opendocman-devel Mailing List for OpenDocMan
PHP Document Management System (DMS)
Brought to you by:
logart
You can subscribe to this list here.
2003 |
Jan
(13) |
Feb
(11) |
Mar
(5) |
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
2012 |
Jan
|
Feb
(12) |
Mar
(45) |
Apr
(13) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2015 |
Jan
|
Feb
|
Mar
(9) |
Apr
(7) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
(1) |
Nov
|
Dec
|
2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(4) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: opendocman d. d. <ope...@li...> - 2016-06-15 18:17:03
|
We have not made a decision about php 7 support. On 6/15/16 10:55 AM, opendocman development discussion wrote: > Thank you. Will do that. Will the next release work without messages > under PHP 7? > > > On 6/14/2016 9:28 PM, opendocman development discussion wrote: >> You should turn down your error reporting and some of those "warnings" >> will go away. >> >> On 6/14/16 4:42 PM, opendocman development discussion wrote: >>> I am getting an error when using OpenDocMan under PHP 7. An image >>> with some of the errors is attached. It has to do with the new >>> "rules" of "methods not having the same name as constructors". >>> >>> >>> ------------------------------------------------------------------------------ >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>> patterns at an interface-level. Reveals which users, apps, and protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity planning >>> reports.http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 >>> >>> >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity planning >> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2016-06-15 17:55:48
|
Thank you. Will do that. Will the next release work without messages under PHP 7? On 6/14/2016 9:28 PM, opendocman development discussion wrote: > > You should turn down your error reporting and some of those "warnings" > will go away. > > On 6/14/16 4:42 PM, opendocman development discussion wrote: >> I am getting an error when using OpenDocMan under PHP 7. An image >> with some of the errors is attached. It has to do with the new >> "rules" of "methods not having the same name as constructors". >> >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity planning >> reports.http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2016-06-15 01:28:22
|
You should turn down your error reporting and some of those "warnings" will go away. On 6/14/16 4:42 PM, opendocman development discussion wrote: > I am getting an error when using OpenDocMan under PHP 7. An image with > some of the errors is attached. It has to do with the new "rules" of > "methods not having the same name as constructors". > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2016-06-14 23:42:18
|
I am getting an error when using OpenDocMan under PHP 7. An image with some of the errors is attached. It has to do with the new "rules" of "methods not having the same name as constructors". |
From: opendocman d. d. <ope...@li...> - 2015-10-01 16:21:19
|
Test2 |
From: opendocman d. d. <ope...@li...> - 2015-09-15 01:23:06
|
Sorry list - no idea why this CC'd the list. Methinks my mailer is very b0rken! |
From: opendocman d. d. <ope...@li...> - 2015-09-15 01:21:36
|
Hi There, I noticed that we have a 4-5 generation possible relationship via gedcom. Since your profile name is "Marina from Lebanon", this match interested me since I've been trying to research my Lebanese genealogy. My maternal grandfather was from Lebanon, specifically from the village of Kfarzeina in Zgharta. His name was Salim Attie. His parents were Tadross Attie and Anne Khoury. Salim was born in 1896 or so, and had a sister, Essme, who died in 1995 at the age of 105. He had a couple brothers who went to (I believe) Argentina as well. Essme's son Halim recently died, his sons are still alive in Kfarzeina. Is there a connection here perhaps? Thanks! -John |
From: opendocman d. d. <ope...@li...> - 2015-04-12 14:31:19
|
Fair enough. I'm trapped under something heavy at work so it might take me a few days, but I'll get to it ASAP. -John On 04/12/2015 09:55 AM, opendocman development discussion wrote: > We do have an ImportUsers plug-ing that allows for mass-user creation so > that should help with the initial setup. > > Steve > > On 4/12/15 3:22 AM, opendocman development discussion wrote: >> Yes - I totally agree that that's the thing most are concerned about. I >> only mentioned the group/permissions bit because it enables the other >> thing I think most are concerned about - having to create user accounts >> for every user in more than one place. Definitely, just having one set >> of credentials is an improvement, but I was thinking that sitting at the >> ODM console making hundreds of users "by hand" when adding ODM to a >> network is what they're *also* trying to avoid. >> >> -John >> >> On 04/12/2015 12:37 AM, opendocman development discussion wrote: >>> It has been my experience that users wanting LDAP are more concerned >>> about the authentication part, not the group and/or permissions. I had >>> implemented LDAP years ago (but it got removed and never put back in). >>> It was just a simple common-authentication service so that users didn't >>> have to have have an additional password to login to ODM, they just use >>> their LDAP directory password. Once "authenticated" via LDAP, their ODM >>> account and permissions settings would be used just like any other user. >>> >>> On 4/11/15 6:39 AM, opendocman development discussion wrote: >>>> Hi Steve, >>>> >>>> I'm just about to dig into this, but I had a few thoughts I wanted to >>>> discuss first: >>>> >>>> 1) I get why your thought process makes sense, but I'm certain that >>>> people who want to use LDAP/AD integration are trying to *avoid* doing >>>> exactly what you describe; they want LDAP/AD users to be able to log in >>>> *without* having to create an ODM user. >>> Most users want to control who has access so just letting any successful >>> LDAP authentication to be added to the ODM site would be a change from >>> how it works now. >>> >>>> 2) The above opens up a few problems. One of which is, obviously, >>>> LDAP/AD does not have suitable attributes in any schema to store *all* >>>> of the information of an ODM user. My thoughts about getting around >>>> this are as follows: >>>> >>>> - The most common schema anyone is going to be using for users is >>>> inetOrgPerson. AD uses a schema that has pretty much all the same >>>> attributes as inetOrgPerson as well, by default. >>>> >>>> - No LDAP/AD user is going to want to change schemas, or extend the one >>>> they're using. >>>> >>>> - On the most basic level, using the approach I have already taken, we >>>> can make ODM's departments match what is stored in the LDAP attrib >>>> "department" in the inetOrgPerson/AD schema. By doing this, you make an >>>> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at >>>> least be a member of the one department with pre-defined rights as the >>>> admin chooses. I've also set flags in the config for default >>>> can_checkin, etc. rights, as the admin sees fit. >>>> >>>> - This leaves the problem of potentially "stale" ODM accounts in the DB >>>> when an LDAP/AD user is deleted, but incorporating a "delete user from >>>> ODM" protocol into any admin's "employee is leaving" checklist is FAR >>>> more trivial than CREATING every user first, as on the delete end, it's >>>> one at a time - and, you'd have to do this anyway, regardless of the >>>> strategy. >>> I think you may be over-thinking it a bit from what I originally thought >>> was needed. The only thing I thought we needed from LDAP was an >>> authentication. Everything else (department, reviewer, admin, etc.) is >>> all handled in the app. I don't see how we could move all of that user >>> data out of the system very easily, nor do I really want to. >>> >>> Steve >>>> If you want to make an admin account or something that's an exception >>>> rather than rank-and-file user, then you make an ODM account for it. >>>> That's not a big ask on the admin. >>>> >>>> So, to sum up, I see your point, but I don't think implementing it that >>>> way is really going to help much. The way I've already done it will >>>> "just work" with minimal set-up. >>>> >>>> Also - just to put it out there - I'm more than happy to do as you've >>>> suggested, and I'm not trying to be argumentative :) I just thought I'd >>>> share my point of view on this, and reading comments from users who want >>>> this feature, I think it's worth considering. >>>> >>>> Let me know what you think, >>>> >>>> -John >>>> >>>> On 04/06/2015 11:08 PM, opendocman development discussion wrote: >>>>> So, we would want to have this working where the user must exist in the >>>>> local system in order to authenticate. So the Admin->Settings section >>>>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then >>>>> accounts created would be added with a different email notification sent >>>>> to them letting them know their account is able to login. >>>>> >>>>> When they login, you would first verify their account exists and is >>>>> active, then auth via ldap. Once authenticated, you would set their >>>>> session variables as is done now for mysql auth. >>>>> >>>>> Steve >>>>> >>>>> On 3/31/15 6:38 AM, opendocman development discussion wrote: >>>>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me >>>>>> that it might be a very simple add to just keep the users in LDAP/AD >>>>>> *entirely*, or select between both modes (that is to say, create an ODM >>>>>> user from LDAP *or* keep the accounts in LDAP). >>>>>> >>>>>> Looking in User_class.php, it seems I could easily branch around the >>>>>> code to pull a user record from the DB with a conditional "get it from >>>>>> LDAP" instead. Before I dive into this too far, would that be all >>>>>> that's required, or is this info queried in several places? >>>>>> >>>>>> It seems easy, in that respect - I've already done all the work to >>>>>> define attributes, etc. for all user DB fields... >>>>>> >>>>>> Any guidance appreciated (you know, so I don't have to read every line >>>>>> to figure it out myself. ;) >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -John >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>>>> things parallel software development, from weekly thought leadership blogs to >>>>>> news, videos, case studies, tutorials and more. Take a look and join the >>>>>> conversation now. http://goparallel.sourceforge.net/ >>>>>> _______________________________________________ >>>>>> Opendocman-devel mailing list >>>>>> Ope...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>>>> ------------------------------------------------------------------------------ >>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>>>> Develop your own process in accordance with the BPMN 2 standard >>>>> Learn Process modeling best practices with Bonita BPM through live exercises >>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>>>> _______________________________________________ >>>>> Opendocman-devel mailing list >>>>> Ope...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>>>> >>>> ------------------------------------------------------------------------------ >>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>>> Develop your own process in accordance with the BPMN 2 standard >>>> Learn Process modeling best practices with Bonita BPM through live exercises >>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>>> _______________________________________________ >>>> Opendocman-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel > |
From: opendocman d. d. <ope...@li...> - 2015-04-12 13:55:17
|
