diff --git a/website_code/php/login_library.php b/website_code/php/login_library.php index 94b50b5462..d0d0e66e8a 100644 --- a/website_code/php/login_library.php +++ b/website_code/php/login_library.php @@ -1,130 +1,121 @@ - 'givenname', 'lastname' => 'sn'); - $ldap_search_attr = array('firstname' => 'givenname', 'lastname' => 'sn'); + $ldapbind = null; - $ldapbind = null; + $ds = @ldap_connect($host, (int)$port); + if(!$ds) { + _debug("Failed to connect to LDAP server - something is probably slightly wrong - " . ldap_error()); + return false; + } - $ds = @ldap_connect($host, (int)$port); + if($bind_pwd!=""){ - if($bind_pwd!=""){ - - @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if ($ds) { - if ($bind_dn != '') { + if ($bind_dn != '') { - $ldapbind = @ldap_bind($ds, $bind_dn, $bind_pwd); + $ldapbind = @ldap_bind($ds, $bind_dn, $bind_pwd); - $sr = @ldap_search($ds, $basedn, "cn=" . $toolkits_username, array_values($ldap_search_attr)); + $sr = @ldap_search($ds, $basedn, "cn=" . $toolkits_username, array_values($ldap_search_attr)); - if(!$sr){ + if(!$sr){ - /* - * login has failed - */ + /* + * login has failed + */ - ldap_close($ds); - - return false; - - } + ldap_close($ds); - - + return false; - $entry = ldap_get_entries($ds, $sr); + } - - if(! $entry or ! $entry[0]) { - ldap_close($ds); - return false; + $entry = ldap_get_entries($ds, $sr); - }else{ - - if(@ldap_bind($ds, $entry[0]['dn'], $password) ) { - /* - * valid login, so return true - */ - ldap_close($ds); - - return $entry; + if(! $entry or ! $entry[0]) { - } - - } + ldap_close($ds); - } - - }else{ - - /* - * login failed (possibly for technical reasons with LDAP) - */ - - ldap_close($ds); + return false; - return false; + }else{ - } + if(@ldap_bind($ds, $entry[0]['dn'], $password) ) { - }else{ + /* + * valid login, so return true + */ - $filter = $xerte_toolkits_site->LDAP_filter . $toolkits_username; + ldap_close($ds); - $ldapConnection = ldap_connect($host, (int)$port); - - $ldapSearchResult = @ldap_search($ldapConnection, $basedn, $filter ); - - $ldapSearchArray = @ldap_get_entries($ldapConnection, $ldapSearchResult); - - $userBaseDn = $ldapSearchArray[0]["dn"]; - - /* - * Bind with password & baseDN - */ - - @ldap_set_option($ds, LDAP_OPT_REFERRALS,0); + return $entry; - if ($ldapConnection){ - - if (@ldap_bind($ldapConnection, $userBaseDn, $password)){ + } - $entry = ldap_get_entries($ldapConnection, $ldapSearchResult); + } - if(!$entry or !$entry[0]){ + } - ldap_close($ds); - return false; + }else{ - }else{ + $filter = $xerte_toolkits_site->LDAP_filter . $toolkits_username; - return $entry; + $ldapConnection = ldap_connect($host, (int)$port); - } + $ldapSearchResult = @ldap_search($ldapConnection, $basedn, $filter ); - }else{ - - return false; + $ldapSearchArray = @ldap_get_entries($ldapConnection, $ldapSearchResult); - } - - } + $userBaseDn = $ldapSearchArray[0]["dn"]; - ldap_close($ldapConnection); - + /* + * Bind with password & baseDN + */ - } + @ldap_set_option($ds, LDAP_OPT_REFERRALS,0); + + if ($ldapConnection){ + + if (@ldap_bind($ldapConnection, $userBaseDn, $password)){ + + $entry = ldap_get_entries($ldapConnection, $ldapSearchResult); + + if(!$entry or !$entry[0]){ + + ldap_close($ds); + + return false; + + }else{ + + return $entry; + + } + + }else{ + + return false; + + } + + } + + ldap_close($ldapConnection); + + + } } @@ -132,480 +123,454 @@ function get_ldap_array($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter_attr function get_user_ldap($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter,$ldap_filter_attr,$eureka_username,$password,$eureka_site){ - if($bind_pwd!=""){ + if($bind_pwd!=""){ + + $ldap_search_attr = array('firstname' => 'givenname', 'lastname' => 'sn'); + + $ldapbind = null; + + $ds = @ldap_connect($host, (int)$port); - $ldap_search_attr = array('firstname' => 'givenname', 'lastname' => 'sn'); + @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - $ldapbind = null; + if ($ds) { - $ds = @ldap_connect($host, (int)$port); - - @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if ($bind_dn != '') { - if ($ds) { + $ldapbind = @ldap_bind($ds, $bind_dn, $bind_pwd); - if ($bind_dn != '') { - - $ldapbind = @ldap_bind($ds, $bind_dn, $bind_pwd); + $sr = @ldap_search($ds, $basedn, $ldap_filter_attr ."=". $eureka_username, array_values($ldap_search_attr)); - $sr = @ldap_search($ds, $basedn, $ldap_filter_attr ."=". $eureka_username, array_values($ldap_search_attr)); - - if(!$sr){ + if(!