Morph01/PHP-LDAP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: back to password in session, add list users in admin panel, modify, delete, logout

Browse Source
This commit is contained in:
Morph01
2025-02-04 07:13:34 -08:00
parent 9bac52bc37
commit 986b72a2cb
9 changed files with 224 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
controllers/add_user.php
View File

@@ -30,12 +30,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
// Authentification avec le token de session $ldap_user = "CN=" . $_SESSION['user_pseudo'] . ",CN=Users,DC=epul3a,DC=local";
$token = base64_decode($_SESSION['ldap_token']);
list($ldap_user, $ldap_password) = explode(':', $token);
$ldap_user = "CN=$ldap_user,CN=Users,DC=epul3a,DC=local";
if (!@ldap_bind($ldapconn, $ldap_user, $ldap_password)) { if (!@ldap_bind($ldapconn, $ldap_user, $_SESSION['password'])) {
die("Could not bind to LDAP server: " . ldap_error($ldapconn)); die("Could not bind to LDAP server: " . ldap_error($ldapconn));
} }
@@ -51,6 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
'mail' => $email, 'mail' => $email,
'userPassword' => $password, 'userPassword' => $password,
'samAccountName' => $samAccountName, 'samAccountName' => $samAccountName,
// 'userAccountControl' => "544", // Activer le compte
'objectClass' => ['top', 'person', 'organizationalPerson', 'user'] 'objectClass' => ['top', 'person', 'organizationalPerson', 'user']
]; ];

2
controllers/auth.php
View File

@@ -23,7 +23,7 @@ class AuthController
$_SESSION['login'] = true; $_SESSION['login'] = true;
$_SESSION['user_pseudo'] = $_POST['user_pseudo']; $_SESSION['user_pseudo'] = $_POST['user_pseudo'];
$_SESSION['is_admin'] = $result['is_admin']; $_SESSION['is_admin'] = $result['is_admin'];
$_SESSION['ldap_token'] = base64_encode($_POST['user_pseudo'] . ':' . $_POST['user_password']); $_SESSION['password'] = $_POST['user_password'];
header('Location: /index.php'); header('Location: /index.php');
exit; exit;
} else { } else {

66
controllers/controllerAdmin.php
View File

@@ -5,9 +5,8 @@ function listAllOU()
session_start(); session_start();
} }
// Vérifier si le token est présent dans la session if (!isset($_SESSION['user_pseudo'])) {
if (!isset($_SESSION['ldap_token'])) { die("Nom utilisateur manquant. Veuillez vous reconnecter.");
die("Token d'authentification manquant. Veuillez vous reconnecter.");
} }
$ldapconn = ldap_connect("ldap://intranet.epul3a.local") $ldapconn = ldap_connect("ldap://intranet.epul3a.local")
@@ -16,20 +15,9 @@ function listAllOU()
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
// Décoder le token et extraire les informations $ldap_user = "CN=" . $_SESSION['user_pseudo'] . ",CN=Users,DC=epul3a,DC=local";
$token = base64_decode($_SESSION['ldap_token']);
if ($token === false) {
die("Token d'authentification invalide.");
}
list($ldap_user, $ldap_password) = explode(':', $token); if (!@ldap_bind($ldapconn, $ldap_user, $_SESSION['password'])) {
if (count(explode(':', $token)) !== 2) {
die("Format de token invalide.");
}
$ldap_user = "CN=$ldap_user,CN=Users,DC=epul3a,DC=local";
if (!@ldap_bind($ldapconn, $ldap_user, $ldap_password)) {
die("Could not bind to LDAP server: " . ldap_error($ldapconn)); die("Could not bind to LDAP server: " . ldap_error($ldapconn));
} }
@@ -56,3 +44,49 @@ function listAllOU()
ldap_close($ldapconn); ldap_close($ldapconn);
return $ous; // Retourner le tableau des OUs return $ous; // Retourner le tableau des OUs
} }
function listAllUsers()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$ldapconn = ldap_connect("ldap://intranet.epul3a.local")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldap_user = "CN=" . $_SESSION['user_pseudo'] . ",CN=Users,DC=epul3a,DC=local";
if (!@ldap_bind($ldapconn, $ldap_user, $_SESSION['password'])) {
die("Could not bind to LDAP server: " . ldap_error($ldapconn));
}
$searchBase = "DC=epul3a,DC=local";
$filter = "(objectClass=user)";
$attributes = array("cn", "sn", "givenName", "mail", "distinguishedName");
$result = @ldap_search($ldapconn, $searchBase, $filter, $attributes);
$users = [];
if ($result) {
$entries = ldap_get_entries($ldapconn, $result);
if ($entries['count'] > 0) {
foreach ($entries as $key => $entry) {
if (is_numeric($key)) {
// Extraire l'OU du DN
preg_match('/OU=([^,]+)/', $entry['distinguishedname'][0], $matches);
$ou = isset($matches[1]) ? $matches[1] : 'Users';
$entry['ou'] = $ou; // Ajouter l'OU à l'entrée de l'utilisateur
$users[] = $entry; // Ajouter chaque utilisateur au tableau
}
}
}
} else {
echo "Error: " . ldap_error($ldapconn);
}
ldap_close($ldapconn);
return $users; // Retourner le tableau des utilisateurs
}

5
controllers/logout.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
session_start();
session_destroy();
header('Location: ../index.php');
exit;