We do have an ImportUsers plug-ing that allows for mass-user creation so that should help with the initial setup. Steve On 4/12/15 3:22 AM, opendocman development discussion wrote: > Yes - I totally agree that that's the thing most are concerned about. I > only mentioned the group/permissions bit because it enables the other > thing I think most are concerned about - having to create user accounts > for every user in more than one place. Definitely, just having one set > of credentials is an improvement, but I was thinking that sitting at the > ODM console making hundreds of users "by hand" when adding ODM to a > network is what they're *also* trying to avoid. > > -John > > On 04/12/2015 12:37 AM, opendocman development discussion wrote: >> It has been my experience that users wanting LDAP are more concerned >> about the authentication part, not the group and/or permissions. I had >> implemented LDAP years ago (but it got removed and never put back in). >> It was just a simple common-authentication service so that users didn't >> have to have have an additional password to login to ODM, they just use >> their LDAP directory password. Once "authenticated" via LDAP, their ODM >> account and permissions settings would be used just like any other user. >> >> On 4/11/15 6:39 AM, opendocman development discussion wrote: >>> Hi Steve, >>> >>> I'm just about to dig into this, but I had a few thoughts I wanted to >>> discuss first: >>> >>> 1) I get why your thought process makes sense, but I'm certain that >>> people who want to use LDAP/AD integration are trying to *avoid* doing >>> exactly what you describe; they want LDAP/AD users to be able to log in >>> *without* having to create an ODM user. >> Most users want to control who has access so just letting any successful >> LDAP authentication to be added to the ODM site would be a change from >> how it works now. >> >>> 2) The above opens up a few problems. One of which is, obviously, >>> LDAP/AD does not have suitable attributes in any schema to store *all* >>> of the information of an ODM user. My thoughts about getting around >>> this are as follows: >>> >>> - The most common schema anyone is going to be using for users is >>> inetOrgPerson. AD uses a schema that has pretty much all the same >>> attributes as inetOrgPerson as well, by default. >>> >>> - No LDAP/AD user is going to want to change schemas, or extend the one >>> they're using. >>> >>> - On the most basic level, using the approach I have already taken, we >>> can make ODM's departments match what is stored in the LDAP attrib >>> "department" in the inetOrgPerson/AD schema. By doing this, you make an >>> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at >>> least be a member of the one department with pre-defined rights as the >>> admin chooses. I've also set flags in the config for default >>> can_checkin, etc. rights, as the admin sees fit. >>> >>> - This leaves the problem of potentially "stale" ODM accounts in the DB >>> when an LDAP/AD user is deleted, but incorporating a "delete user from >>> ODM" protocol into any admin's "employee is leaving" checklist is FAR >>> more trivial than CREATING every user first, as on the delete end, it's >>> one at a time - and, you'd have to do this anyway, regardless of the >>> strategy. >> I think you may be over-thinking it a bit from what I originally thought >> was needed. The only thing I thought we needed from LDAP was an >> authentication. Everything else (department, reviewer, admin, etc.) is >> all handled in the app. I don't see how we could move all of that user >> data out of the system very easily, nor do I really want to. >> >> Steve >>> If you want to make an admin account or something that's an exception >>> rather than rank-and-file user, then you make an ODM account for it. >>> That's not a big ask on the admin. >>> >>> So, to sum up, I see your point, but I don't think implementing it that >>> way is really going to help much. The way I've already done it will >>> "just work" with minimal set-up. >>> >>> Also - just to put it out there - I'm more than happy to do as you've >>> suggested, and I'm not trying to be argumentative :) I just thought I'd >>> share my point of view on this, and reading comments from users who want >>> this feature, I think it's worth considering. >>> >>> Let me know what you think, >>> >>> -John >>> >>> On 04/06/2015 11:08 PM, opendocman development discussion wrote: >>>> So, we would want to have this working where the user must exist in the >>>> local system in order to authenticate. So the Admin->Settings section >>>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then >>>> accounts created would be added with a different email notification sent >>>> to them letting them know their account is able to login. >>>> >>>> When they login, you would first verify their account exists and is >>>> active, then auth via ldap. Once authenticated, you would set their >>>> session variables as is done now for mysql auth. >>>> >>>> Steve >>>> >>>> On 3/31/15 6:38 AM, opendocman development discussion wrote: >>>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me >>>>> that it might be a very simple add to just keep the users in LDAP/AD >>>>> *entirely*, or select between both modes (that is to say, create an ODM >>>>> user from LDAP *or* keep the accounts in LDAP). >>>>> >>>>> Looking in User_class.php, it seems I could easily branch around the >>>>> code to pull a user record from the DB with a conditional "get it from >>>>> LDAP" instead. Before I dive into this too far, would that be all >>>>> that's required, or is this info queried in several places? >>>>> >>>>> It seems easy, in that respect - I've already done all the work to >>>>> define attributes, etc. for all user DB fields... >>>>> >>>>> Any guidance appreciated (you know, so I don't have to read every line >>>>> to figure it out myself. ;) >>>>> >>>>> Thanks, >>>>> >>>>> -John >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>>> things parallel software development, from weekly thought leadership blogs to >>>>> news, videos, case studies, tutorials and more. Take a look and join the >>>>> conversation now. http://goparallel.sourceforge.net/ >>>>> _______________________________________________ >>>>> Opendocman-devel mailing list >>>>> Ope...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>>> ------------------------------------------------------------------------------ >>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>>> Develop your own process in accordance with the BPMN 2 standard >>>> Learn Process modeling best practices with Bonita BPM through live exercises >>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>>> _______________________________________________ >>>> Opendocman-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-04-12 10:22:19
|
Yes - I totally agree that that's the thing most are concerned about. I only mentioned the group/permissions bit because it enables the other thing I think most are concerned about - having to create user accounts for every user in more than one place. Definitely, just having one set of credentials is an improvement, but I was thinking that sitting at the ODM console making hundreds of users "by hand" when adding ODM to a network is what they're *also* trying to avoid. -John On 04/12/2015 12:37 AM, opendocman development discussion wrote: > It has been my experience that users wanting LDAP are more concerned > about the authentication part, not the group and/or permissions. I had > implemented LDAP years ago (but it got removed and never put back in). > It was just a simple common-authentication service so that users didn't > have to have have an additional password to login to ODM, they just use > their LDAP directory password. Once "authenticated" via LDAP, their ODM > account and permissions settings would be used just like any other user. > > On 4/11/15 6:39 AM, opendocman development discussion wrote: >> Hi Steve, >> >> I'm just about to dig into this, but I had a few thoughts I wanted to >> discuss first: >> >> 1) I get why your thought process makes sense, but I'm certain that >> people who want to use LDAP/AD integration are trying to *avoid* doing >> exactly what you describe; they want LDAP/AD users to be able to log in >> *without* having to create an ODM user. > Most users want to control who has access so just letting any successful > LDAP authentication to be added to the ODM site would be a change from > how it works now. > >> >> 2) The above opens up a few problems. One of which is, obviously, >> LDAP/AD does not have suitable attributes in any schema to store *all* >> of the information of an ODM user. My thoughts about getting around >> this are as follows: >> >> - The most common schema anyone is going to be using for users is >> inetOrgPerson. AD uses a schema that has pretty much all the same >> attributes as inetOrgPerson as well, by default. >> >> - No LDAP/AD user is going to want to change schemas, or extend the one >> they're using. >> >> - On the most basic level, using the approach I have already taken, we >> can make ODM's departments match what is stored in the LDAP attrib >> "department" in the inetOrgPerson/AD schema. By doing this, you make an >> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at >> least be a member of the one department with pre-defined rights as the >> admin chooses. I've also set flags in the config for default >> can_checkin, etc. rights, as the admin sees fit. >> >> - This leaves the problem of potentially "stale" ODM accounts in the DB >> when an LDAP/AD user is deleted, but incorporating a "delete user from >> ODM" protocol into any admin's "employee is leaving" checklist is FAR >> more trivial than CREATING every user first, as on the delete end, it's >> one at a time - and, you'd have to do this anyway, regardless of the >> strategy. > I think you may be over-thinking it a bit from what I originally thought > was needed. The only thing I thought we needed from LDAP was an > authentication. Everything else (department, reviewer, admin, etc.) is > all handled in the app. I don't see how we could move all of that user > data out of the system very easily, nor do I really want to. > > Steve >> >> If you want to make an admin account or something that's an exception >> rather than rank-and-file user, then you make an ODM account for it. >> That's not a big ask on the admin. >> >> So, to sum up, I see your point, but I don't think implementing it that >> way is really going to help much. The way I've already done it will >> "just work" with minimal set-up. >> >> Also - just to put it out there - I'm more than happy to do as you've >> suggested, and I'm not trying to be argumentative :) I just thought I'd >> share my point of view on this, and reading comments from users who want >> this feature, I think it's worth considering. >> >> Let me know what you think, >> >> -John >> >> On 04/06/2015 11:08 PM, opendocman development discussion wrote: >>> So, we would want to have this working where the user must exist in the >>> local system in order to authenticate. So the Admin->Settings section >>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then >>> accounts created would be added with a different email notification sent >>> to them letting them know their account is able to login. >>> >>> When they login, you would first verify their account exists and is >>> active, then auth via ldap. Once authenticated, you would set their >>> session variables as is done now for mysql auth. >>> >>> Steve >>> >>> On 3/31/15 6:38 AM, opendocman development discussion wrote: >>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me >>>> that it might be a very simple add to just keep the users in LDAP/AD >>>> *entirely*, or select between both modes (that is to say, create an ODM >>>> user from LDAP *or* keep the accounts in LDAP). >>>> >>>> Looking in User_class.php, it seems I could easily branch around the >>>> code to pull a user record from the DB with a conditional "get it from >>>> LDAP" instead. Before I dive into this too far, would that be all >>>> that's required, or is this info queried in several places? >>>> >>>> It seems easy, in that respect - I've already done all the work to >>>> define attributes, etc. for all user DB fields... >>>> >>>> Any guidance appreciated (you know, so I don't have to read every line >>>> to figure it out myself. ;) >>>> >>>> Thanks, >>>> >>>> -John >>>> >>>> ------------------------------------------------------------------------------ >>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>> things parallel software development, from weekly thought leadership blogs to >>>> news, videos, case studies, tutorials and more. Take a look and join the >>>> conversation now. http://goparallel.sourceforge.net/ >>>> _______________________________________________ >>>> Opendocman-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel > |
From: opendocman d. d. <ope...@li...> - 2015-04-12 04:37:47
|