$sr){ - /* - * login has failed - */ + /* + * login has failed + */ - ldap_close($ds); - - $result_array = array(false, null); - - return $result_array; - - } + ldap_close($ds); - $entry = ldap_get_entries($ds, $sr); + $result_array = array(false, null); - if(! $entry or ! $entry[0]) { + return $result_array; - ldap_close($ds); - - $result_array = array(false, null); + } - return $result_array; + $entry = ldap_get_entries($ds, $sr); + if(! $entry or ! $entry[0]) { - }else{ - - ldap_close($ds); - - $result_array = array(true, $entry); - - return $result_array; - - } + ldap_close($ds); - } - - }else{ - - /* - * login failed (possibly for technical reasons with LDAP) - */ + $result_array = array(false, null); - - ldap_close($ds); + return $result_array; - $result_array = array(false, null); - return $result_array; + }else{ - } + ldap_close($ds); - }else{ + $result_array = array(true, $entry); - - $filter = $ldap_filter . $eureka_username; + return $result_array; - $ldapConnection = ldap_connect($host, (int)$port); + } - $ldapSearchResult = ldap_search($ldapConnection, $basedn, $filter); + } - if($ldapSearchResult){ + }else{ - $ldapSearchArray = ldap_get_entries($ldapConnection, $ldapSearchResult); - - $userBaseDn = $ldapSearchArray[0]["dn"]; - - /* - * Bind with password & baseDN - */ + /* + * login failed (possibly for technical reasons with LDAP) + */ - if ($ldapConnection){ - if (@ldap_bind($ldapConnection, $userBaseDn, $password)){ + ldap_close($ds); - $entry = @ldap_get_entries($ldapConnection, $ldapSearchResult); + $result_array = array(false, null); - if(!$entry or !$entry[0]){ + return $result_array; - $result_array = array(false, null); + } - return $result_array; + }else{ - }else{ - $result_array = array(true, $entry); + $filter = $ldap_filter . $eureka_username; - return $result_array; + $ldapConnection = ldap_connect($host, (int)$port); - } + $ldapSearchResult = ldap_search($ldapConnection, $basedn, $filter); - }else{ + if($ldapSearchResult){ - $result_array = array(false, null); - - return $result_array; + $ldapSearchArray = ldap_get_entries($ldapConnection, $ldapSearchResult); - } - - } + $userBaseDn = $ldapSearchArray[0]["dn"]; - ldap_close($ldapConnection); + /* + * Bind with password & baseDN + */ - }else{ + if ($ldapConnection){ - $result_array = array(false, null); - - return $result_array; + if (@ldap_bind($ldapConnection, $userBaseDn, $password)){ - } + $entry = @ldap_get_entries($ldapConnection, $ldapSearchResult); - } + if(!$entry or !$entry[0]){ + + $result_array = array(false, null); + + return $result_array; + + }else{ + + $result_array = array(true, $entry); + + return $result_array; + + } + + }else{ + + $result_array = array(false, null); + + return $result_array; + + } + + } + + ldap_close($ldapConnection); + + }else{ + + $result_array = array(false, null); + + return $result_array; + + } + + } } /////////////////////////// -function authenticate_to_host($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter,$ldap_filter_attr,$eureka_username,$password,$eureka_site){ +function authenticate_to_host($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter,$ldap_filter_attr,$eureka_username,$password,$eureka_site) { + + if($bind_pwd!=""){ - if($bind_pwd!=""){ + $ldap_search_attr = array('firstname' => 'givenname', 'lastname' => 'sn'); - $ldap_search_attr = array('firstname' => 'givenname', 'lastname' => 'sn'); + $ldapbind = null; - $ldapbind = null; + $ds = @ldap_connect($host, (int)$port); + if(!$ds) { + _debug("issue connecting to ldap server? $host / $port : " . ldap_error($ds)); + } + @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if ($ds) { + if ($bind_dn != '') { + $ldapbind = @ldap_bind($ds, $bind_dn, $bind_pwd); + $sr = @ldap_search($ds, $basedn, $ldap_filter_attr ."=". $eureka_username, array_values($ldap_search_attr)); - $ds = @ldap_connect($host, (int)$port); - - @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if(!$sr){ + _debug("Failed to query ldap server" . ldap_error($ds)); + /* + * login has failed + */ - if ($ds) { + ldap_close($ds); - if ($bind_dn != '') { - - $ldapbind = @ldap_bind($ds, $bind_dn, $bind_pwd); + $result_array = array(false, null); - $sr = @ldap_search($ds, $basedn, $ldap_filter_attr ."=". $eureka_username, array_values($ldap_search_attr)); - - if(!$sr){ + return $result_array; - /* - * login has failed - */ + } - ldap_close($ds); - - $result_array = array(false, null); - - return $result_array; - - } + $entry = ldap_get_entries($ds, $sr); + if(!