| <?php |
| /* |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| define("ONLINEDEBUG", 1); // 1 to display errors to screen, 0 to email errors |
| |
| |
| ################ Things in this section must be modified/reviewed ##################### |
| |
| define("HELPURL", "https://vcl.example.org/help/"); // URL pointed to by the "Help" link in the navigation area |
| define("HELPEMAIL", "vcl_help@example.org"); // if an unexpected error occurs, users will be prompted that they can email |
| // this address for further assistance |
| define("ERROREMAIL", "webmaster@example.org"); // if an unexpected error occurs, the code will send an email about it to |
| // to this address |
| define("ENVELOPESENDER", "webserver@example.org"); // email address for envelope sender of mail messages |
| // if a message gets bounced, it goes to this address |
| |
| date_default_timezone_set('America/New_York'); // set this to your timezone; a list of available values can |
| // be found at http://php.net/manual/en/timezones.php |
| |
| define("DEFAULTLOCALE", "en_US"); // default locale for the site |
| |
| // Any time someone creates a new image, they will be required to agree to a click through |
| // agreement. This is the text that will be displayed that the user must agree to. |
| // Place a '%s' where you want the 'I agree' and 'I do not agree' buttons to be placed. |
| // PLEASE NOTE: you at least need to change the email address |
| $clickThroughText = |
| "<center><h2>Installer Agreement</h2></center> |
| <p>As the creator of the VCL image, you are responsible for understanding and |
| complying with the terms and conditions of the license agreement(s) for all |
| software installed within the VCL image.</p> |
| |
| <p>Please note that many licenses for instructional use do not allow research |
| or other use. You should be familiar with these license terms and |
| conditions, and limit the use of your image accordingly.</p> |
| |
| %s |
| |
| <p>** If you have software licensing questions or would like assistance |
| regarding specific terms and conditions, please contact |
| <a href=mailto:software@example.org>software@example.org</a>.</p>"; |
| |
| |
| ####################### end required modifications ########################### |
| $host = $_SERVER['HTTP_HOST']; |
| if (strpos($host, ':')) { |
| $host = substr($host, 0, strpos($host, ':')); |
| } |
| |
| define("BASEURL", "https://{$_SERVER['HTTP_HOST']}/vcl"); // no trailing slash - all of the URL except /index.php |
| define("SCRIPT", "/index.php"); // this should only be "/index.php" unless you rename index.php to something else |
| define("HOMEURL", "https://{$_SERVER['HTTP_HOST']}/vcl/"); // url to go to when someone clicks HOME or Logout |
| define("COOKIEDOMAIN", "$host"); // domain in which cookies are set |
| |
| define("DEFAULTGROUP", "adminUsers"); // if a user is in no groups, use reservation |
| // length attriubtes from this group |
| define("DEFAULT_AFFILID", 1); |
| define("DAYSAHEAD", 4); // number of days after today that can be scheduled |
| define("DEFAULT_PRIVNODE", 2); |
| define("SCHEDULER_ALLOCATE_RANDOM_COMPUTER", 0); // set this to 1 to have the scheduler assign a randomly allocated |
| // computer of those available; set to 0 to assign the computer with |
| // the best combination of specs |
| define("PRIV_CACHE_TIMEOUT", 15); // time (in minutes) that we cache privileges in a session before reloading them |
| /// defines the min number of block request machines |
| define("MIN_BLOCK_MACHINES", 1); |
| /// defines the max number of block request machines |
| define("MAX_BLOCK_MACHINES", 70); |
| /// defines the URL used for the Documentation link in the navigation list |
| define("DOCUMENTATIONURL", "https://cwiki.apache.org/confluence/display/VCL/Using+VCL"); |
| define("USEFILTERINGSELECT", 1); // set to 1 to use a dojo filteringselects for some of the select boxes |
| // the filteringselect can be a little slow for a large number of items |
| define("FILTERINGSELECTTHRESHOLD", 1000); // if USEFILTERINGSELECT = 1, only use them for selects up to this size |
| |
| define("SEMTIMEOUT", "45"); |
| |
| define("DEFAULTTHEME", 'default'); // this is the theme that will be used for the login screen and when the site is placed in maintenance if $_COOKIE['VCLSKIN'] is not set |
| define("HELPFAQURL", "http://vcl.example.org/help-faq/"); |
| |
| define("ALLOWADDSHIBUSERS", 0); // this is only related to using Shibboleth authentication for an affiliation that does not |
| // also have LDAP set up (i.e. affiliation.shibonly = 1) |
| // set this to 1 to allow users be manually added to VCL before they have ever logged in |
| // through things such as adding a user to a user group or directly granting a user a |
| // privilege somewhere in the privilege tree. Note that if you enable this and typo |
| // a userid, there is no way to verify that it was entered incorrectly so the user |
| // will be added to the database with the typoed userid |
| |
| define("MAXINITIALIMAGINGTIME", 720); // for imaging reservations, users will have at least this long as the max selectable duration |
