opnieuw

2025-11-12 11:04:58 +01:00
parent 576fbe9eac
commit a77cf5f9df
13 changed files with 152 additions and 246 deletions
--- a/auth/ldap.php
+++ b/auth/ldap.php
@@ -0,0 +1,90 @@
 <?php
 // auth/ldap.php
 /**
 * LDAP-authenticatie voor Samba AD.
 * Retourneert gebruikersinfo bij succes of false bij mislukking.
 */
 function ldap_authenticate($username, $password)
 {
    $config = require __DIR__ . '/../config/config.php';
    $ldap_conf = $config['ldap'];
    if (empty($username) || empty($password)) {
        return false;
    }
    // Verbinden met Samba AD LDAP
    $ldapconn = ldap_connect($ldap_conf['server'], $ldap_conf['port']);
    if (!$ldapconn) {
        error_log("LDAP: geen verbinding met {$ldap_conf['server']}");
        return false;
    }
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
    // StartTLS indien geconfigureerd
    if (!empty($ldap_conf['use_tls']) && $ldap_conf['use_tls']) {
        if (!ldap_start_tls($ldapconn)) {
            error_log("LDAP: TLS-verbinding mislukt");
            ldap_close($ldapconn);
            return false;
        }
    }
    // Probeer eerst directe bind via userPrincipalName (AD-stijl)
    $userPrincipalName = (str_contains($username, '@')) ? $username : "{$username}@de-roo.local";
    $bind = @ldap_bind($ldapconn, $userPrincipalName, $password);
    // Als directe bind lukt → zoek user info
    if ($bind) {
        $filter = "(sAMAccountName={$username})";
    } else {
        // Fallback: bind met admin en zoek de DN van gebruiker
        if (!@ldap_bind($ldapconn, $ldap_conf['admin_user'], $ldap_conf['admin_pass'])) {
            ldap_unbind($ldapconn);
            return false;
        }
        $filter = "(|(sAMAccountName={$username})(userPrincipalName={$userPrincipalName}))";
    }
    $attrs = ['sAMAccountName', 'givenName', 'sn', 'mail', 'userPrincipalName', 'displayName', 'dn'];
    $result = ldap_search($ldapconn, $ldap_conf['base_dn'], $filter, $attrs);
    if (!$result) {
        ldap_unbind($ldapconn);
        return false;
    }
    $entries = ldap_get_entries($ldapconn, $result);
    if ($entries['count'] === 0) {
        ldap_unbind($ldapconn);
        return false;
    }
    $entry = $entries[0];
    // Als we nog niet met de user zelf gebind zijn, doe dat nu
    if (!$bind) {
        $user_dn = $entry['dn'];
        if (!@ldap_bind($ldapconn, $user_dn, $password)) {
            ldap_unbind($ldapconn);
            return false;
        }
    }
    // Gebruikersinfo samenstellen
    $userData = [
        'username'  => $entry['samaccountname'][0] ?? $username,
        'givenName' => $entry['givenname'][0] ?? '',
        'sn'        => $entry['sn'][0] ?? '',
        'email'     => $entry['mail'][0] ?? '',
        'displayName' => $entry['displayname'][0] ?? ($entry['givenname'][0] ?? '') . ' ' . ($entry['sn'][0] ?? ''),
        'userPrincipalName' => $entry['userprincipalname'][0] ?? $userPrincipalName
    ];
    ldap_unbind($ldapconn);
    return $userData;
 }
--- a/config/config.php
+++ b/config/config.php
@@ -1,26 +1,23 @@
 <?php
-return [
+// config/config.php
    'ldap' => [
        'server' => 'ldap://de-roo.org',
        'base_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org',
        'user_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org'
    ],
 return [
    'db' => [
        'host' => 'localhost',
-        'name' => 'lootjesapp',
+        'name' => 'lootjes',
        'user' => 'lootjes',
-        'pass' => 'lootjesIsGek12#'
+        'pass' => 'lootjesIsGek12#',
        'charset' => 'utf8mb4'
    ],
-    // deelnemerslijst (alleen gebruikt bij initialisatie)
+    'ldap' => [
-    'deelnemers' => [
+        'server'       => 'ldap://de-roo.org',   // of ldaps://... voor SSL
-        'monica',
+        'port'         => 389,
-        'thomas',
+        'base_dn'      => 'DC=de-roo,DC=org',
-        'emmy',
+        'user_dn'      => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org',
-        'jozefien'