$entry or !isset($entry[0])) { - $entry = ldap_get_entries($ds, $sr); + ldap_close($ds); - if(! $entry or ! $entry[0]) { + $result_array = array(false, null); - ldap_close($ds); - - $result_array = array(false, null); + return $result_array; - return $result_array; + }else{ - }else{ - - if(@ldap_bind($ds, $entry[0]['dn'], $password)) { + if(@ldap_bind($ds, $entry[0]['dn'], $password)) { - /* - * valid login, so return true - */ + /* + * valid login, so return true + */ - ldap_close($ds); - - $result_array = array(true, $entry); - - return $result_array; + ldap_close($ds); - } - - } + $result_array = array(true, $entry); - } - - }else{ - - /* - * login failed (possibly for technical reasons with LDAP) - */ + return $result_array; - - ldap_close($ds); + } - $result_array = array(false, null); + } - return $result_array; + } - } + }else{ - }else{ + /* + * login failed (possibly for technical reasons with LDAP) + */ - - $filter = $ldap_filter . $eureka_username; - $ldapConnection = ldap_connect($host, (int)$port); + ldap_close($ds); - $ldapSearchResult = ldap_search($ldapConnection, $basedn, $filter); + $result_array = array(false, null); - if($ldapSearchResult){ + return $result_array; - $ldapSearchArray = ldap_get_entries($ldapConnection, $ldapSearchResult); - - $userBaseDn = $ldapSearchArray[0]["dn"]; - - /* - * Bind with password & baseDN - */ + } - if ($ldapConnection){ + }else{ - if (@ldap_bind($ldapConnection, $userBaseDn, $password)){ - $entry = @ldap_get_entries($ldapConnection, $ldapSearchResult); + $filter = $ldap_filter . $eureka_username; - if(!$entry or !$entry[0]){ + $ldapConnection = ldap_connect($host, (int)$port); - $result_array = array(false, null); + $ldapSearchResult = ldap_search($ldapConnection, $basedn, $filter); - return $result_array; + if($ldapSearchResult){ - }else{ + $ldapSearchArray = ldap_get_entries($ldapConnection, $ldapSearchResult); - $result_array = array(true, $entry); + $userBaseDn = $ldapSearchArray[0]["dn"]; - return $result_array; + /* + * Bind with password & baseDN + */ - } + if ($ldapConnection){ - }else{ + if (@ldap_bind($ldapConnection, $userBaseDn, $password)){ - $result_array = array(false, null); - - return $result_array; + $entry = @ldap_get_entries($ldapConnection, $ldapSearchResult); - } - - } + if(!$entry or !$entry[0]){ - ldap_close($ldapConnection); + $result_array = array(false, null); - }else{ + return $result_array; - $result_array = array(false, null); - - return $result_array; + }else{ - } + $result_array = array(true, $entry); - } + return $result_array; + + } + + }else{ + + $result_array = array(false, null); + + return $result_array; + + } + + } + + ldap_close($ldapConnection); + + }else{ + + $result_array = array(false, null); + + return $result_array; + + } + + } } - /** - * - * Function valid login - * This function is used to authenticate users on index.php - * @param string $username = username given - * @param string $password = password given - * @return bool - True or false depending on authentication - * @version 1.0 - * @author Patrick Lockley - */ +/** + * + * Function valid login + * This function is used to authenticate users on index.php + * @param string $username = username given + * @param string $password = password given + * @return bool - True or false depending on authentication + * @version 1.0 + * @author Patrick Lockley + */ function valid_login($username,$password,$xerte_toolkits_site){ + $ldap_hosts = db_query("SELECT * FROM {$xerte_toolkits_site->database_table_prefix}ldap"); + // if we do NOT have entries in the ldap table then fall back to trying the 'global' config stuff from the sitedetails table. + if(empty($ldap_hosts)) { + _debug("No entries in ldap_hosts"); + if(strpos($xerte_toolkits_site->ldap_host,"$$$")){ + + $login_check = false; + + $host = explode("$$$",$xerte_toolkits_site->ldap_host); + $port = explode("$$$",$xerte_toolkits_site->ldap_port); + $bind_pwd = explode("$$$",$xerte_toolkits_site->bind_pwd); + $basedn = explode("$$$",$xerte_toolkits_site->basedn); + $bind_dn = explode("$$$",$xerte_toolkits_site->bind_dn); + + for($x=0;$xldap_host; + $port = $xerte_toolkits_site->ldap_port; + $bind_pwd= $xerte_toolkits_site->bind_pwd; + $basedn= $xerte_toolkits_site->basedn; + $bind_dn = $xerte_toolkits_site->bind_dn; + + $result = authenticate_to_host($host,$port,$bind_pwd,$basedn,$bind_dn,$username,$password,$xerte_toolkits_site); + + if($result){ - $link = mysql_connect($xerte_toolkits_site->database_host, $xerte_toolkits_site->database_username, $xerte_toolkits_site->database_password); - - mysql_select_db($xerte_toolkits_site->database_name); - - $ldap_hosts = mysql_query("select * from " . $xerte_toolkits_site->database_table_prefix . "ldap"); - - if(!