| |
| define("MAXSUBIMAGES", 5000); // maximum allowed number for subimages in a config |
| |
| $ENABLE_ITECSAUTH = 0; // use ITECS accounts (also called "Non-NCSU" accounts) |
| |
| # xmlrpcBlockAPIUsers is an array of ids from user table for users that are |
| # allowed to call XMLRPC functions designed specifically to be called by vcld |
| $xmlrpcBlockAPIUsers = array(3, # 3 = vclsystem |
| ); |
| |
| # boolean value of 0 or 1 to enable documentation links on login page and page |
| # where authentication method is selected |
| # 0 = disables; 1 = enabled |
| define("NOAUTH_HOMENAV", 0); |
| |
| # boolean value of 0 or 1 to control logging of non SELECT database queries for auditing or debugging purposes; queries are logged to the querylog table |
| define("QUERYLOGGING", 1); |
| |
| # boolean value of 0 or 1 to control logging of XMLRPC calls for auditing or debugging purposes; queries are logged to the xmlrpcLog table |
| define("XMLRPCLOGGING", 1); |
| |
| # documentation links to display on login page and page |
| # where authentication method is selected when NOAUTH_HOMENAV is set to 1 |
| $NOAUTH_HOMENAV = array ( |
| "What is VCL" => "http://vcl.apache.org/", |
| "How to use VCL" => "https://cwiki.apache.org/confluence/display/VCL/Using+VCL", |
| "Report a Problem" => "mailto:" . HELPEMAIL, |
| ); |
| |
| @require_once(".ht-inc/secrets.php"); |
| |
| $authMechs = array( |
| "Local Account" => array("type" => "local", |
| "affiliationid" => 1, |
| "help" => "Only use Local Account if there are no other options"), |
| /*"Shibboleth (UNC Federation)" => array("type" => "redirect", |
| "URL" => "https://federation.northcarolina.edu/wayf/wayf_framed.php?fed=FED_SHIB_UNC_DEV&version=dropdown&entityID=https%3A%2F%2Fvcl.ncsu.edu%2Fsp%2Fshibboleth&return=http%3A%2F%2Fvcl.ncsu.edu%2FShibboleth.sso%2FDS%3FSAMLDS%3D1%26target%3Dhttp%3A%2F%2Fvcl.ncsu.edu%2Fscheduling%2Fshibauth%2F", |
| "affiliationid" => 0, // this should always be 0 for Shibboleth authentication |
| "help" => "Use Shibboleth (UNC Federation) if you are from a University in the UNC system and do not see another method specifically for your university"),*/ |
| /*"EXAMPLE1 LDAP" => array("type" => "ldap", |
| "server" => "ldap.example.com", # hostname of the ldap server |
| "binddn" => "dc=example,dc=com", # base dn for ldap server |
| "userid" => "%s@example.com", # this is what we add to the actual login id to authenticate a user via ldap |
| # use a '%s' where the actual login id will go |
| # for example1: 'uid=%s,ou=accounts,dc=example,dc=com' |
| # example2: '%s@example.com' |
| # example3: '%s@ad.example.com' |
| "unityid" => "samAccountName", # ldap field that contains the user's login id |
| "firstname" => "givenname", # ldap field that contains the user's first name |
| "lastname" => "sn", # ldap field that contains the user's last name |
| "email" => "mail", # ldap field that contains the user's email address |
| "defaultemail" => "@example.com", # if for some reason an email address may not be returned for a user, this is what |
| # can be added to the user's login id to send mail |
| "masterlogin" => "vcluser", # privileged login id for ldap server |
| "masterpwd" => "*********", # privileged login password for ldap server |
| "affiliationid" => 3, # id from affiliation id this login method is associated with |
| "lookupuserbeforeauth" => 0, # set this to 1 to have VCL use masterlogin to lookup the full DN of the user |
| # and use that for the ldap bind to auth the user instead of just using the userid |
| # field from above |
| "lookupuserfield" => '', # if lookupuserbeforeauth is set to 1, this is the attribute to use to search in ldap |
| # for the user. Typically either 'cn', 'uid', or 'samaccountname' |
| "help" => "Use EXAMPLE1 LDAP if you are using an EXAMPLE1 account"), # message to be displayed on login page about when |
| # to use this login mechanism*/ |
| ); |
| |
| $affilValFunc = array(); |
| $affilValFuncArgs = array(); |
| $addUserFunc = array(); |
| $addUserFuncArgs = array(); |
| $updateUserFunc = array(); |
| $updateUserFuncArgs = array(); |
| foreach($authMechs as $key => $item) { |
| if($item['type'] == 'ldap') { |
| $affilValFunc[$item['affiliationid']] = 'validateLDAPUser'; |
| $affilValFuncArgs[$item['affiliationid']] = $key; |
| $addUserFunc[$item['affiliationid']] = 'addLDAPUser'; |
| $addUserFuncArgs[$item['affiliationid']] = $key; |
| $updateUserFunc[$item['affiliationid']] = 'updateLDAPUser'; |
| $updateUserFuncArgs[$item['affiliationid']] = $key; |
| } |
| elseif($item['type'] == 'local') { |
| $affilValFunc[$item['affiliationid']] = create_function('', 'return 0;'); |
| $addUserFunc[$item['affiliationid']] = create_function('', 'return NULL;'); |
| $updateUserFunc[$item['affiliationid']] = create_function('', 'return NULL;'); |
| } |
| } |
| |
| $findAffilFuncs = array("testGeneralAffiliation"); |
| |
| #require_once(".ht-inc/authmethods/itecsauth.php"); |
| #require_once(".ht-inc/authmethods/ldapauth.php"); |
| #require_once(".ht-inc/authmethods/shibauth.php"); |
| ?> |