It has been my experience that users wanting LDAP are more concerned about the authentication part, not the group and/or permissions. I had implemented LDAP years ago (but it got removed and never put back in). It was just a simple common-authentication service so that users didn't have to have have an additional password to login to ODM, they just use their LDAP directory password. Once "authenticated" via LDAP, their ODM account and permissions settings would be used just like any other user. On 4/11/15 6:39 AM, opendocman development discussion wrote: > Hi Steve, > > I'm just about to dig into this, but I had a few thoughts I wanted to > discuss first: > > 1) I get why your thought process makes sense, but I'm certain that > people who want to use LDAP/AD integration are trying to *avoid* doing > exactly what you describe; they want LDAP/AD users to be able to log in > *without* having to create an ODM user. Most users want to control who has access so just letting any successful LDAP authentication to be added to the ODM site would be a change from how it works now. > > 2) The above opens up a few problems. One of which is, obviously, > LDAP/AD does not have suitable attributes in any schema to store *all* > of the information of an ODM user. My thoughts about getting around > this are as follows: > > - The most common schema anyone is going to be using for users is > inetOrgPerson. AD uses a schema that has pretty much all the same > attributes as inetOrgPerson as well, by default. > > - No LDAP/AD user is going to want to change schemas, or extend the one > they're using. > > - On the most basic level, using the approach I have already taken, we > can make ODM's departments match what is stored in the LDAP attrib > "department" in the inetOrgPerson/AD schema. By doing this, you make an > admin configure ODM *ONCE*, then users in LDAP/AD can log in and at > least be a member of the one department with pre-defined rights as the > admin chooses. I've also set flags in the config for default > can_checkin, etc. rights, as the admin sees fit. > > - This leaves the problem of potentially "stale" ODM accounts in the DB > when an LDAP/AD user is deleted, but incorporating a "delete user from > ODM" protocol into any admin's "employee is leaving" checklist is FAR > more trivial than CREATING every user first, as on the delete end, it's > one at a time - and, you'd have to do this anyway, regardless of the > strategy. I think you may be over-thinking it a bit from what I originally thought was needed. The only thing I thought we needed from LDAP was an authentication. Everything else (department, reviewer, admin, etc.) is all handled in the app. I don't see how we could move all of that user data out of the system very easily, nor do I really want to. Steve > > If you want to make an admin account or something that's an exception > rather than rank-and-file user, then you make an ODM account for it. > That's not a big ask on the admin. > > So, to sum up, I see your point, but I don't think implementing it that > way is really going to help much. The way I've already done it will > "just work" with minimal set-up. > > Also - just to put it out there - I'm more than happy to do as you've > suggested, and I'm not trying to be argumentative :) I just thought I'd > share my point of view on this, and reading comments from users who want > this feature, I think it's worth considering. > > Let me know what you think, > > -John > > On 04/06/2015 11:08 PM, opendocman development discussion wrote: >> So, we would want to have this working where the user must exist in the >> local system in order to authenticate. So the Admin->Settings section >> for auth would show "mysql" and "ldap". If "ldap" is chosen, then >> accounts created would be added with a different email notification sent >> to them letting them know their account is able to login. >> >> When they login, you would first verify their account exists and is >> active, then auth via ldap. Once authenticated, you would set their >> session variables as is done now for mysql auth. >> >> Steve >> >> On 3/31/15 6:38 AM, opendocman development discussion wrote: >>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me >>> that it might be a very simple add to just keep the users in LDAP/AD >>> *entirely*, or select between both modes (that is to say, create an ODM >>> user from LDAP *or* keep the accounts in LDAP). >>> >>> Looking in User_class.php, it seems I could easily branch around the >>> code to pull a user record from the DB with a conditional "get it from >>> LDAP" instead. Before I dive into this too far, would that be all >>> that's required, or is this info queried in several places? >>> >>> It seems easy, in that respect - I've already done all the work to >>> define attributes, etc. for all user DB fields... >>> >>> Any guidance appreciated (you know, so I don't have to read every line >>> to figure it out myself. ;) >>> >>> Thanks, >>> >>> -John >>> >>> ------------------------------------------------------------------------------ >>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>> things parallel software development, from weekly thought leadership blogs to >>> news, videos, case studies, tutorials and more. Take a look and join the >>> conversation now. http://goparallel.sourceforge.net/ >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-04-11 13:39:53
|
Hi Steve, I'm just about to dig into this, but I had a few thoughts I wanted to discuss first: 1) I get why your thought process makes sense, but I'm certain that people who want to use LDAP/AD integration are trying to *avoid* doing exactly what you describe; they want LDAP/AD users to be able to log in *without* having to create an ODM user. 2) The above opens up a few problems. One of which is, obviously, LDAP/AD does not have suitable attributes in any schema to store *all* of the information of an ODM user. My thoughts about getting around this are as follows: - The most common schema anyone is going to be using for users is inetOrgPerson. AD uses a schema that has pretty much all the same attributes as inetOrgPerson as well, by default. - No LDAP/AD user is going to want to change schemas, or extend the one they're using. - On the most basic level, using the approach I have already taken, we can make ODM's departments match what is stored in the LDAP attrib "department" in the inetOrgPerson/AD schema. By doing this, you make an admin configure ODM *ONCE*, then users in LDAP/AD can log in and at least be a member of the one department with pre-defined rights as the admin chooses. I've also set flags in the config for default can_checkin, etc. rights, as the admin sees fit. - This leaves the problem of potentially "stale" ODM accounts in the DB when an LDAP/AD user is deleted, but incorporating a "delete user from ODM" protocol into any admin's "employee is leaving" checklist is FAR more trivial than CREATING every user first, as on the delete end, it's one at a time - and, you'd have to do this anyway, regardless of the strategy. If you want to make an admin account or something that's an exception rather than rank-and-file user, then you make an ODM account for it. That's not a big ask on the admin. So, to sum up, I see your point, but I don't think implementing it that way is really going to help much. The way I've already done it will "just work" with minimal set-up. Also - just to put it out there - I'm more than happy to do as you've suggested, and I'm not trying to be argumentative :) I just thought I'd share my point of view on this, and reading comments from users who want this feature, I think it's worth considering. Let me know what you think, -John On 04/06/2015 11:08 PM, opendocman development discussion wrote: > So, we would want to have this working where the user must exist in the > local system in order to authenticate. So the Admin->Settings section > for auth would show "mysql" and "ldap". If "ldap" is chosen, then > accounts created would be added with a different email notification sent > to them letting them know their account is able to login. > > When they login, you would first verify their account exists and is > active, then auth via ldap. Once authenticated, you would set their > session variables as is done now for mysql auth. > > Steve > > On 3/31/15 6:38 AM, opendocman development discussion wrote: >> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me >> that it might be a very simple add to just keep the users in LDAP/AD >> *entirely*, or select between both modes (that is to say, create an ODM >> user from LDAP *or* keep the accounts in LDAP). >> >> Looking in User_class.php, it seems I could easily branch around the >> code to pull a user record from the DB with a conditional "get it from >> LDAP" instead. Before I dive into this too far, would that be all >> that's required, or is this info queried in several places? >> >> It seems easy, in that respect - I've already done all the work to >> define attributes, etc. for all user DB fields... >> >> Any guidance appreciated (you know, so I don't have to read every line >> to figure it out myself. ;) >> >> Thanks, >> >> -John >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel > |
From: opendocman d. d. <ope...@li...> - 2015-04-07 10:41:19
|
Gotcha. I'll probably be able to get to it later in the week. -John Sent from my iPhone > On Apr 6, 2015, at 11:08 PM, opendocman development discussion <ope...@li...> wrote: > > So, we would want to have this working where the user must exist in the > local system in order to authenticate. So the Admin->Settings section > for auth would show "mysql" and "ldap". If "ldap" is chosen, then > accounts created would be added with a different email notification sent > to them letting them know their account is able to login. > > When they login, you would first verify their account exists and is > active, then auth via ldap. Once authenticated, you would set their > session variables as is done now for mysql auth. > > Steve > >> On 3/31/15 6:38 AM, opendocman development discussion wrote: >> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me >> that it might be a very simple add to just keep the users in LDAP/AD >> *entirely*, or select between both modes (that is to say, create an ODM >> user from LDAP *or* keep the accounts in LDAP). >> >> Looking in User_class.php, it seems I could easily branch around the >> code to pull a user record from the DB with a conditional "get it from >> LDAP" instead. Before I dive into this too far, would that be all >> that's required, or is this info queried in several places? >> >> It seems easy, in that respect - I've already done all the work to >> define attributes, etc. for all user DB fields... >> >> Any guidance appreciated (you know, so I don't have to read every line >> to figure it out myself. ;) >> >> Thanks, >> >> -John >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-04-07 03:08:27
|
So, we would want to have this working where the user must exist in the local system in order to authenticate. So the Admin->Settings section for auth would show "mysql" and "ldap". If "ldap" is chosen, then accounts created would be added with a different email notification sent to them letting them know their account is able to login. When they login, you would first verify their account exists and is active, then auth via ldap. Once authenticated, you would set their session variables as is done now for mysql auth. Steve On 3/31/15 6:38 AM, opendocman development discussion wrote: > OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me > that it might be a very simple add to just keep the users in LDAP/AD > *entirely*, or select between both modes (that is to say, create an ODM > user from LDAP *or* keep the accounts in LDAP). > > Looking in User_class.php, it seems I could easily branch around the > code to pull a user record from the DB with a conditional "get it from > LDAP" instead. Before I dive into this too far, would that be all > that's required, or is this info queried in several places? > > It seems easy, in that respect - I've already done all the work to > define attributes, etc. for all user DB fields... > > Any guidance appreciated (you know, so I don't have to read every line > to figure it out myself. ;) > > Thanks, > > -John > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-03-31 13:38:29
|
OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me that it might be a very simple add to just keep the users in LDAP/AD *entirely*, or select between both modes (that is to say, create an ODM user from LDAP *or* keep the accounts in LDAP). Looking in User_class.php, it seems I could easily branch around the code to pull a user record from the DB with a conditional "get it from LDAP" instead. Before I dive into this too far, would that be all that's required, or is this info queried in several places? It seems easy, in that respect - I've already done all the work to define attributes, etc. for all user DB fields... Any guidance appreciated (you know, so I don't have to read every line to figure it out myself. ;) Thanks, -John |
From: opendocman d. d. <ope...@li...> - 2015-03-29 15:55:29
|