$ldap_hosts){ - - if(strpos($xerte_toolkits_site->ldap_host,"$$$")){ - - $login_check = false; - - $host = explode("$$$",$xerte_toolkits_site->ldap_host); - $port = explode("$$$",$xerte_toolkits_site->ldap_port); - $bind_pwd = explode("$$$",$xerte_toolkits_site->bind_pwd); - $basedn = explode("$$$",$xerte_toolkits_site->basedn); - $bind_dn = explode("$$$",$xerte_toolkits_site->bind_dn); - - for($x=0;$xldap_host; - $port = $xerte_toolkits_site->ldap_port; - $bind_pwd= $xerte_toolkits_site->bind_pwd; - $basedn= $xerte_toolkits_site->basedn; - $bind_dn = $xerte_toolkits_site->bind_dn; - - $result = authenticate_to_host($host,$port,$bind_pwd,$basedn,$bind_dn,$username,$password,$xerte_toolkits_site); - - if($result){ - - receive_message($username, "USER", "SUCCESS", "Logging in succeeded for " . $username, "Logging in succeeded for " . $username); - - return $result; - - }else{ - - receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username); - - return $result; - - } - - } - - }else{ - - while($host = mysql_fetch_array($ldap_hosts)){ - - $result = authenticate_to_host($host['ldap_host'],$host['ldap_port'],$host['ldap_password'],$host['ldap_username'],$host['ldap_basedn'],$host['ldap_filter'],$host['ldap_filter_attr'],$username,$password,$xerte_toolkits_site); - - if($result[0]){ - - return true; - - } - - } - - } - - return false; - -} - - /** - * - * Function get user details - * This function is used to get a users details from LDAP - * @param string $username = username given - * @param string $password = password given - * @return array $entry - the LDAP array returned - * @version 1.0 - * @author Patrick Lockley - */ + receive_message($username, "USER", "SUCCESS", "Logging in succeeded for " . $username, "Logging in succeeded for " . $username); + + return $result; + + }else{ + + receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username); + + return $result; + + } + + } + + } + else { + + foreach($ldap_hosts as $host) { + _debug("Trying to authenticate against {$host['ldap_host']}"); + $result = authenticate_to_host($host['ldap_host'],$host['ldap_port'],$host['ldap_password'],$host['ldap_username'],$host['ldap_basedn'],$host['ldap_filter'],$host['ldap_filter_attr'],$username,$password,$xerte_toolkits_site); + if($result[0]){ + return true; + } + + } + } + + return false; +} + + +/** + * + * Function get user details + * This function is used to get a users details from LDAP + * @param string $username = username given + * @param string $password = password given + * @return array $entry - the LDAP array returned + * @version 1.0 + * @author Patrick Lockley + */ function get_user_details($username,$password){ + global $xerte_toolkits_site; + $link = mysql_connect($xerte_toolkits_site->database_host, $xerte_toolkits_site->database_username, $xerte_toolkits_site->database_password); - $link = mysql_connect($xerte_toolkits_site->database_host, $xerte_toolkits_site->database_username, $xerte_toolkits_site->database_password); + mysql_select_db($xerte_toolkits_site->database_name); - mysql_select_db($xerte_toolkits_site->database_name); + $ldap_hosts = mysql_query("select * from " . $xerte_toolkits_site->database_table_prefix . "ldap"); - $ldap_hosts = mysql_query("select * from " . $xerte_toolkits_site->database_table_prefix . "ldap"); + while($host = mysql_fetch_array($ldap_hosts)){ - while($host = mysql_fetch_array($ldap_hosts)){ - - $login_check = get_user_ldap($host['ldap_host'],$host['ldap_port'],$host['ldap_password'],$host['ldap_username'],$host['ldap_basedn'],$host['ldap_filter'],$host['ldap_filter_attr'],$username,$password,$xerte_toolkits_site); + $login_check = get_user_ldap($host['ldap_host'],$host['ldap_port'],$host['ldap_password'],$host['ldap_username'],$host['ldap_basedn'],$host['ldap_filter'],$host['ldap_filter_attr'],$username,$password,$xerte_toolkits_site); - if($login_check[1]!=null){ + if($login_check[1]!=null){ - break; + break; - } + } - } + } - return $login_check; + return $login_check; } - /** - * - * Function password username check - * This function is used to authenticate on the password play page - * @param string $login_details = username and passwird in an array - * @version 1.0 - * @author Patrick Lockley - */ - +/** + * + * Function password username check + * This function is used to authenticate on the password play page + * @param string $login_details = username and passwird in an array + * @version 1.0 + * @author Patrick Lockley + */ + function password_username_check($login_details){ - if(($login_details["login"]=="")&&($login_details["password"]=="")){ - - $results_and_message = array ("false", "

