allow numbers in username
1 file changed
tree: e0cfa82d251adbc0c174cd2edf93cfe6fdaca9e7
  1. blacklists/
  2. html/
  3. static/
  4. captcha.php
  5. composer.json
  6. config.php.example
  7. index.php
  8. ldap.php
  9. LICENSE
  10. mail.php
  11. README.md
  12. redis.php
  13. utils.php
README.md

LDAP SIGNUP

This is a simple registration script for ldap written fully in php that will allow you to have a registration page that does all the form validation, mail confirmation and allowing some basic configuration.

Registration process

  1. The user fill the forms and the captcha
  2. All the input data is validated on the backend. There are blacklists for email hosts, usernames, passwords. There are basic filters like not starting usernames with numbers, not include special characters on the names or username and etc...
  3. If the data is not valid only the wrong input fields are cleaned and we are back to step 1.
  4. If the data is right the confirmation mail is sent. You can use two smtp clients, one to act first and another to act as a fallback when the user clicks on "did not receive? Resend email". You can also configure the fallback smtp to be used at first for some email hosts.
  5. The email and token is cached on redis and has a expiration time (1 hour by default). When the user open the url with the confirmation token the user will be added to the configured ldap organization (BASE_DN).
  6. You can limit captcha requests and registrations requests per ip hourly.

Dependencies

  • install openldap on your server like on this tutorial for example
  • An http + php server like apache or nginx
  • install the php-ldap module and composer
  • redis configured with a password
  • imagemagick, ocrad and the php dependencies. For ubuntu:
sudo apt install redis php-pear composer ocrad imagemagick
sudo pear install mail
sudo pear install Net_SMTP
sudo pear install Auth_SASL
sudo pear install mail_mime

Installation

Clone or download this repository to some path and run: composer install Copy the example config to the right place: mv config.php.example config.php Then create a corresponding server vhost and a location like this(nginx):

location /signup {
   alias   /var/www/html/;
   index  index.php;

   location ~ ^/signup/(captcha\.php|index\.php) {
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_pass unix:/run/php/php7.4-fpm.sock;                      
      include fastcgi_params;                                          
   }                                                                    
   location ~ ^/signup/static/.*(\.html|\.css|\.js)$ {                  
      root /var/www/html/;                                             
      try_files $uri =404;                                             
   }                                                                               
   location  ~ ^/ {                                   
      rewrite ^ /signup/index.php;                                     
   }
}

Add your BASE_URL and other configuration options to the config.php and you might be ready to go!

Customization

If you want to add custom css, javascript or html you can do it by editing the files on the static/ folder but be aware that all of them are loaded for any page of the registration process.

The pages you might face inside the registration process are inside the html/ folder. You can customized those templates like to add your site url in the end of registration, add a navbar to head.htm and so on.

The blacklists/ Folder contains usernames.php and passwords.php which are lists of usernames and passwords that won't be allowed.

config.php

The example config contains many comments and the variables are self explanatory. What you need to set up to get going is your redis password, LDAP's USER, PORT, PASSWORD and HOST. You need to set SMTP and you can set $FALLBACK_SMTP = $SMTP if you don't want to use the fallback feature.

On the BASE_DN variable, '{}' will be replaced by the username.

Don't forget to set your BASE_URL correctly. That is the url the log in page will be presented on, it will end with /signup if you used the example nginx location.

Also you might want to change the email template (MAIL_TEMPLATE variable). It has both a text and a html parameter.

You can also blacklist email services with the MAIL_HOST_BLACKLIST. User registering with those mail services won't be allowed.

MAIL_HOST_DIRECT_FALLBACK variable if set will cause the FALLBACK_SMTP to be used instead of SMTP if the user is trying to register with an email host that is on that list.