/** * Authenticates the user and retrieves a bunch of data about him/her from AD * Returns whether the user was authenticated (boolean) * * @param unknown_type $username * @param unknown_type $password */ function authenticateUser($username, $password) { // init the return value $retVal = false; // include the AD utils include_once "phpAD.inc.php"; // include the app;lication constants include_once "Constants.php"; // parse the config file $config = parse_ini_file("Config.ini", 1); // create and connect to the AD $ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']); // validate the user $retVal = $ad->bind($username . $config['Security']['DomainSuffix'], $password); // get the name of the product $product = $config['Product']['Name']; // if the user authenticated if ($retVal) { // get the user info $userInfo = $ad->getUser($username); // set the user info $this->setUserName($username); $this->setFirstName($userInfo['givenname'][0]); $this->setLastName($userInfo['sn'][0]); // if we got a telephone number from AD, set it if (isset($userInfo['telephonenumber'][0])) { $this->setPhoneNumber($userInfo['telephonenumber'][0]); } // if we got a department number from AD, set it if (isset($userInfo['department'][0])) { $this->setDepartment($userInfo['department'][0]); } // if we got a email address from AD, set it if (isset($userInfo['mail'][0])) { $this->setEmailAddress($userInfo['mail'][0]); } // reset role list $this->Role = array(); // include the lookup object include_once "Lookups.php"; // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $ID = $userlu->getItemIDByName($username); // did we get a valid ID if (!empty($ID)) { $this->ID = $ID; } // get a lookup object $roleLUs = new Lookups(); // get the items for the pull down $roleLUs->getLookupByName("RoleLU"); //error_log(print_r($roleLUs, true)); // check if the user is a memeber of a role if (isset($userInfo['memberof'])) { // loop though the roles for this user foreach ($userInfo['memberof'] as $item) { // look for the product identifier in the role name $pos = strpos($item, $product . " "); // did we find it if ($pos > 0) { // find the position of the end of the product name $productEnd = $pos + strlen($product); // find the position of the next comma (AD returns a comma separated list of items, we only care about the first one) $comma = strpos($item, ","); // get the role name $roleName = substr($item, $pos, $comma - $pos); // init the role ID $roleID = null; // get the ID of the role by looking up the role name in the database $roleID = $roleLUs->getItemIDByName($roleName); //error_log(print_r($roleID, true)); // did we get a valid role ID if (!empty($roleID) && isset($roleID)) { // save the role ID $this->Role[] = $roleID; // if this guy is an administrator if (strpos($roleName, "Administrator")) { $this->setAdminUser(true); } } } } } //error_log(print_r($userInfo, true)); } else { error_log("Error: Could not bind to the UNC AD for user: " . $username, 0); } // if there are no roles assigned to the user deny access if (!isset($this->Role) || !isset($this->ID) || empty($this->Role)) { $retVal = false; } // return to the caller return $retVal; }
/** * Gets the user name by the ID * * @param int $ID */ function displayUserNameByID($ID) { // the name to return $name = ""; // include the lookup object include_once "UserLU.php"; // get a lookup object $userlu = new UserLU(); // get the items for the pull down $retval = $userlu->getAllUserNames(); // success? if ($retval == 0) { // get the items in the list $items = $userlu->getUserNameList(); // for each item returned foreach ($items as $item) { // is this the ID we are looking for if ($item[0] == $ID) { // save the output $name = $item[3] . ' ' . $item[4]; // no need to continue break; } } } // return to the caller return $name; }
echo "\n Now by name \n"; $itemName = "InventoryStatusLU"; $retval = $lus->getLookupByName($itemName); // success? if ($retval == 0) { $arr = $lus->getLookupList(); foreach ($arr as $item) { echo "Name:" . $item->Name . ", ID:" . $item->ID . "\n"; } } echo "\n Now by name by ID \n"; $retval = $lus->getItemNameByID(1); echo "ID: 1, name:" . $retval . "\n"; echo "\n Get the user names\n"; include_once "UserLU.php"; $userlu = new UserLU(); $retval = $userlu->getAllUserNames(); // success? if ($retval == 0) { $arr = $userlu->getUserNameList(); foreach ($arr as $item) { echo "Name:" . $item[0] . "\n"; } } echo "\n Get the user ID/Roles\n"; $retval = $userlu->getUserIDRoles("Phil Owen"); // success? if ($retval == 0) { $arr = $userlu->getUserIDRoleList(); foreach ($arr as $item) { echo "Name: Phil Owen, ID: " . $item[0] . ", Role: " . $item[1] . "\n";
/** * Gets the email address associated with the ID * */ function getEmailAddr($ID) { include_once "phpAD.inc.php"; // parse the config file $config = parse_ini_file("Config.ini", 1); // create and connect to the AD $ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']); // validate the user $retVal = $ad->bind($config['Security']['ADServiceName'] . $config['Security']['DomainSuffix'], $config['Security']['ADServicePassword']); // preset the returned email address $addr = ""; // if the user authenticated if ($retVal) { // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $username = $userlu->getLoginByID($ID); // get the user info $userInfo = $ad->getUser($username); // init the return value $addr = $userInfo['mail'][0]; } // return to the caller return $addr; }
// 3269 for ssl, 389 for normal $retVal = $ad->bind($user . "@ad.unc.edu", $pass); if (!$retVal) { echo "Invalid username or password"; } else { $username = "******"; // get the user info $userInfo = $ad->getUser($username); print_r($userInfo['mail'][0]); //print_r($userInfo); // include the lookup object include_once "Lookups.php"; // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $ID = $userlu->getItemIDByName($username); // did we get a valid ID if (!empty($ID)) { $this->ID = $ID; } // save the email address $this->setEmailAddress($userInfo['mail'][0]); // get a lookup object $lus = new Lookups(); // get the items for the pull down $lus->getLookupByName("RoleLU"); // loop though the roles for this user