I have committed/pushed my changes to my fork on github. It can now add a user to the DB with all fields filled out from LDAP, if they are specified and if the search returns a result. Works great here, would like some others to try it out. -John On 03/26/2015 06:19 PM, opendocman development discussion wrote: > OK. Doing it this way will give me a chance to go back and put in more > error detection and other tidbits anyway. > > -John > > > On 03/26/2015 06:14 PM, opendocman development discussion wrote: >> Thanks John, >> >> Its been quiet in here, so it is welcome noise. :) >> >> Steve >> >> On 3/26/15 2:53 PM, opendocman development discussion wrote: >>> OK I figured git out. I made a fork and will submit my cleaned up >>> code that way. >>> >>> Sorry for the list noise! >>> >>> -John >>> >>> >>> On 03/26/2015 02:32 PM, opendocman development discussion wrote: >>>> Hey John, >>>> >>>> I will take a look at this over the weekend. It would be a good idea >>>> if you were to do this as a Pull Request at GitHub. Are you familiar >>>> with that process? >>>> >>>> Steve >>>> >>>> On 3/26/15 11:11 AM, opendocman development discussion wrote: >>>>> Hi Devs, >>>>> >>>>> I just wrote in support for getting user accounts from LDAP. >>>>> Basically, if this option is enabled, it will check LDAP for the >>>>> user who is being logged in. If the username and password match, >>>>> it'll then check the opendocman database to see if the user already >>>>> exists there. If it does, it synchronizes the password field with >>>>> the LDAP password. If not, it adds a new user with defaults. All >>>>> of this is against version 1.3.2. >>>>> >>>>> Anyway, I'm a C programmer, and this is the first thing I've really >>>>> tried in PHP, so if someone could give it the once over and offer >>>>> me some suggestions for improvement, that'd be great. >>>>> >>>>> Thanks, >>>>> >>>>> -John >>>>> >>>>> To test this out, you need the following in config.php: >>>>> >>>>> -----8<----- >>>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE; >>>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; >>>>> $GLOBALS['CONFIG']['ldap_port'] = '389'; >>>>> >>>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; >>>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; >>>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; >>>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; >>>>> -----8<----- >>>>> >>>>> ...and then patch index.php with this patch: >>>>> >>>>> -----8<----- >>>>> --- index.php 2015-03-26 13:42:01.781054000 -0400 >>>>> +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 >>>>> @@ -78,15 +78,6 @@ >>>>> $frmuser = $_POST['frmuser']; >>>>> $frmpass = $_POST['frmpass']; >>>>> >>>>> - // JEPH - Check for LDAP users enabled >>>>> - if($GLOBALS['CONFIG']['ldap_enable']) { >>>>> - require 'ldap-users.inc'; >>>>> - $ldap_success = ldap_login($frmuser, $frmpass); >>>>> - if(!empty($ldap_success)) { >>>>> - add_or_modify($frmuser, $frmpass); >>>>> - } >>>>> - } >>>>> - >>>>> // check login and md5() >>>>> // connect and execute query >>>>> $query = " >>>>> @@ -134,11 +125,11 @@ >>>>> >>>>> // if row exists - login/pass is correct >>>>> if (count($result) == 1) >>>>> - { >>>>> + { >>>>> // register the user's ID >>>>> $id = $result[0]['id']; >>>>> - $username = $result[0]['username']; >>>>> - $password = $result[0]['password']; >>>>> + $username = $result['username']; >>>>> + $password = $result['password']; >>>>> >>>>> // initiate a session >>>>> $_SESSION['uid'] = $id; >>>>> -----8<----- >>>>> >>>>> ...and add my routines to ldap-users.inc (all of this attached) but >>>>> in case this list strips attachments, test follows: >>>>> >>>>> -----8<----- >>>>> <?php >>>>> // ldap-users.inc >>>>> // >>>>> // Authenticate users against LDAP >>>>> // John E.P. Hynes/HyTronix [03/25/2015] >>>>> // >>>>> // Takes username/password and tries to bind. >>>>> // Return user name on success, FALSE on failure. >>>>> >>>>> function ldap_login($user, $pass) { >>>>> $ldap_host = $GLOBALS['CONFIG']['ldap_host']; >>>>> $ldap_port = $GLOBALS['CONFIG']['ldap_port']; >>>>> $base_dn = $GLOBALS['CONFIG']['base_dn']; >>>>> $searchfilter = $GLOBALS['CONFIG']['searchfilter']; >>>>> $bind_dn = $GLOBALS['CONFIG']['bind_dn']; >>>>> $bind_pw = $GLOBALS['CONFIG']['bind_pw']; >>>>> >>>>> $ldap_conn = ldap_connect($ldap_host, $ldap_port) >>>>> or error_log("ldap_connect() failed."); >>>>> >>>>> ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); >>>>> ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); >>>>> >>>>> $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) >>>>> or error_log("ldap_bind() failed."); >>>>> >>>>> $match_count = 1; >>>>> $this_filter = str_replace("%uid", $user, $searchfilter, >>>>> $match_count); >>>>> if(empty($this_filter)) { >>>>> error_log("Error in searchfilter with str_replace(), got >>>>> $this_filter"); >>>>> return FALSE; >>>>> } >>>>> >>>>> $attribute = array("uid"); >>>>> $search_results = @ldap_search($ldap_conn, $base_dn, >>>>> $this_filter, $attribute, 0, 2); >>>>> >>>>> if (!$search_results) { >>>>> error_log("Something went wrong in ldap_search."); >>>>> } >>>>> >>>>> if (ldap_count_entries($ldap_conn, $search_results) != 1) { >>>>> error_log("ldap_search() returned $search_results in error."); >>>>> return FALSE; >>>>> } >>>>> >>>>> $user_entry = ldap_first_entry($ldap_conn, $search_results); >>>>> $this_dn = ldap_get_dn($ldap_conn, $user_entry); >>>>> >>>>> $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); >>>>> if (!$user_bind) { >>>>> return FALSE; >>>>> } >>>>> >>>>> ldap_close($ldap_conn); >>>>> >>>>> return $user; >>>>> } >>>>> >>>>> function add_or_modify($username, $password) { >>>>> // Check to make sure user does not already exist >>>>> $pdo = $GLOBALS['pdo']; >>>>> $query = "SELECT COUNT(*) FROM >>>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; >>>>> if ($count = $pdo->query($query)) { >>>>> if ($count->fetchColumn() == 1) { >>>>> update_password($username, $password); >>>>> return; >>>>> } elseif ($count->fetchColumn() == 0) { >>>>> create_user($username, $password); >>>>> return; >>>>> } >>>>> else { >>>>> error_log("Database error - username not unique."); >>>>> } >>>>> } >>>>> >>>>> return; >>>>> } >>>>> >>>>> function update_password($username, $password) { >>>>> $pdo = $GLOBALS['pdo']; >>>>> $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user >>>>> SET password=md5(:password) WHERE username=:username"; >>>>> $stmt = $pdo->prepare($query); >>>>> $stmt->execute(array(':username' => $username, ':password' => >>>>> $password)); >>>>> >>>>> return; >>>>> } >>>>> >>>>> function create_user($username, $password) { >>>>> $pdo = $GLOBALS['pdo']; >>>>> $department = 1; >>>>> $phonenumber = "000-000-0000"; >>>>> $email = ""; >>>>> $lastname = ""; >>>>> $firstname = ""; >>>>> $can_add = 0; >>>>> $can_checkin = 0; >>>>> >>>>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user >>>>> (username, password, department, phone, Email,last_name, >>>>> first_name, can_add, can_checkin) >>>>> VALUES( >>>>> :username, >>>>> md5(:password), >>>>> :department, >>>>> :phonenumber, >>>>> :email, >>>>> :lastname, >>>>> :firstname, >>>>> :can_add, >>>>> :can_checkin >>>>> )"; >>>>> >>>>> $stmt = $pdo->prepare($query); >>>>> $stmt->execute(array( >>>>> ':username' => $username, >>>>> ':password' => $password, >>>>> ':department' => $department, >>>>> ':phonenumber' => $phonenumber, >>>>> ':email' => $email, >>>>> ':lastname' => $lastname, >>>>> ':firstname' => $firstname, >>>>> ':can_add' => $can_add, >>>>> ':can_checkin' => $can_checkin >>>>> )); >>>>> >>>>> $user_id = $pdo->lastInsertId();; >>>>> $admin = 0; >>>>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin >>>>> (id, admin) VALUES(:user_id, :admin)"; >>>>> $stmt = $pdo->prepare($query); >>>>> $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); >>>>> >>>>> return; >>>>> } >>>>> >>>>> ?> >>>>> -----8<----- >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>>> things parallel software development, from weekly thought leadership blogs to >>>>> news, videos, case studies, tutorials and more. Take a look and join the >>>>> conversation now. http://goparallel.sourceforge.net/ >>>>> >>>>> >>>>> _______________________________________________ >>>>> Opendocman-devel mailing list >>>>> Ope...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>> things parallel software development, from weekly thought leadership blogs to >>>> news, videos, case studies, tutorials and more. Take a look and join the >>>> conversation now. http://goparallel.sourceforge.net/ >>>> >>>> >>>> _______________________________________________ >>>> Opendocman-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>> things parallel software development, from weekly thought leadership blogs to >>> news, videos, case studies, tutorials and more. Take a look and join the >>> conversation now. http://goparallel.sourceforge.net/ >>> >>> >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel > |
From: opendocman d. d. <ope...@li...> - 2015-03-28 16:43:42
|
Hey Steve - Just wanted to let you know that I ended up having a chance to work on this quite a bit this weekend. I'll be making another commit soon with the code to try to fully populate the database from LDAP. On 03/26/2015 06:19 PM, opendocman development discussion wrote: > OK. Doing it this way will give me a chance to go back and put in more > error detection and other tidbits anyway. > > -John > > > On 03/26/2015 06:14 PM, opendocman development discussion wrote: >> Thanks John, >> >> Its been quiet in here, so it is welcome noise. :) >> >> Steve >> >> On 3/26/15 2:53 PM, opendocman development discussion wrote: >>> OK I figured git out. I made a fork and will submit my cleaned up >>> code that way. >>> >>> Sorry for the list noise! >>> >>> -John >>> >>> >>> On 03/26/2015 02:32 PM, opendocman development discussion wrote: >>>> Hey John, >>>> >>>> I will take a look at this over the weekend. It would be a good idea >>>> if you were to do this as a Pull Request at GitHub. Are you familiar >>>> with that process? >>>> >>>> Steve >>>> >>>> On 3/26/15 11:11 AM, opendocman development discussion wrote: >>>>> Hi Devs, >>>>> >>>>> I just wrote in support for getting user accounts from LDAP. >>>>> Basically, if this option is enabled, it will check LDAP for the >>>>> user who is being logged in. If the username and password match, >>>>> it'll then check the opendocman database to see if the user already >>>>> exists there. If it does, it synchronizes the password field with >>>>> the LDAP password. If not, it adds a new user with defaults. All >>>>> of this is against version 1.3.2. >>>>> >>>>> Anyway, I'm a C programmer, and this is the first thing I've really >>>>> tried in PHP, so if someone could give it the once over and offer >>>>> me some suggestions for improvement, that'd be great. >>>>> >>>>> Thanks, >>>>> >>>>> -John >>>>> >>>>> To test this out, you need the following in config.php: >>>>> >>>>> -----8<----- >>>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE; >>>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; >>>>> $GLOBALS['CONFIG']['ldap_port'] = '389'; >>>>> >>>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; >>>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; >>>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; >>>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; >>>>> -----8<----- >>>>> >>>>> ...and then patch index.php with this patch: >>>>> >>>>> -----8<----- >>>>> --- index.php 2015-03-26 13:42:01.781054000 -0400 >>>>> +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 >>>>> @@ -78,15 +78,6 @@ >>>>> $frmuser = $_POST['frmuser']; >>>>> $frmpass = $_POST['frmpass']; >>>>> >>>>> - // JEPH - Check for LDAP users enabled >>>>> - if($GLOBALS['CONFIG']['ldap_enable']) { >>>>> - require 'ldap-users.inc'; >>>>> - $ldap_success = ldap_login($frmuser, $frmpass); >>>>> - if(!empty($ldap_success)) { >>>>> - add_or_modify($frmuser, $frmpass); >>>>> - } >>>>> - } >>>>> - >>>>> // check login and md5() >>>>> // connect and execute query >>>>> $query = " >>>>> @@ -134,11 +125,11 @@ >>>>> >>>>> // if row exists - login/pass is correct >>>>> if (count($result) == 1) >>>>> - { >>>>> + { >>>>> // register the user's ID >>>>> $id = $result[0]['id']; >>>>> - $username = $result[0]['username']; >>>>> - $password = $result[0]['password']; >>>>> + $username = $result['username']; >>>>> + $password = $result['password']; >>>>> >>>>> // initiate a session >>>>> $_SESSION['uid'] = $id; >>>>> -----8<----- >>>>> >>>>> ...and add my routines to ldap-users.inc (all of this attached) but >>>>> in case this list strips attachments, test follows: >>>>> >>>>> -----8<----- >>>>> <?php >>>>> // ldap-users.inc >>>>> // >>>>> // Authenticate users against LDAP >>>>> // John E.P. Hynes/HyTronix [03/25/2015] >>>>> // >>>>> // Takes username/password and tries to bind. >>>>> // Return user name on success, FALSE on failure. >>>>> >>>>> function ldap_login($user, $pass) { >>>>> $ldap_host = $GLOBALS['CONFIG']['ldap_host']; >>>>> $ldap_port = $GLOBALS['CONFIG']['ldap_port']; >>>>> $base_dn = $GLOBALS['CONFIG']['base_dn']; >>>>> $searchfilter = $GLOBALS['CONFIG']['searchfilter']; >>>>> $bind_dn = $GLOBALS['CONFIG']['bind_dn']; >>>>> $bind_pw = $GLOBALS['CONFIG']['bind_pw']; >>>>> >>>>> $ldap_conn = ldap_connect($ldap_host, $ldap_port) >>>>> or error_log("ldap_connect() failed."); >>>>> >>>>> ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); >>>>> ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); >>>>> >>>>> $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) >>>>> or error_log("ldap_bind() failed."); >>>>> >>>>> $match_count = 1; >>>>> $this_filter = str_replace("%uid", $user, $searchfilter, >>>>> $match_count); >>>>> if(empty($this_filter)) { >>>>> error_log("Error in searchfilter with str_replace(), got >>>>> $this_filter"); >>>>> return FALSE; >>>>> } >>>>> >>>>> $attribute = array("uid"); >>>>> $search_results = @ldap_search($ldap_conn, $base_dn, >>>>> $this_filter, $attribute, 0, 2); >>>>> >>>>> if (!