+        'admin_user'   => 'CN=ldap,OU=ServiceAccounts,OU=deRoo,DC=de-roo,DC=org',
-    ],
+        'admin_pass'   => 'ld@ps3arch',
        'use_tls'      => false
    ]
    'admin_users' => ['thomas'] // LDAP-gebruikersnaam van beheerder
 ];
--- a/data/dp.php
+++ b/data/dp.php
@@ -0,0 +1,19 @@
 <?php
 // data/db.php
 $config = require __DIR__ . '/../config/config.php';
 $db = $config['db'];
 $dsn = "mysql:host={$db['host']};dbname={$db['name']};charset={$db['charset']}";
 $options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES   => false,
 ];
 try {
    $pdo = new PDO($dsn, $db['user'], $db['pass'], $options);
 } catch (PDOException $e) {
    die("Databaseverbinding mislukt: " . htmlspecialchars($e->getMessage()));
 }
--- a/includes/db.php
+++ b/includes/db.php
@@ -1,14 +0,0 @@
 <?php
 $config = require __DIR__ . '/../config/config.php';
 try {
    $pdo = new PDO(
        "mysql:host={$config['db']['host']};dbname={$config['db']['name']};charset=utf8mb4",
        $config['db']['user'],
        $config['db']['pass'],
        [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
    );
 } catch (PDOException $e) {
    die("Databaseverbinding mislukt: " . $e->getMessage());
 }
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,44 +0,0 @@
 <?php
 function startNieuweRonde($pdo)
 {
    $config = require __DIR__ . '/../config/config.php';
    $deelnemers = $config['deelnemers'];
    $getrokken = [];
    $targets = $deelnemers;
    shuffle($targets);
    // Zorg dat niemand zichzelf krijgt
    do {
        shuffle($targets);
    } while (array_intersect_assoc($deelnemers, $targets));
    foreach ($deelnemers as $i => $trekker) {
        $getrokken[$trekker] = $targets[$i];
    }
    // Oude ronde archiveren
    $archiefBestand = __DIR__ . '/../data/archief/' . date('Ymd_His') . '_lootjes.json';
    if (file_exists(__DIR__ . '/../data/lootjes.json')) {
        rename(__DIR__ . '/../data/lootjes.json', $archiefBestand);
    }
    file_put_contents(__DIR__ . '/../data/lootjes.json', json_encode($getrokken, JSON_PRETTY_PRINT));
    return $getrokken;
 }
 function getLootjeVoor($gebruiker)
 {
    $path = __DIR__ . '/../data/lootjes.json';
    if (!file_exists($path)) return null;
    $lootjes = json_decode(file_get_contents($path), true);
    return $lootjes[$gebruiker] ?? null;
 }
 function isAdmin($username)
 {
    $config = require __DIR__ . '/../config/config.php';
    return in_array($username, $config['admin_users']);
 }
--- a/includes/ldap.php
+++ b/includes/ldap.php
@@ -1,23 +0,0 @@
 <?php
 function ldap_authenticate($username, $password)
 {
    $config = require __DIR__ . '/../config/config.php';
    $ldapconn = ldap_connect($config['ldap']['server']);
    if (!$ldapconn) {
        return false;
    }
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
    $bind_dn = "uid={$username},{$config['ldap']['user_dn']}";
    if (@ldap_bind($ldapconn, $bind_dn, $password)) {
        ldap_unbind($ldapconn);
        return true;
    }
    return false;
 }
--- a/public/admin.php
+++ b/public/admin.php
@@ -1,31 +0,0 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/functions.php';
 require_once __DIR__ . '/../includes/db.php';
 if (!isset($_SESSION['user']) || !isAdmin($_SESSION['user'])) {
    header('Location: dashboard.php');
    exit;
 }
 $bericht = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['nieuwe_ronde'])) {
    $lootjes = startNieuweRonde($pdo);
    $bericht = 'Nieuwe ronde gestart!';
 }
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Beheer</title></head>
 <body>
 <h2>Beheerpagina</h2>
 <?php if ($bericht): ?><p style="color:green"><?= htmlspecialchars($bericht) ?></p><?php endif; ?>
 <form method="post">
    <button type="submit" name="nieuwe_ronde">Start nieuwe lootjes-ronde</button>
 </form>
 <p><a href="dashboard.php">Terug</a></p>
 </body>
 </html>
--- a/public/dashboard.php
+++ b/public/dashboard.php
@@ -1,34 +0,0 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/functions.php';
 if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit;
