opnieuw
This commit is contained in:
90
auth/ldap.php
Normal file
90
auth/ldap.php
Normal file
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
// auth/ldap.php
|
||||
|
||||
/**
|
||||
* LDAP-authenticatie voor Samba AD.
|
||||
* Retourneert gebruikersinfo bij succes of false bij mislukking.
|
||||
*/
|
||||
function ldap_authenticate($username, $password)
|
||||
{
|
||||
$config = require __DIR__ . '/../config/config.php';
|
||||
$ldap_conf = $config['ldap'];
|
||||
|
||||
if (empty($username) || empty($password)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Verbinden met Samba AD LDAP
|
||||
$ldapconn = ldap_connect($ldap_conf['server'], $ldap_conf['port']);
|
||||
if (!$ldapconn) {
|
||||
error_log("LDAP: geen verbinding met {$ldap_conf['server']}");
|
||||
return false;
|
||||
}
|
||||
|
||||
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
|
||||
|
||||
// StartTLS indien geconfigureerd
|
||||
if (!empty($ldap_conf['use_tls']) && $ldap_conf['use_tls']) {
|
||||
if (!ldap_start_tls($ldapconn)) {
|
||||
error_log("LDAP: TLS-verbinding mislukt");
|
||||
ldap_close($ldapconn);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Probeer eerst directe bind via userPrincipalName (AD-stijl)
|
||||
$userPrincipalName = (str_contains($username, '@')) ? $username : "{$username}@de-roo.local";
|
||||
$bind = @ldap_bind($ldapconn, $userPrincipalName, $password);
|
||||
|
||||
// Als directe bind lukt → zoek user info
|
||||
if ($bind) {
|
||||
$filter = "(sAMAccountName={$username})";
|
||||
} else {
|
||||
// Fallback: bind met admin en zoek de DN van gebruiker
|
||||
if (!@ldap_bind($ldapconn, $ldap_conf['admin_user'], $ldap_conf['admin_pass'])) {
|
||||
ldap_unbind($ldapconn);
|
||||
return false;
|
||||
}
|
||||
|
||||
$filter = "(|(sAMAccountName={$username})(userPrincipalName={$userPrincipalName}))";
|
||||
}
|
||||
|
||||
$attrs = ['sAMAccountName', 'givenName', 'sn', 'mail', 'userPrincipalName', 'displayName', 'dn'];
|
||||
$result = ldap_search($ldapconn, $ldap_conf['base_dn'], $filter, $attrs);
|
||||
|
||||
if (!$result) {
|
||||
ldap_unbind($ldapconn);
|
||||
return false;
|
||||
}
|
||||
|
||||
$entries = ldap_get_entries($ldapconn, $result);
|
||||
if ($entries['count'] === 0) {
|
||||
ldap_unbind($ldapconn);
|
||||
return false;
|
||||
}
|
||||
|
||||
$entry = $entries[0];
|
||||
|
||||
// Als we nog niet met de user zelf gebind zijn, doe dat nu
|
||||
if (!$bind) {
|
||||
$user_dn = $entry['dn'];
|
||||
if (!@ldap_bind($ldapconn, $user_dn, $password)) {
|
||||
ldap_unbind($ldapconn);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Gebruikersinfo samenstellen
|
||||
$userData = [
|
||||
'username' => $entry['samaccountname'][0] ?? $username,
|
||||
'givenName' => $entry['givenname'][0] ?? '',
|
||||
'sn' => $entry['sn'][0] ?? '',
|
||||
'email' => $entry['mail'][0] ?? '',
|
||||
'displayName' => $entry['displayname'][0] ?? ($entry['givenname'][0] ?? '') . ' ' . ($entry['sn'][0] ?? ''),
|
||||
'userPrincipalName' => $entry['userprincipalname'][0] ?? $userPrincipalName
|
||||
];
|
||||
|
||||
ldap_unbind($ldapconn);
|
||||
return $userData;
|
||||
}
|
||||
@@ -1,26 +1,23 @@
|
||||
<?php
|
||||
return [
|
||||
'ldap' => [
|
||||
'server' => 'ldap://de-roo.org',
|
||||
'base_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org',
