From 06613ce962cb5a707598315e8bc15a54891b8273 Mon Sep 17 00:00:00 2001
From: HugoTH85 <tricoirehugo@gmail.com>
Date: Wed, 6 Mar 2024 15:54:04 +0100
Subject: [PATCH] Changes about some reverse-proxy and LDAP issues

---
 www/include/auth/ldap.class.php       | 26 +++++++++++++++++++++++++-
 www/include/functions_general.inc.php |  2 +-
 www/index.php                         |  2 +-
 www/logout.php                        | 13 +++++--------
 4 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/www/include/auth/ldap.class.php b/www/include/auth/ldap.class.php
index 1e28ee83..b1a03200 100644
--- a/www/include/auth/ldap.class.php
+++ b/www/include/auth/ldap.class.php
@@ -55,7 +55,31 @@ function auth_ldap(){
      * @return  bool
      */
     function checkPass($user,$pass){
-        // reject empty password
+	global $base;
+        $ldap_conf="{$base}/local/config/auth_ldap.config.php";
+
+        //Opening of the LDAP conf file
+        $confFile=fopen($ldap_conf,"r");
+
+        // This list can be modified depending on the LDAP config file
+        $var=['debug','version','server','usertree','grouptree','groupfilter'];
+
+        for ($i=0;$i<count($var);$i++){
+                $reading=fgets($confFile);
+                while($reading[0]!="$"){
+                        $reading=fgets($confFile);
+                };
+                $string=explode(" = '",$reading);
+                $this->cnf[$var[$i]]=explode("';",$string[1])[0];
+        };
+
+        // This 2 variables below can be modified depending on the LDAP configuration you have
+        $this->cnf['port']=389;
+        $this->cnf['groupkey']='cn';
+
+        fclose($confFile);    
+	    
+	// reject empty password
         if(empty($pass)) return false;
         if(!$this->_openLDAP()) return false;
 
diff --git a/www/include/functions_general.inc.php b/www/include/functions_general.inc.php
index a7fed87b..24e9bc14 100644
--- a/www/include/functions_general.inc.php
+++ b/www/include/functions_general.inc.php
@@ -1263,7 +1263,7 @@ function startSession() {
       session_set_cookie_params([
         'lifetime' => $conf['cookie_life'],
         'path' => '/',
-        'domain' => $_SERVER['SERVER_NAME'],
+        'domain' => $_SERVER['HTTP_HOST'],
         'secure' => $secure,
         'httponly' => true,
         'samesite' => 'Strict'
diff --git a/www/index.php b/www/index.php
index 597c4551..5318c67a 100644
--- a/www/index.php
+++ b/www/index.php
@@ -16,7 +16,7 @@
 // You can enable or disable this by setting the "disable_guest" sysconfig option
 if (!$_SESSION['ona']['auth']['user']['username'] and !$conf['disable_guest']) {
     $_SESSION['ona']['auth']['user']['username'] = 'guest';
-    list($status, $js) = get_authentication('guest','guest');
+    list($status, $js) = get_authentication('guest','test');
     get_perms('guest');
 }
 
diff --git a/www/logout.php b/www/logout.php
index b50d4aa6..38372ce2 100644
--- a/www/logout.php
+++ b/www/logout.php
@@ -13,7 +13,9 @@
 // Log the user out and redirect them to the login page:
 
 // Print a logout message
-printmsg("INFO => [Desktop] {$_SESSION['ona']['auth']['user']['username']} has logged out",0);
+if(isset($_SESSION['ona']['auth']['user']['username'])){
+        printmsg("INFO => [Desktop] {$_SESSION['ona']['auth']['user']['username']} has logged out",0);
+}
 
 // Unset session info relating to their account
 if(isset($_SESSION['ona']['auth'])) {
@@ -23,12 +25,7 @@
 session_destroy();
 
 // Print javascript to redirect them to https so they can login again
-echo <<<EOL
-<html><body>
-<script type="text/javascript"><!--
-    window.location = "{$https}{$baseURL}/";
---></script>
-</body></html>
-EOL;
+header("Location: index.php");
+exit();
 
 ?>