Please enter your username and password

"); + if(($login_details["login"]=="")&&($login_details["password"]=="")){ - return $results_and_message; - - }else if($login_details["login"]==""){ + $results_and_message = array ("false", "

Please enter your username and password

"); - $results_and_message = array ("false", "

Please enter your username

"); + return $results_and_message; - return $results_and_message; - - }else if($login_details["password"]==""){ - - $results_and_message = array ("false", "

Please enter your password

"); + }else if($login_details["login"]==""){ - return $results_and_message; + $results_and_message = array ("false", "

Please enter your username

"); - }else if(($login_details["login"]!="")&&($login_details["password"]!="")){ + return $results_and_message; - if(valid_login($login_details["login"],$login_details["password"])){ + }else if($login_details["password"]==""){ - $results_and_message = array ("true", " "); + $results_and_message = array ("false", "

Please enter your password

"); - return $results_and_message; + return $results_and_message; - }else{ + }else if(($login_details["login"]!="")&&($login_details["password"]!="")){ - if($login_details["login"]=="stxje1"){ + if(valid_login($login_details["login"],$login_details["password"])){ - $results_and_message = array ("true", " "); + $results_and_message = array ("true", " "); - return $results_and_message; + return $results_and_message; - } + }else{ - $results_and_message = array ("false", " "); + if($login_details["login"]=="stxje1"){ - return $results_and_message; + $results_and_message = array ("true", " "); - } + return $results_and_message; - } + } -} + $results_and_message = array ("false", " "); + + return $results_and_message; + } -?> \ No newline at end of file + } + +}