$search_results) { >>>>> error_log("Something went wrong in ldap_search."); >>>>> } >>>>> >>>>> if (ldap_count_entries($ldap_conn, $search_results) != 1) { >>>>> error_log("ldap_search() returned $search_results in error."); >>>>> return FALSE; >>>>> } >>>>> >>>>> $user_entry = ldap_first_entry($ldap_conn, $search_results); >>>>> $this_dn = ldap_get_dn($ldap_conn, $user_entry); >>>>> >>>>> $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); >>>>> if (!$user_bind) { >>>>> return FALSE; >>>>> } >>>>> >>>>> ldap_close($ldap_conn); >>>>> >>>>> return $user; >>>>> } >>>>> >>>>> function add_or_modify($username, $password) { >>>>> // Check to make sure user does not already exist >>>>> $pdo = $GLOBALS['pdo']; >>>>> $query = "SELECT COUNT(*) FROM >>>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; >>>>> if ($count = $pdo->query($query)) { >>>>> if ($count->fetchColumn() == 1) { >>>>> update_password($username, $password); >>>>> return; >>>>> } elseif ($count->fetchColumn() == 0) { >>>>> create_user($username, $password); >>>>> return; >>>>> } >>>>> else { >>>>> error_log("Database error - username not unique."); >>>>> } >>>>> } >>>>> >>>>> return; >>>>> } >>>>> >>>>> function update_password($username, $password) { >>>>> $pdo = $GLOBALS['pdo']; >>>>> $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user >>>>> SET password=md5(:password) WHERE username=:username"; >>>>> $stmt = $pdo->prepare($query); >>>>> $stmt->execute(array(':username' => $username, ':password' => >>>>> $password)); >>>>> >>>>> return; >>>>> } >>>>> >>>>> function create_user($username, $password) { >>>>> $pdo = $GLOBALS['pdo']; >>>>> $department = 1; >>>>> $phonenumber = "000-000-0000"; >>>>> $email = ""; >>>>> $lastname = ""; >>>>> $firstname = ""; >>>>> $can_add = 0; >>>>> $can_checkin = 0; >>>>> >>>>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user >>>>> (username, password, department, phone, Email,last_name, >>>>> first_name, can_add, can_checkin) >>>>> VALUES( >>>>> :username, >>>>> md5(:password), >>>>> :department, >>>>> :phonenumber, >>>>> :email, >>>>> :lastname, >>>>> :firstname, >>>>> :can_add, >>>>> :can_checkin >>>>> )"; >>>>> >>>>> $stmt = $pdo->prepare($query); >>>>> $stmt->execute(array( >>>>> ':username' => $username, >>>>> ':password' => $password, >>>>> ':department' => $department, >>>>> ':phonenumber' => $phonenumber, >>>>> ':email' => $email, >>>>> ':lastname' => $lastname, >>>>> ':firstname' => $firstname, >>>>> ':can_add' => $can_add, >>>>> ':can_checkin' => $can_checkin >>>>> )); >>>>> >>>>> $user_id = $pdo->lastInsertId();; >>>>> $admin = 0; >>>>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin >>>>> (id, admin) VALUES(:user_id, :admin)"; >>>>> $stmt = $pdo->prepare($query); >>>>> $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); >>>>> >>>>> return; >>>>> } >>>>> >>>>> ?> >>>>> -----8<----- >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>>> things parallel software development, from weekly thought leadership blogs to >>>>> news, videos, case studies, tutorials and more. Take a look and join the >>>>> conversation now. http://goparallel.sourceforge.net/ >>>>> >>>>> >>>>> _______________________________________________ >>>>> Opendocman-devel mailing list >>>>> Ope...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>> things parallel software development, from weekly thought leadership blogs to >>>> news, videos, case studies, tutorials and more. Take a look and join the >>>> conversation now. http://goparallel.sourceforge.net/ >>>> >>>> >>>> _______________________________________________ >>>> Opendocman-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>> things parallel software development, from weekly thought leadership blogs to >>> news, videos, case studies, tutorials and more. Take a look and join the >>> conversation now. http://goparallel.sourceforge.net/ >>> >>> >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel > |
From: opendocman d. d. <ope...@li...> - 2015-03-26 22:19:55
|
OK. Doing it this way will give me a chance to go back and put in more error detection and other tidbits anyway. -John On 03/26/2015 06:14 PM, opendocman development discussion wrote: > Thanks John, > > Its been quiet in here, so it is welcome noise. :) > > Steve > > On 3/26/15 2:53 PM, opendocman development discussion wrote: >> OK I figured git out. I made a fork and will submit my cleaned up >> code that way. >> >> Sorry for the list noise! >> >> -John >> >> >> On 03/26/2015 02:32 PM, opendocman development discussion wrote: >>> Hey John, >>> >>> I will take a look at this over the weekend. It would be a good idea >>> if you were to do this as a Pull Request at GitHub. Are you familiar >>> with that process? >>> >>> Steve >>> >>> On 3/26/15 11:11 AM, opendocman development discussion wrote: >>>> Hi Devs, >>>> >>>> I just wrote in support for getting user accounts from LDAP. >>>> Basically, if this option is enabled, it will check LDAP for the >>>> user who is being logged in. If the username and password match, >>>> it'll then check the opendocman database to see if the user already >>>> exists there. If it does, it synchronizes the password field with >>>> the LDAP password. If not, it adds a new user with defaults. All >>>> of this is against version 1.3.2. >>>> >>>> Anyway, I'm a C programmer, and this is the first thing I've really >>>> tried in PHP, so if someone could give it the once over and offer >>>> me some suggestions for improvement, that'd be great. >>>> >>>> Thanks, >>>> >>>> -John >>>> >>>> To test this out, you need the following in config.php: >>>> >>>> -----8<----- >>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE; >>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; >>>> $GLOBALS['CONFIG']['ldap_port'] = '389'; >>>> >>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; >>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; >>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; >>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; >>>> -----8<----- >>>> >>>> ...and then patch index.php with this patch: >>>> >>>> -----8<----- >>>> --- index.php 2015-03-26 13:42:01.781054000 -0400 >>>> +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 >>>> @@ -78,15 +78,6 @@ >>>> $frmuser = $_POST['frmuser']; >>>> $frmpass = $_POST['frmpass']; >>>> >>>> - // JEPH - Check for LDAP users enabled >>>> - if($GLOBALS['CONFIG']['ldap_enable']) { >>>> - require 'ldap-users.inc'; >>>> - $ldap_success = ldap_login($frmuser, $frmpass); >>>> - if(!empty($ldap_success)) { >>>> - add_or_modify($frmuser, $frmpass); >>>> - } >>>> - } >>>> - >>>> // check login and md5() >>>> // connect and execute query >>>> $query = " >>>> @@ -134,11 +125,11 @@ >>>> >>>> // if row exists - login/pass is correct >>>> if (count($result) == 1) >>>> - { >>>> + { >>>> // register the user's ID >>>> $id = $result[0]['id']; >>>> - $username = $result[0]['username']; >>>> - $password = $result[0]['password']; >>>> + $username = $result['username']; >>>> + $password = $result['password']; >>>> >>>> // initiate a session >>>> $_SESSION['uid'] = $id; >>>> -----8<----- >>>> >>>> ...and add my routines to ldap-users.inc (all of this attached) but >>>> in case this list strips attachments, test follows: >>>> >>>> -----8<----- >>>> <?php >>>> // ldap-users.inc >>>> // >>>> // Authenticate users against LDAP >>>> // John E.P. Hynes/HyTronix [03/25/2015] >>>> // >>>> // Takes username/password and tries to bind. >>>> // Return user name on success, FALSE on failure. >>>> >>>> function ldap_login($user, $pass) { >>>> $ldap_host = $GLOBALS['CONFIG']['ldap_host']; >>>> $ldap_port = $GLOBALS['CONFIG']['ldap_port']; >>>> $base_dn = $GLOBALS['CONFIG']['base_dn']; >>>> $searchfilter = $GLOBALS['CONFIG']['searchfilter']; >>>> $bind_dn = $GLOBALS['CONFIG']['bind_dn']; >>>> $bind_pw = $GLOBALS['CONFIG']['bind_pw']; >>>> >>>> $ldap_conn = ldap_connect($ldap_host, $ldap_port) >>>> or error_log("ldap_connect() failed."); >>>> >>>> ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); >>>> ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); >>>> >>>> $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) >>>> or error_log("ldap_bind() failed."); >>>> >>>> $match_count = 1; >>>> $this_filter = str_replace("%uid", $user, $searchfilter, >>>> $match_count); >>>> if(empty($this_filter)) { >>>> error_log("Error in searchfilter with str_replace(), got >>>> $this_filter"); >>>> return FALSE; >>>> } >>>> >>>> $attribute = array("uid"); >>>> $search_results = @ldap_search($ldap_conn, $base_dn, >>>> $this_filter, $attribute, 0, 2); >>>> >>>> if (!$search_results) { >>>> error_log("Something went wrong in ldap_search."); >>>> } >>>> >>>> if (ldap_count_entries($ldap_conn, $search_results) != 1) { >>>> error_log("ldap_search() returned $search_results in error."); >>>> return FALSE; >>>> } >>>> >>>> $user_entry = ldap_first_entry($ldap_conn, $search_results); >>>> $this_dn = ldap_get_dn($ldap_conn, $user_entry); >>>> >>>> $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); >>>> if (!$user_bind) { >>>> return FALSE; >>>> } >>>> >>>> ldap_close($ldap_conn); >>>> >>>> return $user; >>>> } >>>> >>>> function add_or_modify($username, $password) { >>>> // Check to make sure user does not already exist >>>> $pdo = $GLOBALS['pdo']; >>>> $query = "SELECT COUNT(*) FROM >>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; >>>> if ($count = $pdo->query($query)) { >>>> if ($count->fetchColumn() == 1) { >>>> update_password($username, $password); >>>> return; >>>> } elseif ($count->fetchColumn() == 0) { >>>> create_user($username, $password); >>>> return; >>>> } >>>> else { >>>> error_log("Database error - username not unique."); >>>> } >>>> } >>>> >>>> return; >>>> } >>>> >>>> function update_password($username, $password) { >>>> $pdo = $GLOBALS['pdo']; >>>> $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user >>>> SET password=md5(:password) WHERE username=:username"; >>>> $stmt = $pdo->prepare($query); >>>> $stmt->execute(array(':username' => $username, ':password' => >>>> $password)); >>>> >>>> return; >>>> } >>>> >>>> function create_user($username, $password) { >>>> $pdo = $GLOBALS['pdo']; >>>> $department = 1; >>>> $phonenumber = "000-000-0000"; >>>> $email = ""; >>>> $lastname = ""; >>>> $firstname = ""; >>>> $can_add = 0; >>>> $can_checkin = 0; >>>> >>>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user >>>> (username, password, department, phone, Email,last_name, >>>> first_name, can_add, can_checkin) >>>> VALUES( >>>> :username, >>>> md5(:password), >>>> :department, >>>> :phonenumber, >>>> :email, >>>> :lastname, >>>> :firstname, >>>> :can_add, >>>> :can_checkin >>>> )"; >>>> >>>> $stmt = $pdo->prepare($query); >>>> $stmt->execute(array( >>>> ':username' => $username, >>>> ':password' => $password, >>>> ':department' => $department, >>>> ':phonenumber' => $phonenumber, >>>> ':email' => $email, >>>> ':lastname' => $lastname, >>>> ':firstname' => $firstname, >>>> ':can_add' => $can_add, >>>> ':can_checkin' => $can_checkin >>>> )); >>>> >>>> $user_id = $pdo->lastInsertId();; >>>> $admin = 0; >>>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin >>>> (id, admin) VALUES(:user_id, :admin)"; >>>> $stmt = $pdo->prepare($query); >>>> $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); >>>> >>>> return; >>>> } >>>> >>>> ?> >>>> -----8<----- >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>>> things parallel software development, from weekly thought leadership blogs to >>>> news, videos, case studies, tutorials and more. Take a look and join the >>>> conversation now.http://goparallel.sourceforge.net/ >>>> >>>> >>>> _______________________________________________ >>>> Opendocman-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>> things parallel software development, from weekly thought leadership blogs to >>> news, videos, case studies, tutorials and more. Take a look and join the >>> conversation now.http://goparallel.sourceforge.net/ >>> >>> >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now.http://goparallel.sourceforge.net/ >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-03-26 22:15:06
|
