From a401e344fd8018b9956bc3ff295def1433add18c Mon Sep 17 00:00:00 2001 From: Nicolas Boisselier Date: Wed, 13 Dec 2017 01:50:22 +0000 Subject: [PATCH] www/dbq/dbq.php --- lib/php/nb.php | 46 ++++++++++++++++++++++++++++------------------ www/dbq/dbq.php | 42 +++++++++++++++++------------------------- 2 files changed, 45 insertions(+), 43 deletions(-) diff --git a/lib/php/nb.php b/lib/php/nb.php index dd4017f2..ca31a60d 100644 --- a/lib/php/nb.php +++ b/lib/php/nb.php @@ -1065,40 +1065,50 @@ class NB { } public static function ldap_search($o=[]) { - #$base = preg_match('/^(.*?)([^\.]+\.[^\.]+)$/','$2',$_SERVER['HTTP_HOST']); - #if (!isset($o['host'])) $o['host'] = "ldap.$base"; + $base = '127.0.0.1'; + if (preg_match('/^.*?([^\.]+\.[^\.]+)$/',$_SERVER['HTTP_HOST'],$m)) { + $base = $m[1]; + } + + if (!isset($o['user'])) $o['user'] = $_SERVER['PHP_AUTH_USER']; + + if (!isset($o['password'])) $o['password'] = $_SERVER['PHP_AUTH_PW']; + + if (!isset($o['host'])) $o['host'] = "ldap.$base"; + + if (!isset($o['base_dn'])) $o['base_dn'] = 'dc=' . str_replace('.',',dc=',$base); + + $o['bind_dn_preff'] = isset($o['bind_dn_preff']) ? ','.$o['bind_dn_preff'].',' : ''; + + if (!isset($o['bind_dn'])) $o['bind_dn'] = 'cn=' . $o['user'] . $o['bind_dn_preff'] . $o['base_dn']; + + if (!isset($o['filter'])) $o['filter'] = "(cn=".$o['user'].")"; + if (!isset($o['attrs'])) $o['attrs'] = []; + #return $o; - $ldap_host = "ldap.vpn.nbdom.net"; - $base_dn = "dc=nbdom,dc=net"; - $filter = "(cn=".$_SERVER['PHP_AUTH_USER'].")"; - $filter = "(memberUid=nico)"; - $keys = []; - #$keys = ['dn','cn','sn','uid']; - $ldap_user = "cn=".$_SERVER['PHP_AUTH_USER'].",ou=auth,$base_dn"; - $ldap_pass = $_SERVER['PHP_AUTH_PW']; - - $connect = ldap_connect($ldap_host) or exit(">>Could not connect to LDAP server<<"); + + $connect = ldap_connect($o['host']) or exit(">>Could not connect to LDAP server<<"); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); - $bind = ldap_bind($connect, $ldap_user, $ldap_pass) or exit(">>Could not bind to $ldap_host<<"); - $read = ldap_search($connect, $base_dn, $filter) or exit(">>Unable to search ldap server<<"); + $bind = ldap_bind($connect, $o['bind_dn'], $o['password']) or self::bye(">>Could not bind to ".$o['ldap_host']."<<"); + $read = ldap_search($connect, $o['base_dn'], $o['filter']) or self::bye(">>Unable to search ldap server<<"); $info = ldap_get_entries($connect, $read); - #echo $info["count"]." entries returned

/"; $recs = []; + #debug($info); for ($r=0; $r<$info["count"]; $r++){ $rec = $info[$r]; for ($i=0; $i<$rec["count"]; $i++){ # Fields $key = $info[$r][$i]; - if (!empty($keys) and !in_array($key,$keys)) continue; + if (!empty($o['attrs']) and !in_array($key,$o['attrs'])) continue; $recs[$r][$key] = []; # Values - for ($j=0; $j<$info[$i][$key]['count']; $j++){ - $recs[$r][$key][] = $info[$i][$key][$j]; + if (isset($rec[$key]['count'])) for ($j=0; $j<$rec[$key]['count']; $j++){ + $recs[$r][$key][] = $rec[$key][$j]; } if (count($recs[$r][$key]) == 1) $recs[$r][$key] = $recs[$r][$key][0]; diff --git a/www/dbq/dbq.php b/www/dbq/dbq.php index a10b7554..3806ece7 100644 --- a/www/dbq/dbq.php +++ b/www/dbq/dbq.php @@ -378,7 +378,7 @@ class DbQ extends nb { if ($this->db->type == 'sqlite' and !is_writeable($this->db->host)) return; # NB 11.12.17 $rm = $this->table->base.'/rm/'.$args; - $rm = $this->table->base.'/rm/'; + $rm = $this->uri_add_referer($this->table->base.'/rm/'); $r['delete'] = '' .'