|
||||
'user_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org'
|
||||
],
|
||||
// config/config.php
|
||||
|
||||
return [
|
||||
'db' => [
|
||||
'host' => 'localhost',
|
||||
'name' => 'lootjesapp',
|
||||
'name' => 'lootjes',
|
||||
'user' => 'lootjes',
|
||||
'pass' => 'lootjesIsGek12#'
|
||||
'pass' => 'lootjesIsGek12#',
|
||||
'charset' => 'utf8mb4'
|
||||
],
|
||||
|
||||
// deelnemerslijst (alleen gebruikt bij initialisatie)
|
||||
'deelnemers' => [
|
||||
'monica',
|
||||
'thomas',
|
||||
'emmy',
|
||||
'jozefien'
|
||||
],
|
||||
'ldap' => [
|
||||
'server' => 'ldap://de-roo.org', // of ldaps://... voor SSL
|
||||
'port' => 389,
|
||||
'base_dn' => 'DC=de-roo,DC=org',
|
||||
'user_dn' => 'OU=Gebruikers,OU=deRoo,DC=de-roo,DC=org',
|
||||
'admin_user' => 'CN=ldap,OU=ServiceAccounts,OU=deRoo,DC=de-roo,DC=org',
|
||||
'admin_pass' => 'ld@ps3arch',
|
||||
'use_tls' => false
|
||||
]
|
||||
|
||||
'admin_users' => ['thomas'] // LDAP-gebruikersnaam van beheerder
|
||||
];
|
||||
|
||||
|
||||
19
data/dp.php
Normal file
19
data/dp.php
Normal file
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
// data/db.php
|
||||
|
||||
$config = require __DIR__ . '/../config/config.php';
|
||||
$db = $config['db'];
|
||||
|
||||
$dsn = "mysql:host={$db['host']};dbname={$db['name']};charset={$db['charset']}";
|
||||
|
||||
$options = [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
PDO::ATTR_EMULATE_PREPARES => false,
|
||||
];
|
||||
|
||||
try {
|
||||
$pdo = new PDO($dsn, $db['user'], $db['pass'], $options);
|
||||
} catch (PDOException $e) {
|
||||
die("Databaseverbinding mislukt: " . htmlspecialchars($e->getMessage()));
|
||||
}
|
||||
@@ -1,14 +0,0 @@
|
||||
<?php
|
||||
$config = require __DIR__ . '/../config/config.php';
|
||||
|
||||
try {
|
||||
$pdo = new PDO(
|
||||
"mysql:host={$config['db']['host']};dbname={$config['db']['name']};charset=utf8mb4",
|
||||
$config['db']['user'],
|
||||
$config['db']['pass'],
|
||||
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
|
||||
);
|
||||
} catch (PDOException $e) {
|
||||
die("Databaseverbinding mislukt: " . $e->getMessage());
|
||||
}
|
||||
|
||||
@@ -1,44 +0,0 @@
|
||||
<?php
|
||||
function startNieuweRonde($pdo)
|
||||
{
|
||||
$config = require __DIR__ . '/../config/config.php';
|
||||
$deelnemers = $config['deelnemers'];
|
||||
$getrokken = [];
|
||||
|
||||
$targets = $deelnemers;
|
||||
shuffle($targets);
|
||||
|
||||
// Zorg dat niemand zichzelf krijgt
|
||||
do {
|
||||
shuffle($targets);
|
||||
} while (array_intersect_assoc($deelnemers, $targets));
|
||||
|
||||
foreach ($deelnemers as $i => $trekker) {
|
||||
$getrokken[$trekker] = $targets[$i];
|
||||
}
|
||||
|
||||
// Oude ronde archiveren
|
||||
$archiefBestand = __DIR__ . '/../data/archief/' . date('Ymd_His') . '_lootjes.json';
|
||||
if (file_exists(__DIR__ . '/../data/lootjes.json')) {
|
||||
rename(__DIR__ . '/../data/lootjes.json', $archiefBestand);
|
||||
}
|
||||
|
||||
file_put_contents(__DIR__ . '/../data/lootjes.json', json_encode($getrokken, JSON_PRETTY_PRINT));
|
||||
return $getrokken;
|
||||
}
|
||||
|
||||
function getLootjeVoor($gebruiker)
|
||||
{
|
||||
$path = __DIR__ . '/../data/lootjes.json';
|
||||
if (!file_exists($path)) return null;
|
||||
|
||||
