From 8dc358ded5d610b9378675d62c13c162e64fdee3 Mon Sep 17 00:00:00 2001
From: Marisa <leandromatias.martinez@gmail.com>
Date: Thu, 18 Dec 2025 09:24:35 -0500
Subject: [PATCH] Added phplogin.php

---
 entrypoint.sh | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 90 insertions(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index c27c3aa..e1d95fa 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -37,7 +37,8 @@ slapd -h "ldap:/// ldapi:///" -u openldap -g openldap &
 SLAPD_PID=$!
 sleep 8
 
-# Full tree with root entry
+# Full tree with root and users entries
+echo "--> Creating base.ldif with root and user entries"  
 cat > /tmp/base.ldif <<EOF
 dn: ${LDAP_BASE_DN}
 objectClass: top
@@ -75,6 +76,93 @@ homeDirectory: /home/marisa
 gecos: Marisa Kirisame
 EOF
 
+# Create phplogin.php with dynamic base DN
+echo "--> Creating phplogin.php with full users support"
+cat > /var/www/html/phplogin.php <<'EOF'
+<?php
+// Use the same logic as entrypoint.sh, but with better localhost handling
+$raw_host = $_SERVER['HTTP_HOST'] ?? 'example.com';
+$raw_host = preg_replace('/:\d+$/', '', $raw_host); // strip port if present
+
+if ($raw_host === 'localhost' || $raw_host === '127.0.0.1') {
+    // When testing locally via http://localhost → assume default example.com
+    $base_dn = 'dc=example,dc=com';
+} else {
+    // Normal case: build dc=... from real hostname
+    $host_parts = explode('.', $raw_host);
+    $base_dn = '';
+    foreach ($host_parts as $part) {
+        if ($part) $base_dn .= ($base_dn ? ',' : '') . 'dc=' . $part;
+    }
+    if (!$base_dn) $base_dn = 'dc=example,dc=com'; // ultimate fallback
+}
+
+$msg = '';
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = trim($_POST['username'] ?? '');
+    $password = $_POST['password'] ?? '';
+
+    if ($username && $password) {
+        $ldap = ldap_connect("ldap://127.0.0.1:389");
+        if ($ldap) {
+            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+            ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+
+            if (ldap_start_tls($ldap)) {
+                // First: try admin bind (no ou=People)
+                $admin_dn = "cn=admin,{$base_dn}";
+                if (@ldap_bind($ldap, $admin_dn, $password)) {
+                    $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome <strong>admin</strong> (full privileges)</p>";
+                }
+                // Second: if not admin, try regular user
+                elseif (@ldap_bind($ldap, "uid={$username},ou=People,{$base_dn}", $password)) {
+                    $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome {$username}</p>";
+                }
+                else {
+                    $msg = "<p style='color:red'>Invalid credentials</p>";
+                }
+            } else {
+                $msg = "<p style='color:red'>StartTLS failed</p>";
+            }
+            ldap_close($ldap);
+        } else {
+            $msg = "<p style='color:red'>Could not connect to LDAP server</p>";
+        }
+    } else {
+        $msg = "<p style='color:red'>Please fill both fields</p>";
+    }
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>ldapdock LDAP login</title>
+    <style>
+        body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; text-align: center; }
+        input, button { padding: 10px; margin: 5px; width: 100%; font-size: 16px; box-sizing: border-box; }
+        button { background: #007cba; color: white; border: none; cursor: pointer; }
+        .note { font-size: 0.9em; color: #666; }
+    </style>
+</head>
+<body>
+    <h1>ldapdock login</h1>
+    <p>Server base DN: <strong><?= htmlspecialchars($base_dn) ?></strong></p>
+    <?= $msg ?>
+    <form method="post">
+        <input type="text" name="username" placeholder="Username (marisa or admin)" required autofocus>
+        <input type="password" name="password" placeholder="Password" required>
+        <button type="submit">Login</button>
+    </form>
+    <hr>
+    <div class="note">
+        <strong>Test accounts:</strong><br>
+        Regular user: <code>marisa</code> / password: <code>MarisaNewPass2025</code><br>
+        Admin user: <code>admin</code> / password: <code>admin</code>
+    </div>
+</body>
+</html>
+EOF
+
 ADMIN_DN="cn=admin,${LDAP_BASE_DN}"
 ADMIN_PW="admin"
 
@@ -272,6 +360,7 @@ fi
 echo "--> ldapdock ready — OpenLDAP + Apache + PHP running"
 echo "   → LDAP: 389/636"
 echo "   → PHPinfo: https://localhost/info.php"
+echo "   → PHPlogin test: https://localhost/phplogin.php"
 echo "   → Shell: /bin/bash"
 echo "   → Exit with CTRL+D or 'exit' command"