Thanks John, Its been quiet in here, so it is welcome noise. :) Steve On 3/26/15 2:53 PM, opendocman development discussion wrote: > OK I figured git out. I made a fork and will submit my cleaned up > code that way. > > Sorry for the list noise! > > -John > > > On 03/26/2015 02:32 PM, opendocman development discussion wrote: >> Hey John, >> >> I will take a look at this over the weekend. It would be a good idea >> if you were to do this as a Pull Request at GitHub. Are you familiar >> with that process? >> >> Steve >> >> On 3/26/15 11:11 AM, opendocman development discussion wrote: >>> Hi Devs, >>> >>> I just wrote in support for getting user accounts from LDAP. >>> Basically, if this option is enabled, it will check LDAP for the >>> user who is being logged in. If the username and password match, >>> it'll then check the opendocman database to see if the user already >>> exists there. If it does, it synchronizes the password field with >>> the LDAP password. If not, it adds a new user with defaults. All >>> of this is against version 1.3.2. >>> >>> Anyway, I'm a C programmer, and this is the first thing I've really >>> tried in PHP, so if someone could give it the once over and offer me >>> some suggestions for improvement, that'd be great. >>> >>> Thanks, >>> >>> -John >>> >>> To test this out, you need the following in config.php: >>> >>> -----8<----- >>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE; >>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; >>> $GLOBALS['CONFIG']['ldap_port'] = '389'; >>> >>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; >>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; >>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; >>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; >>> -----8<----- >>> >>> ...and then patch index.php with this patch: >>> >>> -----8<----- >>> --- index.php 2015-03-26 13:42:01.781054000 -0400 >>> +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 >>> @@ -78,15 +78,6 @@ >>> $frmuser = $_POST['frmuser']; >>> $frmpass = $_POST['frmpass']; >>> >>> - // JEPH - Check for LDAP users enabled >>> - if($GLOBALS['CONFIG']['ldap_enable']) { >>> - require 'ldap-users.inc'; >>> - $ldap_success = ldap_login($frmuser, $frmpass); >>> - if(!empty($ldap_success)) { >>> - add_or_modify($frmuser, $frmpass); >>> - } >>> - } >>> - >>> // check login and md5() >>> // connect and execute query >>> $query = " >>> @@ -134,11 +125,11 @@ >>> >>> // if row exists - login/pass is correct >>> if (count($result) == 1) >>> - { >>> + { >>> // register the user's ID >>> $id = $result[0]['id']; >>> - $username = $result[0]['username']; >>> - $password = $result[0]['password']; >>> + $username = $result['username']; >>> + $password = $result['password']; >>> >>> // initiate a session >>> $_SESSION['uid'] = $id; >>> -----8<----- >>> >>> ...and add my routines to ldap-users.inc (all of this attached) but >>> in case this list strips attachments, test follows: >>> >>> -----8<----- >>> <?php >>> // ldap-users.inc >>> // >>> // Authenticate users against LDAP >>> // John E.P. Hynes/HyTronix [03/25/2015] >>> // >>> // Takes username/password and tries to bind. >>> // Return user name on success, FALSE on failure. >>> >>> function ldap_login($user, $pass) { >>> $ldap_host = $GLOBALS['CONFIG']['ldap_host']; >>> $ldap_port = $GLOBALS['CONFIG']['ldap_port']; >>> $base_dn = $GLOBALS['CONFIG']['base_dn']; >>> $searchfilter = $GLOBALS['CONFIG']['searchfilter']; >>> $bind_dn = $GLOBALS['CONFIG']['bind_dn']; >>> $bind_pw = $GLOBALS['CONFIG']['bind_pw']; >>> >>> $ldap_conn = ldap_connect($ldap_host, $ldap_port) >>> or error_log("ldap_connect() failed."); >>> >>> ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); >>> ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); >>> >>> $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) >>> or error_log("ldap_bind() failed."); >>> >>> $match_count = 1; >>> $this_filter = str_replace("%uid", $user, $searchfilter, >>> $match_count); >>> if(empty($this_filter)) { >>> error_log("Error in searchfilter with str_replace(), got >>> $this_filter"); >>> return FALSE; >>> } >>> >>> $attribute = array("uid"); >>> $search_results = @ldap_search($ldap_conn, $base_dn, >>> $this_filter, $attribute, 0, 2); >>> >>> if (!$search_results) { >>> error_log("Something went wrong in ldap_search."); >>> } >>> >>> if (ldap_count_entries($ldap_conn, $search_results) != 1) { >>> error_log("ldap_search() returned $search_results in error."); >>> return FALSE; >>> } >>> >>> $user_entry = ldap_first_entry($ldap_conn, $search_results); >>> $this_dn = ldap_get_dn($ldap_conn, $user_entry); >>> >>> $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); >>> if (!$user_bind) { >>> return FALSE; >>> } >>> >>> ldap_close($ldap_conn); >>> >>> return $user; >>> } >>> >>> function add_or_modify($username, $password) { >>> // Check to make sure user does not already exist >>> $pdo = $GLOBALS['pdo']; >>> $query = "SELECT COUNT(*) FROM >>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; >>> if ($count = $pdo->query($query)) { >>> if ($count->fetchColumn() == 1) { >>> update_password($username, $password); >>> return; >>> } elseif ($count->fetchColumn() == 0) { >>> create_user($username, $password); >>> return; >>> } >>> else { >>> error_log("Database error - username not unique."); >>> } >>> } >>> >>> return; >>> } >>> >>> function update_password($username, $password) { >>> $pdo = $GLOBALS['pdo']; >>> $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user >>> SET password=md5(:password) WHERE username=:username"; >>> $stmt = $pdo->prepare($query); >>> $stmt->execute(array(':username' => $username, ':password' => >>> $password)); >>> >>> return; >>> } >>> >>> function create_user($username, $password) { >>> $pdo = $GLOBALS['pdo']; >>> $department = 1; >>> $phonenumber = "000-000-0000"; >>> $email = ""; >>> $lastname = ""; >>> $firstname = ""; >>> $can_add = 0; >>> $can_checkin = 0; >>> >>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user >>> (username, password, department, phone, Email,last_name, >>> first_name, can_add, can_checkin) >>> VALUES( >>> :username, >>> md5(:password), >>> :department, >>> :phonenumber, >>> :email, >>> :lastname, >>> :firstname, >>> :can_add, >>> :can_checkin >>> )"; >>> >>> $stmt = $pdo->prepare($query); >>> $stmt->execute(array( >>> ':username' => $username, >>> ':password' => $password, >>> ':department' => $department, >>> ':phonenumber' => $phonenumber, >>> ':email' => $email, >>> ':lastname' => $lastname, >>> ':firstname' => $firstname, >>> ':can_add' => $can_add, >>> ':can_checkin' => $can_checkin >>> )); >>> >>> $user_id = $pdo->lastInsertId();; >>> $admin = 0; >>> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin >>> (id, admin) VALUES(:user_id, :admin)"; >>> $stmt = $pdo->prepare($query); >>> $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); >>> >>> return; >>> } >>> >>> ?> >>> -----8<----- >>> >>> >>> ------------------------------------------------------------------------------ >>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is your hub for all >>> things parallel software development, from weekly thought leadership blogs to >>> news, videos, case studies, tutorials and more. Take a look and join the >>> conversation now.http://goparallel.sourceforge.net/ >>> >>> >>> _______________________________________________ >>> Opendocman-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now.http://goparallel.sourceforge.net/ >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-03-26 21:53:21
|
OK I figured git out. I made a fork and will submit my cleaned up code that way. Sorry for the list noise! -John On 03/26/2015 02:32 PM, opendocman development discussion wrote: > Hey John, > > I will take a look at this over the weekend. It would be a good idea > if you were to do this as a Pull Request at GitHub. Are you familiar > with that process? > > Steve > > On 3/26/15 11:11 AM, opendocman development discussion wrote: >> Hi Devs, >> >> I just wrote in support for getting user accounts from LDAP. >> Basically, if this option is enabled, it will check LDAP for the user >> who is being logged in. If the username and password match, it'll >> then check the opendocman database to see if the user already exists >> there. If it does, it synchronizes the password field with the LDAP >> password. If not, it adds a new user with defaults. All of this is >> against version 1.3.2. >> >> Anyway, I'm a C programmer, and this is the first thing I've really >> tried in PHP, so if someone could give it the once over and offer me >> some suggestions for improvement, that'd be great. >> >> Thanks, >> >> -John >> >> To test this out, you need the following in config.php: >> >> -----8<----- >> $GLOBALS['CONFIG']['ldap_enable'] = TRUE; >> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; >> $GLOBALS['CONFIG']['ldap_port'] = '389'; >> >> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; >> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; >> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; >> $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; >> -----8<----- >> >> ...and then patch index.php with this patch: >> >> -----8<----- >> --- index.php 2015-03-26 13:42:01.781054000 -0400 >> +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 >> @@ -78,15 +78,6 @@ >> $frmuser = $_POST['frmuser']; >> $frmpass = $_POST['frmpass']; >> >> - // JEPH - Check for LDAP users enabled >> - if($GLOBALS['CONFIG']['ldap_enable']) { >> - require 'ldap-users.inc'; >> - $ldap_success = ldap_login($frmuser, $frmpass); >> - if(!empty($ldap_success)) { >> - add_or_modify($frmuser, $frmpass); >> - } >> - } >> - >> // check login and md5() >> // connect and execute query >> $query = " >> @@ -134,11 +125,11 @@ >> >> // if row exists - login/pass is correct >> if (count($result) == 1) >> - { >> + { >> // register the user's ID >> $id = $result[0]['id']; >> - $username = $result[0]['username']; >> - $password = $result[0]['password']; >> + $username = $result['username']; >> + $password = $result['password']; >> >> // initiate a session >> $_SESSION['uid'] = $id; >> -----8<----- >> >> ...and add my routines to ldap-users.inc (all of this attached) but >> in case this list strips attachments, test follows: >> >> -----8<----- >> <?php >> // ldap-users.inc >> // >> // Authenticate users against LDAP >> // John E.P. Hynes/HyTronix [03/25/2015] >> // >> // Takes username/password and tries to bind. >> // Return user name on success, FALSE on failure. >> >> function ldap_login($user, $pass) { >> $ldap_host = $GLOBALS['CONFIG']['ldap_host']; >> $ldap_port = $GLOBALS['CONFIG']['ldap_port']; >> $base_dn = $GLOBALS['CONFIG']['base_dn']; >> $searchfilter = $GLOBALS['CONFIG']['searchfilter']; >> $bind_dn = $GLOBALS['CONFIG']['bind_dn']; >> $bind_pw = $GLOBALS['CONFIG']['bind_pw']; >> >> $ldap_conn = ldap_connect($ldap_host, $ldap_port) >> or error_log("ldap_connect() failed."); >> >> ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); >> ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); >> >> $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) >> or error_log("ldap_bind() failed."); >> >> $match_count = 1; >> $this_filter = str_replace("%uid", $user, $searchfilter, >> $match_count); >> if(empty($this_filter)) { >> error_log("Error in searchfilter with str_replace(), got >> $this_filter"); >> return FALSE; >> } >> >> $attribute = array("uid"); >> $search_results = @ldap_search($ldap_conn, $base_dn, >> $this_filter, $attribute, 0, 2); >> >> if (!$search_results) { >> error_log("Something went wrong in ldap_search."); >> } >> >> if (ldap_count_entries($ldap_conn, $search_results) != 1) { >> error_log("ldap_search() returned $search_results in error."); >> return FALSE; >> } >> >> $user_entry = ldap_first_entry($ldap_conn, $search_results); >> $this_dn = ldap_get_dn($ldap_conn, $user_entry); >> >> $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); >> if (!$user_bind) { >> return FALSE; >> } >> >> ldap_close($ldap_conn); >> >> return $user; >> } >> >> function add_or_modify($username, $password) { >> // Check to make sure user does not already exist >> $pdo = $GLOBALS['pdo']; >> $query = "SELECT COUNT(*) FROM >> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; >> if ($count = $pdo->query($query)) { >> if ($count->fetchColumn() == 1) { >> update_password($username, $password); >> return; >> } elseif ($count->fetchColumn() == 0) { >> create_user($username, $password); >> return; >> } >> else { >> error_log("Database error - username not unique."); >> } >> } >> >> return; >> } >> >> function update_password($username, $password) { >> $pdo = $GLOBALS['pdo']; >> $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user >> SET password=md5(:password) WHERE username=:username"; >> $stmt = $pdo->prepare($query); >> $stmt->execute(array(':username' => $username, ':password' => >> $password)); >> >> return; >> } >> >> function create_user($username, $password) { >> $pdo = $GLOBALS['pdo']; >> $department = 1; >> $phonenumber = "000-000-0000"; >> $email = ""; >> $lastname = ""; >> $firstname = ""; >> $can_add = 0; >> $can_checkin = 0; >> >> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user >> (username, password, department, phone, Email,last_name, >> first_name, can_add, can_checkin) >> VALUES( >> :username, >> md5(:password), >> :department, >> :phonenumber, >> :email, >> :lastname, >> :firstname, >> :can_add, >> :can_checkin >> )"; >> >> $stmt = $pdo->prepare($query); >> $stmt->execute(array( >> ':username' => $username, >> ':password' => $password, >> ':department' => $department, >> ':phonenumber' => $phonenumber, >> ':email' => $email, >> ':lastname' => $lastname, >> ':firstname' => $firstname, >> ':can_add' => $can_add, >> ':can_checkin' => $can_checkin >> )); >> >> $user_id = $pdo->lastInsertId();; >> $admin = 0; >> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, >> admin) VALUES(:user_id, :admin)"; >> $stmt = $pdo->prepare($query); >> $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); >> >> return; >> } >> >> ?> >> -----8<----- >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now.http://goparallel.sourceforge.net/ >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-03-26 18:56:36