 }
 $gebruiker = $_SESSION['user'];
 $lootje = getLootjeVoor($gebruiker);
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Dashboard</title></head>
 <body>
 <h2>Welkom, <?= htmlspecialchars($gebruiker) ?></h2>
 <?php if ($lootje): ?>
    <p>Je hebt getrokken: <strong><?= htmlspecialchars($lootje) ?></strong></p>
 <?php else: ?>
    <p>Er is nog geen ronde gestart.</p>
 <?php endif; ?>
 <p><a href="wishlist.php">Mijn verlanglijstje</a></p>
 <?php if (isAdmin($gebruiker)): ?>
    <p><a href="admin.php">Beheerpagina</a></p>
 <?php endif; ?>
 <p><a href="logout.php">Uitloggen</a></p>
 </body>
 </html>
--- a/public/index.php
+++ b/public/index.php
@@ -1,10 +0,0 @@
 <?php
 session_start();
 if (isset($_SESSION['user'])) {
    header('Location: dashboard.php');
    exit;
 }
 header('Location: login.php');
 exit;
--- a/public/login.php
+++ b/public/login.php
@@ -1,33 +0,0 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/ldap.php';
 $error = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $user = $_POST['username'] ?? '';
    $pass = $_POST['password'] ?? '';
    if (ldap_authenticate($user, $pass)) {
        $_SESSION['user'] = $user;
        header('Location: dashboard.php');
        exit;
    } else {
        $error = 'Ongeldige login.';
    }
 }
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Login</title></head>
 <body>
 <h2>Login</h2>
 <form method="post">
    <label>Gebruikersnaam: <input type="text" name="username"></label><br>
    <label>Wachtwoord: <input type="password" name="password"></label><br>
    <button type="submit">Aanmelden</button>
 </form>
 <p style="color:red"><?= htmlspecialchars($error) ?></p>
 </body>
 </html>
--- a/public/logout.php
+++ b/public/logout.php
@@ -1,6 +0,0 @@
 <?php
 session_start();
 session_destroy();
 header('Location: login.php');
 exit;
--- a/public/wishlist.php
+++ b/public/wishlist.php
@@ -1,34 +0,0 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/db.php';
 if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit;
 }
 $gebruiker = $_SESSION['user'];
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $wensen = $_POST['wensen'] ?? '';
    $stmt = $pdo->prepare("REPLACE INTO wishlists (user, wensen) VALUES (?, ?)");
    $stmt->execute([$gebruiker, $wensen]);
 }
 $stmt = $pdo->prepare("SELECT wensen FROM wishlists WHERE user = ?");
 $stmt->execute([$gebruiker]);
 $wensen = $stmt->fetchColumn();
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Verlanglijstje</title></head>
 <body>
 <h2>Mijn verlanglijstje</h2>
 <form method="post">
    <textarea name="wensen" rows="8" cols="40"><?= htmlspecialchars($wensen ?? '') ?></textarea><br>
    <button type="submit">Opslaan</button>
 </form>
 <p><a href="dashboard.php">Terug</a></p>
 </body>
 </html>
--- a/test_ldap.php
+++ b/test_ldap.php
@@ -0,0 +1,29 @@
 <?php
 require __DIR__ . '/auth/ldap.php';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'] ?? '';
    $password = $_POST['password'] ?? '';
    $user = ldap_authenticate($username, $password);
    if ($user) {
        echo "<h3 style='color:green;'>✅ Inloggen geslaagd!</h3>";
        echo "<ul>";
        echo "<li>Naam: " . htmlspecialchars($user['displayName']) . "</li>";
        echo "<li>Voornaam: " . htmlspecialchars($user['givenName']) . "</li>";
        echo "<li>Achternaam: " . htmlspecialchars($user['sn']) . "</li>";
        echo "<li>Gebruikersnaam (sAMAccountName): " . htmlspecialchars($user['username']) . "</li>";
        echo "<li>Email: " . htmlspecialchars($user['email']) . "</li>";
        echo "<li>UserPrincipalName: " . htmlspecialchars($user['userPrincipalName']) . "</li>";
        echo "</ul>";
    } else {
        echo "<p style='color:red;'>❌ Ongeldige inloggegevens.</p>";
    }
 }
 ?>
 <form method="post">
    <label>Gebruikersnaam (zonder domein): <input type="text" name="username" required></label><br>
    <label>Wachtwoord: <input type="password" name="password" required></label><br>
    <button type="submit">Login</button>
 </form>