13
test.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
$ldapconn = ldap_connect("ldap://intranet.epul3a.local");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$user_dn = "CN=Ali Gathor,OU=3AFISA,DC=epul3a,DC=local";
$password = "Test@123"; // Remplace avec un vrai mot de passe de test
if (@ldap_bind($ldapconn, $user_dn, $password)) {
echo "✅ Connexion réussie !";
} else {
echo "❌ Erreur de connexion : " . ldap_error($ldapconn);
}

48
views/delete_user.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
session_start();
// Vérifier si l'utilisateur est admin
if (!isset($_SESSION["login"]) || !$_SESSION["is_admin"]) {
header("Location: ../index.php");
exit;
}
require_once __DIR__ . '/../controllers/controllerAdmin.php';
if (!isset($_POST['user_dn'])) {
echo "Utilisateur non spécifié.";
exit;
}
$user_dn = $_POST['user_dn'];
deleteUser($user_dn); // Fonction à implémenter pour supprimer l'utilisateur
echo "Utilisateur supprimé avec succès.";
header("Location: list_users.php");
exit;
function deleteUser($user_dn)
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$ldapconn = ldap_connect("ldap://intranet.epul3a.local")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldap_user = "CN=" . $_SESSION['user_pseudo'] . ",CN=Users,DC=epul3a,DC=local";
if (!@ldap_bind($ldapconn, $ldap_user, $_SESSION['password'])) {
die("Could not bind to LDAP server: " . ldap_error($ldapconn));
}
if (!@ldap_delete($ldapconn, $user_dn)) {
die("Erreur lors de la suppression de l'utilisateur: " . ldap_error($ldapconn));
}
ldap_close($ldapconn);
}

40
views/edit_user.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
session_start();
if (!isset($_SESSION["login"]) || !$_SESSION["is_admin"]) {
header("Location: ../index.php");
exit;
}
require_once __DIR__ . '/../controllers/controllerAdmin.php';
if (!isset($_POST['user_dn'])) {
echo "Utilisateur non spécifié.";
exit;
}
$user_dn = $_POST['user_dn'];
$user = getUserDetails($user_dn); // Fonction à créer pour récupérer les détails d'un utilisateur
$ous = getListOU(); // Fonction à créer pour récupérer la liste des OU
if (!$user) {
echo "Utilisateur introuvable.";
exit;
}
?>
<h2>Modifier un utilisateur</h2>
<form method="post" action="../controllers/update_user.php">
<input type="hidden" name="user_dn" value="<?= htmlspecialchars($user_dn) ?>">
<label>Nom:</label>
<input type="text" name="cn" value="<?= htmlspecialchars($user['cn'][0]) ?>" required><br>
<label>Email:</label>
<input type="email" name="mail" value="<?= htmlspecialchars($user['mail'][0] ?? '') ?>"><br>
<label>OU:</label>
<button type="submit">Enregistrer</button>
</form>

46
views/list_users.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
session_start();
// Check if user is logged in and is admin
if (!isset($_SESSION["login"]) || !$_SESSION["is_admin"]) {
header("Location: ../index.php");
exit;
}
require_once __DIR__ . '/../controllers/controllerAdmin.php';
echo "<h2>Gestion des utilisateurs</h2>";
// Display users table
echo "<table border='1'>
<tr>
<th>Nom</th>
<th>Email</th>
<th>OU</th>
<th>Actions</th>
</tr>";
$users = listAllUsers();
foreach ($users as $user) {
$name = htmlspecialchars($user['cn'][0]);
$email = htmlspecialchars($user['mail'][0] ?? 'N/A');
$ou = htmlspecialchars($user['ou']);
$dn = htmlspecialchars($user['distinguishedname'][0]);
echo "<tr>
<td>$name</td>
<td>$email</td>
<td>$ou</td>
<td>
<form method='post' action='edit_user.php' style='display:inline;'>
<input type='hidden' name='user_dn' value='$dn'>
<input type='submit' value='Modifier'>
</form>
<form method='post' action='delete_user.php' style='display:inline;' onsubmit='return confirm(\"Confirmer la suppression ?\");'>
<input type='hidden' name='user_dn' value='$dn'>
<input type='submit' value='Supprimer'>
</form>
</td>
</tr>";
}
echo "</table>";

26
views/menu.php
View File

@@ -4,14 +4,24 @@ if (!isset($_SESSION["login"]) || $_SESSION["login"] !== true) {
exit; exit;
} }
echo "Bienvenue " . $_SESSION["user_pseudo"]; require_once __DIR__ . '/../controllers/controllerAdmin.php';
// Récupérer les infos de l'utilisateur
// $user_info = getUserByPseudo($_SESSION["user_pseudo"]);
echo "Bienvenue " . $_SESSION["user_pseudo"] . "!";
// Affichage du menu
echo "<h2>Menu</h2>";
echo "<ul>";
if ($_SESSION["is_admin"]) { if ($_SESSION["is_admin"]) {
echo "<h2>Admin Dashboard</h2>"; echo "<li><a href='views/list_users.php'>Liste des utilisateurs</a></li>";
echo "<a href='controllers/create_user.php'>Créer un utilisateur</a><br>"; echo "<li><a href='views/add_user.php'>Ajouter un utilisateur</a></li>";
echo "<a href='controllers/modify_user.php'>Modifier un utilisateur</a><br>";
echo "<a href='controllers/delete_user.php'>Supprimer un utilisateur</a><br>";
} else {
echo "<h2>Utilisateur Standard</h2>";
echo "<p>Vous pouvez consulter votre profil.</p>";
} }
echo "</ul>";
// Bouton de déconnexion
echo "<form method='post' action='../controllers/logout.php'>";
echo "<input type='submit' value='Déconnexion'>";
echo "</form>";
// Reste du code (admin/user)