|
No I'm not but I'll start reading the manual tonight. I've only confirmed it works so far, no extensive testing. I should probably add more defaults in the config too. Anyway, I'll hold off until you've had a chance to tell me if I'm going in the wrong direction or not. -John On 03/26/2015 02:32 PM, opendocman development discussion wrote: > Hey John, > > I will take a look at this over the weekend. It would be a good idea > if you were to do this as a Pull Request at GitHub. Are you familiar > with that process? > > Steve > > On 3/26/15 11:11 AM, opendocman development discussion wrote: >> Hi Devs, >> >> I just wrote in support for getting user accounts from LDAP. >> Basically, if this option is enabled, it will check LDAP for the user >> who is being logged in. If the username and password match, it'll >> then check the opendocman database to see if the user already exists >> there. If it does, it synchronizes the password field with the LDAP >> password. If not, it adds a new user with defaults. All of this is >> against version 1.3.2. >> >> Anyway, I'm a C programmer, and this is the first thing I've really >> tried in PHP, so if someone could give it the once over and offer me >> some suggestions for improvement, that'd be great. >> >> Thanks, >> >> -John >> >> To test this out, you need the following in config.php: >> >> -----8<----- >> $GLOBALS['CONFIG']['ldap_enable'] = TRUE; >> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; >> $GLOBALS['CONFIG']['ldap_port'] = '389'; >> >> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; >> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; >> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; >> $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; >> -----8<----- >> >> ...and then patch index.php with this patch: >> >> -----8<----- >> --- index.php 2015-03-26 13:42:01.781054000 -0400 >> +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 >> @@ -78,15 +78,6 @@ >> $frmuser = $_POST['frmuser']; >> $frmpass = $_POST['frmpass']; >> >> - // JEPH - Check for LDAP users enabled >> - if($GLOBALS['CONFIG']['ldap_enable']) { >> - require 'ldap-users.inc'; >> - $ldap_success = ldap_login($frmuser, $frmpass); >> - if(!empty($ldap_success)) { >> - add_or_modify($frmuser, $frmpass); >> - } >> - } >> - >> // check login and md5() >> // connect and execute query >> $query = " >> @@ -134,11 +125,11 @@ >> >> // if row exists - login/pass is correct >> if (count($result) == 1) >> - { >> + { >> // register the user's ID >> $id = $result[0]['id']; >> - $username = $result[0]['username']; >> - $password = $result[0]['password']; >> + $username = $result['username']; >> + $password = $result['password']; >> >> // initiate a session >> $_SESSION['uid'] = $id; >> -----8<----- >> >> ...and add my routines to ldap-users.inc (all of this attached) but >> in case this list strips attachments, test follows: >> >> -----8<----- >> <?php >> // ldap-users.inc >> // >> // Authenticate users against LDAP >> // John E.P. Hynes/HyTronix [03/25/2015] >> // >> // Takes username/password and tries to bind. >> // Return user name on success, FALSE on failure. >> >> function ldap_login($user, $pass) { >> $ldap_host = $GLOBALS['CONFIG']['ldap_host']; >> $ldap_port = $GLOBALS['CONFIG']['ldap_port']; >> $base_dn = $GLOBALS['CONFIG']['base_dn']; >> $searchfilter = $GLOBALS['CONFIG']['searchfilter']; >> $bind_dn = $GLOBALS['CONFIG']['bind_dn']; >> $bind_pw = $GLOBALS['CONFIG']['bind_pw']; >> >> $ldap_conn = ldap_connect($ldap_host, $ldap_port) >> or error_log("ldap_connect() failed."); >> >> ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); >> ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); >> >> $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) >> or error_log("ldap_bind() failed."); >> >> $match_count = 1; >> $this_filter = str_replace("%uid", $user, $searchfilter, >> $match_count); >> if(empty($this_filter)) { >> error_log("Error in searchfilter with str_replace(), got >> $this_filter"); >> return FALSE; >> } >> >> $attribute = array("uid"); >> $search_results = @ldap_search($ldap_conn, $base_dn, >> $this_filter, $attribute, 0, 2); >> >> if (!$search_results) { >> error_log("Something went wrong in ldap_search."); >> } >> >> if (ldap_count_entries($ldap_conn, $search_results) != 1) { >> error_log("ldap_search() returned $search_results in error."); >> return FALSE; >> } >> >> $user_entry = ldap_first_entry($ldap_conn, $search_results); >> $this_dn = ldap_get_dn($ldap_conn, $user_entry); >> >> $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); >> if (!$user_bind) { >> return FALSE; >> } >> >> ldap_close($ldap_conn); >> >> return $user; >> } >> >> function add_or_modify($username, $password) { >> // Check to make sure user does not already exist >> $pdo = $GLOBALS['pdo']; >> $query = "SELECT COUNT(*) FROM >> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; >> if ($count = $pdo->query($query)) { >> if ($count->fetchColumn() == 1) { >> update_password($username, $password); >> return; >> } elseif ($count->fetchColumn() == 0) { >> create_user($username, $password); >> return; >> } >> else { >> error_log("Database error - username not unique."); >> } >> } >> >> return; >> } >> >> function update_password($username, $password) { >> $pdo = $GLOBALS['pdo']; >> $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user >> SET password=md5(:password) WHERE username=:username"; >> $stmt = $pdo->prepare($query); >> $stmt->execute(array(':username' => $username, ':password' => >> $password)); >> >> return; >> } >> >> function create_user($username, $password) { >> $pdo = $GLOBALS['pdo']; >> $department = 1; >> $phonenumber = "000-000-0000"; >> $email = ""; >> $lastname = ""; >> $firstname = ""; >> $can_add = 0; >> $can_checkin = 0; >> >> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user >> (username, password, department, phone, Email,last_name, >> first_name, can_add, can_checkin) >> VALUES( >> :username, >> md5(:password), >> :department, >> :phonenumber, >> :email, >> :lastname, >> :firstname, >> :can_add, >> :can_checkin >> )"; >> >> $stmt = $pdo->prepare($query); >> $stmt->execute(array( >> ':username' => $username, >> ':password' => $password, >> ':department' => $department, >> ':phonenumber' => $phonenumber, >> ':email' => $email, >> ':lastname' => $lastname, >> ':firstname' => $firstname, >> ':can_add' => $can_add, >> ':can_checkin' => $can_checkin >> )); >> >> $user_id = $pdo->lastInsertId();; >> $admin = 0; >> $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, >> admin) VALUES(:user_id, :admin)"; >> $stmt = $pdo->prepare($query); >> $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); >> >> return; >> } >> >> ?> >> -----8<----- >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now.http://goparallel.sourceforge.net/ >> >> >> _______________________________________________ >> Opendocman-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opendocman-devel > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-03-26 18:49:20
|
Hey John, I will take a look at this over the weekend. It would be a good idea if you were to do this as a Pull Request at GitHub. Are you familiar with that process? Steve On 3/26/15 11:11 AM, opendocman development discussion wrote: > Hi Devs, > > I just wrote in support for getting user accounts from LDAP. > Basically, if this option is enabled, it will check LDAP for the user > who is being logged in. If the username and password match, it'll > then check the opendocman database to see if the user already exists > there. If it does, it synchronizes the password field with the LDAP > password. If not, it adds a new user with defaults. All of this is > against version 1.3.2. > > Anyway, I'm a C programmer, and this is the first thing I've really > tried in PHP, so if someone could give it the once over and offer me > some suggestions for improvement, that'd be great. > > Thanks, > > -John > > To test this out, you need the following in config.php: > > -----8<----- > $GLOBALS['CONFIG']['ldap_enable'] = TRUE; > $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; > $GLOBALS['CONFIG']['ldap_port'] = '389'; > > $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; > $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; > $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; > $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; > -----8<----- > > ...and then patch index.php with this patch: > > -----8<----- > --- index.php 2015-03-26 13:42:01.781054000 -0400 > +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 > @@ -78,15 +78,6 @@ > $frmuser = $_POST['frmuser']; > $frmpass = $_POST['frmpass']; > > - // JEPH - Check for LDAP users enabled > - if($GLOBALS['CONFIG']['ldap_enable']) { > - require 'ldap-users.inc'; > - $ldap_success = ldap_login($frmuser, $frmpass); > - if(!empty($ldap_success)) { > - add_or_modify($frmuser, $frmpass); > - } > - } > - > // check login and md5() > // connect and execute query > $query = " > @@ -134,11 +125,11 @@ > > // if row exists - login/pass is correct > if (count($result) == 1) > - { > + { > // register the user's ID > $id = $result[0]['id']; > - $username = $result[0]['username']; > - $password = $result[0]['password']; > + $username = $result['username']; > + $password = $result['password']; > > // initiate a session > $_SESSION['uid'] = $id; > -----8<----- > > ...and add my routines to ldap-users.inc (all of this attached) but in > case this list strips attachments, test follows: > > -----8<----- > <?php > // ldap-users.inc > // > // Authenticate users against LDAP > // John E.P. Hynes/HyTronix [03/25/2015] > // > // Takes username/password and tries to bind. > // Return user name on success, FALSE on failure. > > function ldap_login($user, $pass) { > $ldap_host = $GLOBALS['CONFIG']['ldap_host']; > $ldap_port = $GLOBALS['CONFIG']['ldap_port']; > $base_dn = $GLOBALS['CONFIG']['base_dn']; > $searchfilter = $GLOBALS['CONFIG']['searchfilter']; > $bind_dn = $GLOBALS['CONFIG']['bind_dn']; > $bind_pw = $GLOBALS['CONFIG']['bind_pw']; > > $ldap_conn = ldap_connect($ldap_host, $ldap_port) > or error_log("ldap_connect() failed."); > > ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); > ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); > > $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) > or error_log("ldap_bind() failed."); > > $match_count = 1; > $this_filter = str_replace("%uid", $user, $searchfilter, > $match_count); > if(empty($this_filter)) { > error_log("Error in searchfilter with str_replace(), got > $this_filter"); > return FALSE; > } > > $attribute = array("uid"); > $search_results = @ldap_search($ldap_conn, $base_dn, $this_filter, > $attribute, 0, 2); > > if (!$search_results) { > error_log("Something went wrong in ldap_search."); > } > > if (ldap_count_entries($ldap_conn, $search_results) != 1) { > error_log("ldap_search() returned $search_results in error."); > return FALSE; > } > > $user_entry = ldap_first_entry($ldap_conn, $search_results); > $this_dn = ldap_get_dn($ldap_conn, $user_entry); > > $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); > if (!$user_bind) { > return FALSE; > } > > ldap_close($ldap_conn); > > return $user; > } > > function add_or_modify($username, $password) { > // Check to make sure user does not already exist > $pdo = $GLOBALS['pdo']; > $query = "SELECT COUNT(*) FROM > {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; > if ($count = $pdo->query($query)) { > if ($count->fetchColumn() == 1) { > update_password($username, $password); > return; > } elseif ($count->fetchColumn() == 0) { > create_user($username, $password); > return; > } > else { > error_log("Database error - username not unique."); > } > } > > return; > } > > function update_password($username, $password) { > $pdo = $GLOBALS['pdo']; > $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user > SET password=md5(:password) WHERE username=:username"; > $stmt = $pdo->prepare($query); > $stmt->execute(array(':username' => $username, ':password' => > $password)); > > return; > } > > function create_user($username, $password) { > $pdo = $GLOBALS['pdo']; > $department = 1; > $phonenumber = "000-000-0000"; > $email = ""; > $lastname = ""; > $firstname = ""; > $can_add = 0; > $can_checkin = 0; > > $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user > (username, password, department, phone, Email,last_name, > first_name, can_add, can_checkin) > VALUES( > :username, > md5(:password), > :department, > :phonenumber, > :email, > :lastname, > :firstname, > :can_add, > :can_checkin > )"; > > $stmt = $pdo->prepare($query); > $stmt->execute(array( > ':username' => $username, > ':password' => $password, > ':department' => $department, > ':phonenumber' => $phonenumber, > ':email' => $email, > ':lastname' => $lastname, > ':firstname' => $firstname, > ':can_add' => $can_add, > ':can_checkin' => $can_checkin > )); > > $user_id = $pdo->lastInsertId();; > $admin = 0; > $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, > admin) VALUES(:user_id, :admin)"; > $stmt = $pdo->prepare($query); > $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); > > return; > } > > ?> > -----8<----- > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Opendocman-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opendocman-devel |
