taarly/PHP_AdminTool_Projekt
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2536d66c3e
PHP_AdminTool_Projekt/public/api/create_user.php
blaerf 9f0e534e20 develop (#28) 
Co-authored-by: tg95 <tg95@noreply.localhost>
Co-authored-by: Taarly <lownslow.music@gmail.com>
Co-authored-by: taarly <lownslow.music@gmail.com>
Co-authored-by: ViperioN1339 <stezel1989@outlook.de>
Co-authored-by: MuchenTuchen31 <yasin.mine31@gmail.com>
Reviewed-on: https://git.eckertplayground.de/taarly/PHP_AdminTool_Projekt/pulls/28
Co-authored-by: blaerf <blaerf@gmx.de>
Co-committed-by: blaerf <blaerf@gmx.de>
2025-12-17 14:28:04 +00:00

165 lines
5.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
session_start();
// Load config
$config = require __DIR__ . '/../../config/config.php';
// Simple login check (same as index.php)
$sessionKey = $config['security']['session_key_user'] ?? 'admin_user';
if (!isset($_SESSION[$sessionKey])) {
header('Location: ../index.php?route=login');
exit;
}
// Only accept POST
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: ../index.php?route=createuser');
exit;
}
// Basic input validation
$sam = trim((string)($_POST['samaccountname'] ?? ''));
$display = trim((string)($_POST['displayname'] ?? ''));
$mail = trim((string)($_POST['mail'] ?? ''));
$pass = (string)($_POST['password'] ?? '');
$ou = trim((string)($_POST['ou'] ?? ''));
$groups = trim((string)($_POST['groups'] ?? ''));
if ($sam === '' || $pass === '') {
$_SESSION['flash_error'] = 'Anmeldename und Passwort sind erforderlich.';
header('Location: ../index.php?route=createuser');
exit;
}
// Server-side password validation (same rules as CSV script)
$passwordHint = "Das Passwort muss mindestens 7 Zeichen lang sein, darf keine größeren Teile des Benutzernamens enthalten und muss Zeichen aus mindestens 3 von 4 Kategorien enthalten: Großbuchstaben, Kleinbuchstaben, Ziffern, Sonderzeichen.";
function validate_password_php(string $password, string $sam): array {
$errors = [];
if ($password === '' || mb_strlen($password) < 7) {
$errors[] = 'Passwort muss mindestens 7 Zeichen lang sein.';
}
$categories = 0;
if (preg_match('/[A-Z]/u', $password)) $categories++;
if (preg_match('/[a-z]/u', $password)) $categories++;
if (preg_match('/\d/', $password)) $categories++;
if (preg_match('/[^A-Za-z0-9]/u', $password)) $categories++;
if ($categories < 3) {
$errors[] = 'Passwort muss Zeichen aus mindestens 3 von 4 Kategorien enthalten.';
}
$samLower = mb_strtolower($sam);
$pwLower = mb_strtolower($password);
if ($samLower !== '' && mb_strpos($pwLower, $samLower) !== false) {
$errors[] = 'Passwort darf den Benutzernamen nicht enthalten.';
} else {
$minLen = 4;
if (mb_strlen($samLower) >= $minLen) {
$samLen = mb_strlen($samLower);
for ($len = $minLen; $len <= $samLen; $len++) {
for ($start = 0; $start <= $samLen - $len; $start++) {
$sub = mb_substr($samLower, $start, $len);
if (mb_strpos($pwLower, $sub) !== false) {
$errors[] = 'Passwort darf keine größeren Teile des Benutzernamens enthalten.';
break 2;
}
}
}
}
}
return $errors;
}
$pwErrors = validate_password_php($pass, $sam);
if (count($pwErrors) > 0) {
$_SESSION['flash_error'] = 'Ungültiges Passwort: ' . implode(' | ', $pwErrors) . "\n\nHinweis: $passwordHint";
header('Location: ../index.php?route=createuser');
exit;
}
if ($ou === '') {
$defaultOu = (string)($config['powershell']['default_ou'] ?? '');
if ($defaultOu !== '') {
$ou = $defaultOu;
}
}
// Build payload
$payload = [
'samaccountname' => $sam,
'displayname' => $display,
'mail' => $mail,
'password' => $pass,
'ou' => $ou,
'groups' => $groups,
'dry_run' => (bool)($config['powershell']['dry_run'] ?? false),
];
// Write payload to temp file
$tmpFile = tempnam(sys_get_temp_dir(), 'create_user_') . '.json';
file_put_contents($tmpFile, json_encode($payload, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
// Build PS script path
$scriptDir = $config['powershell']['script_dir'] ?? __DIR__ . '/../../scripts/powershell';
$script = $scriptDir . DIRECTORY_SEPARATOR . 'create_user.ps1';
$exe = $config['powershell']['exe'] ?? 'powershell';
$executionPolicy = $config['powershell']['execution_policy'] ?? 'Bypass';
$cmd = sprintf(
'%s -NoProfile -NonInteractive -ExecutionPolicy %s -File "%s" -InputFile "%s"',
$exe,
$executionPolicy,
$script,
$tmpFile
);
// Execute and capture output and exit code
$output = [];
$returnVar = null;
if (!file_exists($script)) {
$_SESSION['flash_error'] = 'PowerShell-Skript nicht gefunden: ' . $script;
@unlink($tmpFile);
header('Location: ../index.php?route=createuser');
exit;
}
// Try to locate the PowerShell executable
$exePathCheck = shell_exec(sprintf('where %s 2>NUL', escapeshellarg($exe)));
if ($exePathCheck === null) {
// 'where' returns null when command fails; continue anyways, exec will fail if not found
}
exec($cmd . ' 2>&1', $output, $returnVar);
$json = implode("\n", $output);
// Optional: write raw output into logs for debugging
@file_put_contents(__DIR__ . '/../logs/create_user_output.log', date('Y-m-d H:i:s') . ' CMD: ' . $cmd . "\n" . $json . "\n\n", FILE_APPEND | LOCK_EX);
@unlink($tmpFile);
// Try to parse JSON output
$result = null;
if ($json !== '') {
$decoded = json_decode($json, true);
if (is_array($decoded)) {
$result = $decoded;
}
}
if ($result === null) {
$_SESSION['flash_error'] = 'Unbekannter Fehler beim Ausführen des PowerShell-Skripts: ' . ($json ?: 'Keine Ausgabe');
header('Location: ../index.php?route=createuser');
exit;
}
if (!empty($result['success'])) {
$_SESSION['flash_success'] = $result['message'] ?? 'Benutzer erfolgreich erstellt.';
} else {
$_SESSION['flash_error'] = $result['message'] ?? 'Fehler beim Erstellen des Benutzers.';
}
header('Location: ../index.php?route=createuser');
exit;
Reference in New Issue View Git Blame Copy Permalink