' .'Delete' @@ -394,6 +394,13 @@ class DbQ extends nb { } + public static function uri_add_referer($rm) { + if (isset($_SERVER['REQUEST_URI'])) { + $rm .= (strpos($rm,'?') ? '' : '?') . 'referer=' . urlencode($_SERVER['REQUEST_URI']); + } + return $rm; + } + public static function form_hidden($r) { $h = ''; foreach ($r as $k => $v) { @@ -775,29 +782,9 @@ EOF; // Affect values to objects if ($format == 'html') $format = $this->format_html; $this->format($format); -# NB 08.12.17 $this->params['format'] = $format; -# NB 08.12.17 $this->db->format = $format; $this->is_html = strpos($content_type,'html') ? true : false; $this->db->is_html = $this->is_html; - #if ( $format == 'json' and isset($_GET['json']) ) { - #bye($this->p('json')); - /* - if ( $format == 'json' and isset($_POST['json']) ) { - #bye($_POST['json']); - #$this->pset($this->json_decode($_POST['json'])); - $_POST = $_POST + $this->json_decode($_POST['json']); - #bye($this->p()); - } - - if ( $format == 'json' and $this->p('json') ) { - #bye($this->p('json')); - #bye($this->json_decode($this->p('json'))); - #bye($this->json_decode('{"id": "2"}')); - $this->pset($this->json_decode($this->p('json'))); - } - */ - } public function phpinfo_rows() { @@ -1008,6 +995,11 @@ EOF; // NOW ONLY FOR ADMIN ! } elseif ($this->perm < self::ADMIN) { + } elseif ($action == 'ldap_search') { + $this->page($this->ldap_search([ + 'bind_dn_preff'=>'ou=auth', + ])); + } elseif ($action == 'phpinfo') { $this->rows_table($action,$this->phpinfo_rows()); #$this->page(['phpinfo'=>$this->page->phpinfo(true)]); @@ -1130,19 +1122,19 @@ EOF; } elseif ($action == 'update' and $this->perm >= self::WRITE) { if (!$this->table->update($_POST,$info)) $this->error('update: '.print_r($info,true)); - # NB 23.08.17: TODO $this->redirect_if_no_referer($this->table->base.'/'); - #header('Location: '.$this->table->base.'/'); $this->page($info); } elseif ($action == 'replace' and $this->perm >= self::WRITE) { if (!$this->table->replace($_POST,$info)) $this->error('replace: '.print_r($info,true)); - header('Location: '.$this->table->base.'/'); +# NB 13.12.17 header('Location: '.$this->table->base.'/'); + $this->redirect_if_no_referer($this->table->base.'/'); $this->page($info); } elseif ($action == 'rm' and $this->perm >= self::DELETE) { if (!$this->table->delete($_POST,$info)) $this->error('rm: '.print_r($info,true)); - header('Location: '.$this->table->base.'/'); + #header('Location: '.$this->table->base.'/'); + $this->redirect_if_no_referer($this->table->base.'/'); $this->page($info); -- 2.47.3