$lootjes = json_decode(file_get_contents($path), true);
|
||||
return $lootjes[$gebruiker] ?? null;
|
||||
}
|
||||
|
||||
function isAdmin($username)
|
||||
{
|
||||
$config = require __DIR__ . '/../config/config.php';
|
||||
return in_array($username, $config['admin_users']);
|
||||
}
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
function ldap_authenticate($username, $password)
|
||||
{
|
||||
$config = require __DIR__ . '/../config/config.php';
|
||||
$ldapconn = ldap_connect($config['ldap']['server']);
|
||||
|
||||
if (!$ldapconn) {
|
||||
return false;
|
||||
}
|
||||
|
||||
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
|
||||
|
||||
$bind_dn = "uid={$username},{$config['ldap']['user_dn']}";
|
||||
|
||||
if (@ldap_bind($ldapconn, $bind_dn, $password)) {
|
||||
ldap_unbind($ldapconn);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
<?php
|
||||
session_start();
|
||||
require_once __DIR__ . '/../includes/functions.php';
|
||||
require_once __DIR__ . '/../includes/db.php';
|
||||
|
||||
if (!isset($_SESSION['user']) || !isAdmin($_SESSION['user'])) {
|
||||
header('Location: dashboard.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$bericht = '';
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['nieuwe_ronde'])) {
|
||||
$lootjes = startNieuweRonde($pdo);
|
||||
$bericht = 'Nieuwe ronde gestart!';
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head><title>Beheer</title></head>
|
||||
<body>
|
||||
<h2>Beheerpagina</h2>
|
||||
<?php if ($bericht): ?><p style="color:green"><?= htmlspecialchars($bericht) ?></p><?php endif; ?>
|
||||
|
||||
<form method="post">
|
||||
<button type="submit" name="nieuwe_ronde">Start nieuwe lootjes-ronde</button>
|
||||
</form>
|
||||
|
||||
<p><a href="dashboard.php">Terug</a></p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
<?php
|
||||
session_start();
|
||||
require_once __DIR__ . '/../includes/functions.php';
|
||||
|
||||
if (!isset($_SESSION['user'])) {
|
||||
header('Location: login.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$gebruiker = $_SESSION['user'];
|
||||
$lootje = getLootjeVoor($gebruiker);
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head><title>Dashboard</title></head>
|
||||
<body>
|
||||
<h2>Welkom, <?= htmlspecialchars($gebruiker) ?></h2>
|
||||
|
||||
<?php if ($lootje): ?>
|
||||
<p>Je hebt getrokken: <strong><?= htmlspecialchars($lootje) ?></strong></p>
|
||||
<?php else: ?>
|
||||
<p>Er is nog geen ronde gestart.</p>
|
||||
<?php endif; ?>
|
||||
|
||||
<p><a href="wishlist.php">Mijn verlanglijstje</a></p>
|
||||
|
||||
<?php if (isAdmin($gebruiker)): ?>
|
||||
<p><a href="admin.php">Beheerpagina</a></p>
|
||||
<?php endif; ?>
|
||||
|
||||
<p><a href="logout.php">Uitloggen</a></p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
if (isset($_SESSION['user'])) {
|
||||
header('Location: dashboard.php');
|
||||
exit;
|
||||
}
|
||||
header('Location: login.php');
|
||||
exit;
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
<?php
|
||||
session_start();
|
||||
require_once __DIR__ . '/../includes/ldap.php';
|
||||
|
||||
$error = '';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$user = $_POST['username'] ?? '';
|
||||
$pass = $_POST['password'] ?? '';
|
||||
|
||||
if (ldap_authenticate($user, $pass)) {
