $_POST['email'],
'userPassword' => $_POST['password'],
'sAMAccountName' => $_POST['username'],
'userAccountControl' => '512', // Activer le compte
'displayName' => $_POST['firstname'] . ' ' . $_POST['lastname'],
'userPrincipalName' => $_POST['username'] . '@epul3a.local',
'unicodePwd' => $crypted_password
];
// Vérifier que l'admin a les droits sur l'OU cible
@@ -36,6 +42,20 @@ if (!in_array($ou_dn, $_SESSION['admin_ous'])) {
try {
$user_dn = "CN=" . $_POST['username'] . "," . $ou_dn;
if ($ldapAuth->addUserWithAdminAuth($user_dn, $entry, $admin_username, $_SESSION['password'])) {
// Ajouter l'utilisateur au groupe d'administration si nécessaire
if ($role === 'admin') {
$group_dn = '';
if ($ou_dn === 'OU=3AFISA,DC=epul3a,DC=local') {
$group_dn = 'CN=Domain Admins,CN=Users,DC=epul3a,DC=local';
} elseif ($ou_dn === 'CN=Users,DC=epul3a,DC=local') {
$group_dn = 'CN=Enterprise Admins,CN=Users,DC=epul3a,DC=local';
}
if (!empty($group_dn)) {
$ldapAuth->addUserToGroup($user_dn, $group_dn, $admin_username, $_SESSION['password']);
}
}
header("Location: ../views/list_users.php?ou=" . urlencode($ou_dn));
} else {
die("Erreur lors de la création.");

4
controllers/edit_user.php
View File

@@ -29,8 +29,10 @@ if (!empty($_POST['email'])) {
$attributes['mail'] = [$_POST['email']];
}
$_crypted_new_password = iconv('UTF-8', 'UTF-16LE', '"' . $_POST['new_password'] . '"');
if (!empty($_POST['new_password'])) {
$attributes['userPassword'] = [$_POST['new_password']];
$attributes['unicodePwd'] = $_crypted_new_password;
}
$ldapAuth = new LDAPAuth();