/**
* Uses Username and Password from Session to initialize the LDAP handle
* If it fails it redirects to login.php
*/
function ldap_login()
{
global $conf;
if (!empty($_SESSION['ldapab']['username'])) {
// existing session! Check if valid
if ($_SESSION['ldapab']['browserid'] != auth_browseruid()) {
//session hijacking detected
header('Location: login.php?username='******'httpd_auth'] && !empty($_SERVER['PHP_AUTH_USER'])) {
// use HTTP auth if wanted and possible
$_SESSION['ldapab']['username'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['ldapab']['password'] = $_SERVER['PHP_AUTH_PW'];
} elseif (!empty($_COOKIE['ldapabauth'])) {
// check persistent cookie
$cookie = base64_decode($_COOKIE['ldapabauth']);
$cookie = x_Decrypt($cookie, get_cookie_secret());
list($u, $p) = unserialize($cookie);
$_SESSION['ldapab']['username'] = $u;
$_SESSION['ldapab']['password'] = $p;
}
if (empty($_SESSION['ldapab']) || !do_ldap_bind($_SESSION['ldapab']['username'], $_SESSION['ldapab']['password'], $_SESSION['ldapab']['binddn'])) {
header('Location: login.php?username=');
exit;
}
}
<?php
/**
* Do the login/logout process
*/
require_once 'inc/init.php';
$msg = $lang['msg_login'];
if (!empty($_REQUEST['username'])) {
if (empty($_REQUEST['password'])) {
$_REQUEST['password'] = '';
}
if (do_ldap_bind($_REQUEST['username'], $_REQUEST['password'])) {
//create private address book if simple enough
if (preg_match('/ou=([^,]+)$/', $conf['privatebook'], $match)) {
$privatedn = $conf['privatebook'] . ', ' . $_SESSION['ldapab']['binddn'];
if (!ldap_read($LDAP_CON, $privatedn, '')) {
ldap_add($LDAP_CON, $privatedn, array('objectClass' => array('organizationalUnit', 'top'), 'ou' => $match[1]));
}
}
//forward to next page
if (!empty($_SESSION['ldapab']['lastlocation'])) {
header('Location: ' . $_SESSION['ldapab']['lastlocation']);
} else {
header('Location: index.php');
}
exit;
} else {
$msg = $lang['msg_loginfail'];
}
} else {
//logout