|
||||
$_SESSION['user'] = $user;
|
||||
header('Location: dashboard.php');
|
||||
exit;
|
||||
} else {
|
||||
$error = 'Ongeldige login.';
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head><title>Login</title></head>
|
||||
<body>
|
||||
<h2>Login</h2>
|
||||
<form method="post">
|
||||
<label>Gebruikersnaam: <input type="text" name="username"></label><br>
|
||||
<label>Wachtwoord: <input type="password" name="password"></label><br>
|
||||
<button type="submit">Aanmelden</button>
|
||||
</form>
|
||||
<p style="color:red"><?= htmlspecialchars($error) ?></p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
<?php
|
||||
session_start();
|
||||
session_destroy();
|
||||
header('Location: login.php');
|
||||
exit;
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
<?php
|
||||
session_start();
|
||||
require_once __DIR__ . '/../includes/db.php';
|
||||
|
||||
if (!isset($_SESSION['user'])) {
|
||||
header('Location: login.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$gebruiker = $_SESSION['user'];
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$wensen = $_POST['wensen'] ?? '';
|
||||
$stmt = $pdo->prepare("REPLACE INTO wishlists (user, wensen) VALUES (?, ?)");
|
||||
$stmt->execute([$gebruiker, $wensen]);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("SELECT wensen FROM wishlists WHERE user = ?");
|
||||
$stmt->execute([$gebruiker]);
|
||||
$wensen = $stmt->fetchColumn();
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head><title>Verlanglijstje</title></head>
|
||||
<body>
|
||||
<h2>Mijn verlanglijstje</h2>
|
||||
<form method="post">
|
||||
<textarea name="wensen" rows="8" cols="40"><?= htmlspecialchars($wensen ?? '') ?></textarea><br>
|
||||
<button type="submit">Opslaan</button>
|
||||
</form>
|
||||
<p><a href="dashboard.php">Terug</a></p>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
29
test_ldap.php
Normal file
29
test_ldap.php
Normal file
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
require __DIR__ . '/auth/ldap.php';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$username = $_POST['username'] ?? '';
|
||||
$password = $_POST['password'] ?? '';
|
||||
|
||||
$user = ldap_authenticate($username, $password);
|
||||
|
||||
if ($user) {
|
||||
echo "<h3 style='color:green;'>✅ Inloggen geslaagd!</h3>";
|
||||
echo "<ul>";
|
||||
echo "<li>Naam: " . htmlspecialchars($user['displayName']) . "</li>";
|
||||
echo "<li>Voornaam: " . htmlspecialchars($user['givenName']) . "</li>";
|
||||
echo "<li>Achternaam: " . htmlspecialchars($user['sn']) . "</li>";
|
||||
echo "<li>Gebruikersnaam (sAMAccountName): " . htmlspecialchars($user['username']) . "</li>";
|
||||
echo "<li>Email: " . htmlspecialchars($user['email']) . "</li>";
|
||||
echo "<li>UserPrincipalName: " . htmlspecialchars($user['userPrincipalName']) . "</li>";
|
||||
echo "</ul>";
|
||||
} else {
|
||||
echo "<p style='color:red;'>❌ Ongeldige inloggegevens.</p>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
<form method="post">
|
||||
<label>Gebruikersnaam (zonder domein): <input type="text" name="username" required></label><br>
|
||||
<label>Wachtwoord: <input type="password" name="password" required></label><br>
|
||||
<button type="submit">Login</button>
|
||||
</form>
|
||||
Reference in New Issue
Block a user