/**
* Uses Username and Password from Session to initialize the LDAP handle
* If it fails it redirects to login.php
*/
function ldap_login()
{
global $conf;
if (!empty($_SESSION['ldapab']['username'])) {
// existing session! Check if valid
if ($_SESSION['ldapab']['browserid'] != auth_browseruid()) {
//session hijacking detected
header('Location: login.php?username='******'httpd_auth'] && !empty($_SERVER['PHP_AUTH_USER'])) {
// use HTTP auth if wanted and possible
$_SESSION['ldapab']['username'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['ldapab']['password'] = $_SERVER['PHP_AUTH_PW'];
} elseif (!empty($_COOKIE['ldapabauth'])) {
// check persistent cookie
$cookie = base64_decode($_COOKIE['ldapabauth']);
$cookie = x_Decrypt($cookie, get_cookie_secret());
list($u, $p) = unserialize($cookie);
$_SESSION['ldapab']['username'] = $u;
$_SESSION['ldapab']['password'] = $p;
}
if (empty($_SESSION['ldapab']) || !do_ldap_bind($_SESSION['ldapab']['username'], $_SESSION['ldapab']['password'], $_SESSION['ldapab']['binddn'])) {
header('Location: login.php?username=');
exit;
}
}
function Descramble($var, $RespID, $sometext)
{
global $Responder_ID;
$var = x_Decrypt($var, $sometext);
$var = x_Decrypt($var, $RespID);
return $var;
}