From: opendocman d. d. <ope...@li...> - 2015-03-26 18:29:13
|
Hi Devs, I just wrote in support for getting user accounts from LDAP. Basically, if this option is enabled, it will check LDAP for the user who is being logged in. If the username and password match, it'll then check the opendocman database to see if the user already exists there. If it does, it synchronizes the password field with the LDAP password. If not, it adds a new user with defaults. All of this is against version 1.3.2. Anyway, I'm a C programmer, and this is the first thing I've really tried in PHP, so if someone could give it the once over and offer me some suggestions for improvement, that'd be great. Thanks, -John To test this out, you need the following in config.php: -----8<----- $GLOBALS['CONFIG']['ldap_enable'] = TRUE; $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com'; $GLOBALS['CONFIG']['ldap_port'] = '389'; $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com"; $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))"; $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com"; $GLOBALS['CONFIG']['bind_pw'] = "managers_password"; -----8<----- ...and then patch index.php with this patch: -----8<----- --- index.php 2015-03-26 13:42:01.781054000 -0400 +++ index.php-orig 2015-03-26 13:49:07.721054000 -0400 @@ -78,15 +78,6 @@ $frmuser = $_POST['frmuser']; $frmpass = $_POST['frmpass']; - // JEPH - Check for LDAP users enabled - if($GLOBALS['CONFIG']['ldap_enable']) { - require 'ldap-users.inc'; - $ldap_success = ldap_login($frmuser, $frmpass); - if(!empty($ldap_success)) { - add_or_modify($frmuser, $frmpass); - } - } - // check login and md5() // connect and execute query $query = " @@ -134,11 +125,11 @@ // if row exists - login/pass is correct if (count($result) == 1) - { + { // register the user's ID $id = $result[0]['id']; - $username = $result[0]['username']; - $password = $result[0]['password']; + $username = $result['username']; + $password = $result['password']; // initiate a session $_SESSION['uid'] = $id; -----8<----- ...and add my routines to ldap-users.inc (all of this attached) but in case this list strips attachments, test follows: -----8<----- <?php // ldap-users.inc // // Authenticate users against LDAP // John E.P. Hynes/HyTronix [03/25/2015] // // Takes username/password and tries to bind. // Return user name on success, FALSE on failure. function ldap_login($user, $pass) { $ldap_host = $GLOBALS['CONFIG']['ldap_host']; $ldap_port = $GLOBALS['CONFIG']['ldap_port']; $base_dn = $GLOBALS['CONFIG']['base_dn']; $searchfilter = $GLOBALS['CONFIG']['searchfilter']; $bind_dn = $GLOBALS['CONFIG']['bind_dn']; $bind_pw = $GLOBALS['CONFIG']['bind_pw']; $ldap_conn = ldap_connect($ldap_host, $ldap_port) or error_log("ldap_connect() failed."); ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw) or error_log("ldap_bind() failed."); $match_count = 1; $this_filter = str_replace("%uid", $user, $searchfilter, $match_count); if(empty($this_filter)) { error_log("Error in searchfilter with str_replace(), got $this_filter"); return FALSE; } $attribute = array("uid"); $search_results = @ldap_search($ldap_conn, $base_dn, $this_filter, $attribute, 0, 2); if (!$search_results) { error_log("Something went wrong in ldap_search."); } if (ldap_count_entries($ldap_conn, $search_results) != 1) { error_log("ldap_search() returned $search_results in error."); return FALSE; } $user_entry = ldap_first_entry($ldap_conn, $search_results); $this_dn = ldap_get_dn($ldap_conn, $user_entry); $user_bind = ldap_bind($ldap_conn, $this_dn, $pass); if (!$user_bind) { return FALSE; } ldap_close($ldap_conn); return $user; } function add_or_modify($username, $password) { // Check to make sure user does not already exist $pdo = $GLOBALS['pdo']; $query = "SELECT COUNT(*) FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'"; if ($count = $pdo->query($query)) { if ($count->fetchColumn() == 1) { update_password($username, $password); return; } elseif ($count->fetchColumn() == 0) { create_user($username, $password); return; } else { error_log("Database error - username not unique."); } } return; } function update_password($username, $password) { $pdo = $GLOBALS['pdo']; $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user SET password=md5(:password) WHERE username=:username"; $stmt = $pdo->prepare($query); $stmt->execute(array(':username' => $username, ':password' => $password)); return; } function create_user($username, $password) { $pdo = $GLOBALS['pdo']; $department = 1; $phonenumber = "000-000-0000"; $email = ""; $lastname = ""; $firstname = ""; $can_add = 0; $can_checkin = 0; $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user (username, password, department, phone, Email,last_name, first_name, can_add, can_checkin) VALUES( :username, md5(:password), :department, :phonenumber, :email, :lastname, :firstname, :can_add, :can_checkin )"; $stmt = $pdo->prepare($query); $stmt->execute(array( ':username' => $username, ':password' => $password, ':department' => $department, ':phonenumber' => $phonenumber, ':email' => $email, ':lastname' => $lastname, ':firstname' => $firstname, ':can_add' => $can_add, ':can_checkin' => $can_checkin )); $user_id = $pdo->lastInsertId();; $admin = 0; $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, admin) VALUES(:user_id, :admin)"; $stmt = $pdo->prepare($query); $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin)); return; } ?> -----8<----- |
From: opendocman d. d. <ope...@li...> - 2012-04-24 22:37:47
|
Revision: 906 http://opendocman.svn.sourceforge.net/opendocman/?rev=906&view=rev Author: logart Date: 2012-04-24 22:37:40 +0000 (Tue, 24 Apr 2012) Log Message: ----------- 0000260: Multiple-upload feature (for non-IE browsers only) Modified Paths: -------------- opendocman/trunk/add.php Modified: opendocman/trunk/add.php =================================================================== --- opendocman/trunk/add.php 2012-04-18 17:53:27 UTC (rev 905) +++ opendocman/trunk/add.php 2012-04-24 22:37:40 UTC (rev 906) @@ -138,7 +138,8 @@ <td> <a class="body" tabindex=1 href="help.html#Add_File_-_File_Location" onClick="return popup(this, 'Help')" style="text-decoration:none"><?php echo msg('label_file_location');?></a> </td> - <td colspan=3><input tabindex="0" name="file" type="file"> + <td colspan=3> + <input tabindex="0" name="file[]" type="file" multiple="multiple"> </td> </tr> @@ -428,16 +429,42 @@ } else { - //submited form - // change this to 100 if you want to add 100 of the same files automatically. For debuging purpose only - for($khoa = 0; $khoa<1; $khoa++) + //invalid file + if (empty($_FILES)) { - //invalid file - if(empty($_FILES)) + header('Location:error.php?ec=11'); + exit; + } + + $numberOfFiles = count($_FILES['file']['name']); + + // First we need to make sure all files are allowed types + for ($count = 0; $count < $numberOfFiles; $count++) + { + // check file type + foreach ($GLOBALS['CONFIG']['allowedFileTypes'] as $thistype) { - header('Location:error.php?ec=11'); + if ($_FILES['file']['type'][$count] == $thistype) + { + $allowedFile = 1; + break; + } else + { + $allowedFile = 0; + } + } + // illegal file type! + if ($allowedFile != 1) + { + $last_message = 'MIMETYPE: ' . $_FILES['file']['type'][$count] . ' Failed'; + header('Location:error.php?ec=13&last_message=' . urlencode($last_message)); exit; } + } + + //submited form + for ($count = 0; $count<$numberOfFiles; $count++) + { if ($GLOBALS['CONFIG']['authorization'] == 'True') { @@ -468,41 +495,19 @@ list($current_user_dept) = mysql_fetch_row($result); } // File is bigger than what php.ini post/upload/memory limits allow. - if($_FILES['file']['error'] == '1') + if($_FILES['file']['error'][$count] == '1') { header('Location:error.php?ec=26'); exit; } // File too big? - if($_FILES['file']['size'] > $GLOBALS['CONFIG']['max_filesize'] ) + if($_FILES['file']['size'][$count] > $GLOBALS['CONFIG']['max_filesize'] ) { header('Location:error.php?ec=25'); exit; } - // check file type - foreach($GLOBALS['CONFIG']['allowedFileTypes'] as $thistype) - { - if ($_FILES['file']['type'] == $thistype) - { - $allowedFile = 1; - break; - } - else - { - $allowedFile = 0; - } - } - // illegal file type! - if ($allowedFile != 1) - { - $last_message='MIMETYPE: ' . $_FILES['file']['type'] . ' Failed'; - header('Location:error.php?ec=13&last_message=' . urlencode($last_message)); - exit; - } - - // Check to make sure the dir is available and writeable if (!is_dir($GLOBALS['CONFIG']['dataDir'])) { @@ -554,7 +559,7 @@ 0, '" . addslashes($_REQUEST['category']) . "', '" . addslashes($owner_id) . "', - '" . addslashes($_FILES['file']['name']) . "', + '" . addslashes($_FILES['file']['name'][$count]) . "', NOW(), '" . addslashes($_REQUEST['description']) . "', '" . addslashes($current_user_dept) . "', @@ -623,27 +628,23 @@ // save uploaded file with new name $newFileName = $fileId . '.dat'; - if($khoa==0) + if (!is_uploaded_file($_FILES['file']['tmp_name'][$count])) { - if (!is_uploaded_file ($_FILES['file']['tmp_name'])) - { - header('Location: error.php?ec=18'); - exit; - } - move_uploaded_file($_FILES['file']['tmp_name'], $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName); + header('Location: error.php?ec=18'); + exit; } - else - { - copy($GLOBALS['CONFIG']['dataDir'] . '/' . ($fileId-1) . '.dat', $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName); - } + move_uploaded_file($_FILES['file']['tmp_name'][$count], $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName); + + //copy($GLOBALS['CONFIG']['dataDir'] . '/' . ($fileId-1) . '.dat', $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName); + // back to main page $message = urlencode(msg('message_document_added')); // Call the plugin API - callPluginMethod('onAfterAdd',$fileId); - - header('Location: details.php?id=' . $fileId . '&last_message=' . $message); + callPluginMethod('onAfterAdd', $fileId); } + header('Location: details.php?id=' . $fileId . '&last_message=' . $message); + exit; } ?> <script type="text/javascript"> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: opendocman d. d. <ope...@li...> - 2012-04-18 17:53:33
|
Revision: 905 http://opendocman.svn.sourceforge.net/opendocman/?rev=905&view=rev Author: logart Date: 2012-04-18 17:53:27 +0000 (Wed, 18 Apr 2012) Log Message: ----------- 1.2.6.1 release - 0000464: [User Interface] Install folder warning message breaks tweeter theme in IE (logart) - resolved. - 0000463: [Core] Not able to download previous version of document. (logart) - resolved. - 0000462: [Database] Reviewer cannot admin files that are in review queue (logart) - resolved. - 0000291: [Input Validation] Input validation - admin tools (logart) - resolved. - 0000455: [User Interface] Edit/Add User - Admin checkbox should show/hide reviewer selection list (logart) - resolved. - 0000456: [User Interface] Buttons on various forms are not aligned nicely in all browsers (logart) - resolved. - 0000453: [User Interface] UI - Clicking cancel on the Add User screen causing input validation to fire off (logart) - resolved. - 0000458: [Error] undefined index last_message - admin pages (logart) - resolved. - 0000461: [Core] Delete/Undelete - Undelete file not working. (logart) - resolved. - 0000324: [Core] Admin users should see all reviewable files (logart) - resolved. Added Paths: ----------- opendocman/tags/1.2.6.1-release/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |