Geen variable $test na tweede submit

Overzicht Reageren

Sponsored by: Vacatures door Monsterboard

Underdogg W

underdogg W

13/03/2019 14:20:39
Quote Anchor link
Hallo,
Ik wil een AD wachtwoord reset script maken.
De eerste form is om de gebruiker uit AD te halen en de gegevens op te halen.
Als de gebruiker gelocked is dan wordt een mail gestuurd naar de gebruiker met een code.

Er verschijnt een tweede form om de code in te vullen. Na het drukken van de 2e submit moet de mail code vergeleken worden met wat in het code veld staat. Het laatste werkt niet.

Wat doe ik verkeerd? Als je het script kan verbeteren, dan hoor ik dat ook graag :)


Code:
<div class="reset">
<form name="form" method="post">
Username: <input type="text" name="username">
<input type="submit">
</form>
</div>

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
<?php
//------------------
// Connect to the LDAP server
//------------------

include '../Beheer/psl-config.php';
include '../Beheer/functions.php';

$ldapconn = ldap_connect($ADserver)
    or die("Could not connect to LDAP server.");

if (FALSE === $ldapconn){
    die("<p>Failed to connect to the LDAP server </p>");
}


ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)
    or die("Unable to set LDAP protocol version");

ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); //we need this for doing an LDAP search


if (TRUE !== ldap_bind($ldapconn, $ldaprdn, $ldappass)){
    die("<p>Failed to bind to LDAP server.</p>");    
}


    //------------------
    // Get a list of all AD users
    // https://www.geekshangout.com/php-example-get-data-active-directory-via-ldap/
    //------------------

if(isset($_POST['username']) && !empty($_POST['username'])){
    $username = htmlspecialchars ($_POST['username']);
}


$ldap_filter = "(&(objectCategory=user)(samaccountname=$username))";
$result = ldap_search($ldapconn, $ldap_base, $ldap_filter)
    or die ("Error in search query:".ldap_error($ldapconn));

if (FALSE !== $result){
    $GetEntries = ldap_get_entries($ldapconn, $result);
    $FirstEntry = ldap_first_entry($ldapconn, $result);  
    
    // For each account returned by AD    
    for ($x=0; $x<$GetEntries['count']; $x++){
            
        //
        //Retrieve values from AD
        //
        
        //Windows Username

        $LDAP_samaccountname = "";
        if (!empty($GetEntries[$x]['samaccountname'][0])){
            $LDAP_samaccountname = $GetEntries[$x]['samaccountname'][0];
            if ($LDAP_samaccountname == "NULL"){
                $LDAP_samaccountname = "";
            }
        }

        else {
            //#There is no samaccountname s0 assume this is an AD contact record so generate a unique username
            $LDAP_uSNCreated = $GetEntries[$x]['usncreated'][0];
            $LDAP_samaccountname = "CONTACT_" . $LDAP_uSNCreated;
        }

        
        //account status
        $LDAP_status= "";
        if (!empty($GetEntries[$x]['useraccountcontrol'][0])){
            $LDAP_status = $GetEntries[$x]['useraccountcontrol'][0];
            if ($LDAP_status == "NULL"){
                $LDAP_status = "";
            }

            if ($LDAP_status == "16"){
                $LDAP_status = "Lockout";
            }

            if ($LDAP_status == "512"){
                $LDAP_status = "Enabled";
            }

            if ($LDAP_status == "514"){
                $LDAP_status = "Disabled";
            }

            if ($LDAP_status == "544"){
                $LDAP_status = "Enabled, Password not required";
            }

            if ($LDAP_status == "546"){
                $LDAP_status = "Disabled, Password not required";
            }

            if ($LDAP_status == "66048"){
                $LDAP_status = "Enabled, Password doesn't expire";
            }

            if ($LDAP_status == "66050"){
                $LDAP_status = "Disabled, Password doesn't expire";
            }
        }

        
        //Lockout
        $LDAP_lockout= "";
        $lockoutTime = ldap_get_values($ldapconn, $FirstEntry, "lockoutTime");
        if ($lockoutTime[0] == 0){
            $LDAP_lockout = "No";
            $to = AD_Entries($GetEntries,'mail');
            $test = Send_mail($to);
            echo "line 106 &nbsp" . $test . "<br/>";
        }

        
        if ($lockoutTime[0] == 1){
            $LDAP_lockout = "Yes";
        }

        
        echo '<table border = "1">
            <tr bgcolor="#cccccc">
                <td>Username</td>
                <td>Last Name</td>
                <td>First Name</td>
                <td>E-Mail Address</td>
                <td>Account status</td>
                <td>Lockout</td>
            </tr>'
;
            
        echo "<tr><td><strong>".$LDAP_samaccountname."</strong></td>";
        echo "<td>";
        echo AD_Entries($GetEntries,'sn');
        echo "</td>";
        echo "<td>";
        echo AD_Entries($GetEntries,'givenname');
        echo "</td>";
        echo "<td>";
        echo AD_Entries($GetEntries,'mail');
        echo "</td>";
        echo "<td>".$LDAP_status."</td>";
        echo "<td>".$LDAP_lockout."</td></tr>";
    
    }

    
    if (isset($_POST['code']) && !empty($_POST['code'])){
        $code = htmlspecialchars ($_POST['code']);
    }

    
    if (!empty($code)){
        if ($code == $test){
            echo "good";
        }

        else{
            echo "bad";
            echo "<br>";
            echo "line 149 &nbsp" . $code;
            echo "<br>";
            echo "line 151 &nbsp" . $test;
        }
    }

    
    if (!empty($test)){
        echo "line 156 &nbsp" . $test;
        ?>


<div class="code">
<form method="post">
Code: <input type="text" name="code">
<input type="submit">
</form>
</div>

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?php
    }
    
 //END for loop
}

ldap_unbind($ldapconn); // Clean up after ourselves.
echo("</table>"); //close the table

/*
To unlock:
$acctEntry["lockouttime"][0] = '1';
$mod = ldap_modify($ds, $dn, $acctEntry);

To lock:
$acctEntry["lockouttime"][0] = '0';
$mod = ldap_modify($ds, $dn, $acctEntry);

To enable:
$acctEntry["useraccountcontrol"][0] = '512';
$mod = ldap_modify($ds, $dn, $acctEntry);

To disable:
$acctEntry["useraccountcontrol"][0] = '514';
$mod = ldap_modify($ds, $dn, $acctEntry);

[mail]
https://blog.edmdesigner.com/sending-email-with-php/
*/


?>


functions.php

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php

function AD_Entries($GetEntries,$Entries){
            for ($x=0; $x<$GetEntries['count']; $x++){
                Switch ($Entries){
                    default:

                        $LDAP_Entries = "";
                        if (!empty($GetEntries[$x][$Entries][0])){
                            $LDAP_Entries = $GetEntries[$x][$Entries][0];
                            if ($LDAP_Entries == "NULL"){
                                $LDAP_Entries = "";
                            }
                        }

                        return $LDAP_Entries;
                }
            }
        }


function
Send_mail($to){
    $msg = uniqid();
    $headers = 'From: ict.security.nl@sbdinc.com' . "\r\n" .
        'Reply-to: ict.security.nl@sbdinc.com' . "\r\n" .
        'X-Mailer: PHP/' . phpversion();
        
    $mail= mail($to,'Test',$msg,$headers);
        if($mail){
            echo "message has been sent <br/>";
            return $msg;
        }

        else {
            echo "error";
        }
        
}
    
        
?>
 
PHP hulp

PHP hulp

19/06/2019 18:06:14
 
Underdogg W

underdogg W

19/03/2019 15:28:01
Quote Anchor link
Ik heb het opgelost. Hier is de code:

<html>

<form name="form1" method="post">
Username: <input type="text" name="username">
<input type="submit" value="submit">
</form>

<br/>

<form name="form2" method="post">
Code: <input type="password" name="code">
<input type="submit" value="submit">
</form>

</html>

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
<?php

session_start();

//------------------
// Connect to the LDAP server
//------------------

include '../Beheer/psl-config.php';
include '../Beheer/functions.php';

$ldapconn = ldap_connect($ADserver)
    or die("Could not connect to LDAP server.");

if (FALSE === $ldapconn){
    die("<p>Failed to connect to the LDAP server </p>");
}


ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)
    or die("Unable to set LDAP protocol version");

ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); //we need this for doing an LDAP search


if (TRUE !== ldap_bind($ldapconn, $ldaprdn, $ldappass)){
    die("<p>Failed to bind to LDAP server.</p>");    
}


    //------------------
    // Get a list of all AD users
    // https://www.geekshangout.com/php-example-get-data-active-directory-via-ldap/
    //------------------

if(isset($_POST['username']) && !empty($_POST['username'])){
    $username = htmlspecialchars ($_POST['username']);
}


if(isset($_POST['code']) && !empty($_POST['code'])){
        $code = htmlspecialchars ($_POST['code']);
        $_SESSION["code"] = $code;
}


$ldap_filter = "(&(objectCategory=user)(samaccountname=$username))";
$result = ldap_search($ldapconn, $ldap_base, $ldap_filter)
    or die ("Error in search query:".ldap_error($ldapconn));

if (FALSE !== $result){
    $GetEntries = ldap_get_entries($ldapconn, $result);
    $FirstEntry = ldap_first_entry($ldapconn, $result);  
    
    // For each account returned by AD    
    for ($x=0; $x<$GetEntries['count']; $x++){
            
        //
        //Retrieve values from AD
        //
        
        //Windows Username

        $LDAP_samaccountname = "";
        if (!empty($GetEntries[$x]['samaccountname'][0])){
            $LDAP_samaccountname = $GetEntries[$x]['samaccountname'][0];
            if ($LDAP_samaccountname == "NULL"){
                $LDAP_samaccountname = "";
            }
        }

        else {
            //#There is no samaccountname s0 assume this is an AD contact record so generate a unique username
            $LDAP_uSNCreated = $GetEntries[$x]['usncreated'][0];
            $LDAP_samaccountname = "CONTACT_" . $LDAP_uSNCreated;
        }

        
        //account status
        $LDAP_status= "";
        if (!empty($GetEntries[$x]['useraccountcontrol'][0])){
            $LDAP_status = $GetEntries[$x]['useraccountcontrol'][0];
            if ($LDAP_status == "NULL"){
                $LDAP_status = "";
            }

            if ($LDAP_status == "16"){
                $LDAP_status = "Lockout";
            }

            if ($LDAP_status == "512"){
                $LDAP_status = "Enabled";
            }

            if ($LDAP_status == "514"){
                $LDAP_status = "Disabled";
            }

            if ($LDAP_status == "544"){
                $LDAP_status = "Enabled, Password not required";
            }

            if ($LDAP_status == "546"){
                $LDAP_status = "Disabled, Password not required";
            }

            if ($LDAP_status == "66048"){
                $LDAP_status = "Enabled, Password doesn't expire";
            }

            if ($LDAP_status == "66050"){
                $LDAP_status = "Disabled, Password doesn't expire";
            }
        }

        
        //Lockout
        $LDAP_lockout= "";
        $lockoutTime = ldap_get_values($ldapconn, $FirstEntry, "lockoutTime");
        if ($lockoutTime[0] == 0){
            $LDAP_lockout = "No";
            $to = AD_Entries($GetEntries,'mail');
            $test = Send_mail($to);
            $_SESSION["test"] = $test;
            echo "line 124 &nbsp" . $test . "<br/>";
        }

        
        if ($lockoutTime[0] == 1){
            $LDAP_lockout = "Yes";
        }

        
        echo '<table border = "1">
            <tr bgcolor="#cccccc">
                <td>Username</td>
                <td>Last Name</td>
                <td>First Name</td>
                <td>E-Mail Address</td>
                <td>Account status</td>
                <td>Lockout</td>
            </tr>'
;
            
        echo "<tr><td><strong>".$LDAP_samaccountname."</strong></td>";
        echo "<td>";
        echo AD_Entries($GetEntries,'sn');
        echo "</td>";
        echo "<td>";
        echo AD_Entries($GetEntries,'givenname');
        echo "</td>";
        echo "<td>";
        echo AD_Entries($GetEntries,'mail');
        echo "</td>";
        echo "<td>".$LDAP_status."</td>";
        echo "<td>".$LDAP_lockout."</td></tr>";
        
    }
}
        
        
if(!empty($_SESSION["code"]) && !empty($_SESSION["test"])){
    if ($_SESSION["code"] == $_SESSION["test"]){
            echo "good";
            session_destroy();
        }

        else{
            echo "bad";
            echo "<br>";
            echo "<br/>" . $_SESSION["code"];
            echo "<br>";
            echo "<br/>" . $_SESSION["test"];
            session_destroy();
        }
}
    
 //END for loop

ldap_unbind($ldapconn); // Clean up after ourselves.
echo("</table>"); //close the table

/*
To unlock:
$acctEntry["lockouttime"][0] = '1';
$mod = ldap_modify($ds, $dn, $acctEntry);

To lock:
$acctEntry["lockouttime"][0] = '0';
$mod = ldap_modify($ds, $dn, $acctEntry);

To enable:
$acctEntry["useraccountcontrol"][0] = '512';
$mod = ldap_modify($ds, $dn, $acctEntry);

To disable:
$acctEntry["useraccountcontrol"][0] = '514';
$mod = ldap_modify($ds, $dn, $acctEntry);

[mail]
https://blog.edmdesigner.com/sending-email-with-php/
*/


?>
 



Overzicht Reageren

 
 

Om de gebruiksvriendelijkheid van onze website en diensten te optimaliseren maken wij gebruik van cookies. Deze cookies gebruiken wij voor functionaliteiten, analytische gegevens en marketing doeleinden. U vindt meer informatie in onze privacy statement.