Make this work behind https frontend proxy

entrypoint

@@ -20,11 +20,15 @@ if [ "$LDAP_TLS_CACERT" ]; then
   sed -i "s/TLS_CACERT.*/TLS_CACERT \/opt\/ca.crt/" /etc/ldap/ldap.conf
 fi
 
+if [ -z ${HTTP_PORT+x} ]; then HTTP_PORT=80; fi
+
 if [ "${NO_HTTPS,,}" == "true" ]; then
 
+  echo "Listen $HTTP_PORT" > /etc/apache2/ports.conf
+
   cat <<EoHTTPC >/etc/apache2/sites-enabled/lum.conf
 
-<VirtualHost *:80>
+<VirtualHost *:$HTTP_PORT>
 
  ServerName $SERVER_HOSTNAME
  DocumentRoot $php_dir

www/account_manager/show_group.php

@@ -11,6 +11,7 @@
 render_submenu();
 
 $ldap_connection = open_ldap_connection();
+$initialise_group = FALSE;
 
 
 if (!isset($_POST['group_name']) and !isset($_GET['group_name'])) {
@@ -279,7 +280,7 @@ function update_form_with_users() {
          <button class="btn btn-default btn-sm move-right">
           <span class="glyphicon glyphicon-chevron-right"></span>
          </button>
-         <form id="group_members" action="<?php print $CURRENT_PAGE; ?>" method="post">
+         <form id="group_members" action="<?php print "${THIS_MODULE_PATH}"; ?>/show_group.php" method="post">
           <input type="hidden" name="update_members">
           <input type="hidden" name="group_name" value="<?php print urlencode($group_cn); ?>">
           <?php if ($new_group == TRUE) { ?><input type="hidden" name="initialise_group"><?php } ?>

www/account_manager/show_user.php

@@ -499,7 +499,7 @@ function check_if_we_should_enable_sending_email() {
           <button class="btn btn-default btn-sm move-right">
            <span class="glyphicon glyphicon-chevron-right"></span>
           </button>
-          <form id="update_with_groups" action="<?php print $CURRENT_PAGE; ?>" method="post">
+          <form id="update_with_groups" action="<?php print "${THIS_MODULE_PATH}"; ?>/show_user.php" method="post">
            <input type="hidden" name="update_member_of">
            <input type="hidden" name="account_identifier" value="<?php print $account_identifier; ?>">
           </form>

www/includes/web_functions.inc.php

@@ -76,10 +76,13 @@ function set_passkey_cookie($user_id,$is_admin) {
  }
  $filename = preg_replace('/[^a-zA-Z0-9]/','_', $user_id);
  @ file_put_contents("/tmp/$filename","$passkey:$admin_val:$this_time");
- setcookie('orf_cookie', "$user_id:$passkey", $DEFAULT_COOKIE_OPTIONS);
- $sessto_cookie_opts = $DEFAULT_COOKIE_OPTIONS;
- $sessto_cookie_opts['expires'] = $this_time+7200;
- setcookie('sessto_cookie', $this_time+(60 * $SESSION_TIMEOUT), $sessto_cookie_opts);
+
+
+ setcookie('orf_cookie', "$user_id:$passkey", $this_time+(60 * $SESSION_TIMEOUT), '/', '', '', TRUE);
+ setcookie('sessto_cookie', $this_time+(60 * $SESSION_TIMEOUT), $this_time+7200, '/', '', '', TRUE);;
+
+
+
  if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Session: user $user_id validated (IS_ADMIN=${IS_ADMIN}), sent orf_cookie to the browser.",0); }
  $VALIDATED = TRUE;
 
@@ -155,7 +158,7 @@ function set_setup_cookie() {
 
  file_put_contents("/tmp/ldap_setup","$passkey:$this_time");
 
- setcookie('setup_cookie', $passkey, $DEFAULT_COOKIE_OPTIONS);
+ setcookie('setup_cookie', "$passkey", $this_time+(60 * $SESSION_TIMEOUT), '/', '', '', TRUE);
 
  if ( $SESSION_DEBUG == TRUE) {  error_log("$log_prefix Setup session: sent setup_cookie to the client.",0); }
 
@@ -213,8 +216,8 @@ function log_out($method='normal') {
  $sessto_cookie_opts = $DEFAULT_COOKIE_OPTIONS;
  $sessto_cookie_opts['expires'] = $this_time-20000;
 
- setcookie('orf_cookie', "", $DEFAULT_COOKIE_OPTIONS);
- setcookie('sessto_cookie', "", $DEFAULT_COOKIE_OPTIONS);
+ setcookie('orf_cookie', "", time()-20000, '/', '', '', TRUE);
+ setcookie('sessto_cookie', "", time()-20000, '/', '', '', TRUE);
 
  $filename = preg_replace('/[^a-zA-Z0-9]/','_', $USER_ID);
  @ unlink("/tmp/$filename");

www/log_in/index.php

@@ -5,6 +5,7 @@
 include "web_functions.inc.php";
 include "ldap_functions.inc.php";
 
+
 if (isset($_GET["unauthorised"])) { $display_unauth = TRUE; }
 if (isset($_GET["session_timeout"])) { $display_logged_out = TRUE; }
 if (isset($_GET["redirect_to"])) { $redirect_to = $_GET["redirect_to"]; }
@@ -31,16 +32,17 @@
 
   set_passkey_cookie($user_auth,$is_admin);
   if (isset($_POST["redirect_to"])) {
-   header("Location: //${_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");
+   //TODO: not sure if $SERVER_PATH is needed here
+   header("Location: //${_SERVER['HTTP_HOST']}" . $SERVER_PATH . base64_decode($_POST['redirect_to']) . "/\n\n");
   }
   else {
 
    if ($IS_ADMIN) { $default_module = "account_manager"; } else { $default_module = "change_password"; }
-   header("Location: //${_SERVER['HTTP_HOST']}${SERVER_PATH}$default_module?logged_in\n\n");
+     header("Location: //${_SERVER['HTTP_HOST']}" . $SERVER_PATH . $default_module . "/?logged_in\n\n");
   }
  }
  else {
-  header("Location: //${_SERVER['HTTP_HOST']}${THIS_MODULE_PATH}/index.php?invalid\n\n");
+    header("Location: //${_SERVER['HTTP_HOST']}" . $THIS_MODULE_PATH . "/index.php?invalid\n\n");
  }
 
 }