ForwardOneStep(); } else { if ($_SESSION['UserDBAuthMode'] == USERDB_AUTH_LDAP) { // We need the user system now! ini_set('error_reporting', E_WARNING); // Enable Warnings! InitUserDbSettings(); // We need some DB Settings InitUserSystemPhpLogCon(); // LDAP Variables $content['LDAPServer'] = $_SESSION['LDAPServer']; $content['LDAPPort'] = $_SESSION['LDAPPort']; $content['LDAPBindDN'] = $_SESSION['LDAPBindDN']; $content['LDAPBindPassword'] = $_SESSION['LDAPBindPassword']; // try LDAP Connect! $ldapConn = DoLDAPConnect(); if ($ldapConn) { $bBind = DoLDAPBind($ldapConn); if (!$bBind) { RevertOneStep($content['INSTALL_STEP'] - 1, GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $_SESSION['LDAPBindDN'])); } } else { RevertOneStep($content['INSTALL_STEP'] - 1, GetAndReplaceLangStr($content['LN_INSTALL_LDAPCONNECTFAILED'], $_SESSION['LDAPServer'])); } } } } else { if ($content['INSTALL_STEP'] == 5) { $content['sql_sucess'] = 0; $content['sql_failed'] = 0; // Import default database if user db is enabled!
function CheckLDAPUserLogin($username, $password) { global $content; // Create LDAP Searchfilter $ldap_filter = '(&' . $content['LDAPSearchFilter'] . '(' . $content['LDAPUidAttribute'] . '=' . $username . '))'; // Get LDAP Connection $ldapConn = DoLDAPConnect(); if ($ldapConn) { if (!DoLDAPBind($ldapConn)) { if (GetConfigSetting("DebugUserLogin", 0) == 1) { // Die with error DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $content['LDAPBindDN'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter); } return false; } } else { if (GetConfigSetting("DebugUserLogin", 0) == 1) { // Die with error DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_SERVERFAILED'], $content['LDAPServer'] . ":" . $content['LDAPPort'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter); } // return false in this case return false; } // Search for the user if (!($r = @ldap_search($ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid", "cn", "localentryid", "userpassword")))) { if (GetConfigSetting("DebugUserLogin", 0) == 1) { // Die with error DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'], $username, ldap_err2str(ldap_errno($ldapConn))), $ldap_filter); } // return false in this case return false; } $info = ldap_get_entries($ldapConn, $r); if (!$info || $info["count"] != 1) { if (GetConfigSetting("DebugUserLogin", 0) == 1) { // Die with error DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERNOTFOUND'], $username), $ldap_filter); } // return false in this case return false; } // now we have the user data. Do a bind to check for his password if (!($r = @ldap_bind($ldapConn, $info[0]['dn'], $password))) { if (GetConfigSetting("DebugUserLogin", 0) == 1) { // Die with error DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_PASSWORDFAIL'], $username), $ldap_filter); } // return false in this case return false; } // for the moment when a user logs in from LDAP, create it in the DB. // then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code… // // added by czhujer // $ldapadmingroup = "cn=loganalyzeradminusers,cn=groups,cn=accounts,dc=someorg,dc=en"; if (LdapCheckGroup($ldapConn, $info[0]['dn'], $ldapadmingroup)) { $ldapuser_is_admin = 1; $ldapuser_is_readonly = 0; //echo "You're (".$info[0]['dn'].") member of \"".$ldapadmingroup."\""; } else { //echo "You're (".$info[0]['dn'].") not member of \"".$ldapadmingroup."\""; $ldapuser_admin = 0; $ldapuser_is_readonly = 1; } /* debug echo "<pre>"; print_r($info); echo "</pre>"; DebugLDAPErrorAndDie("" , $ldap_filter ); */ // // end of czhujer modify // /* DB_RemoveBadChars() needs to be done here to maintain backwards compatibility even if it is not needed here*/ $md5pass = md5(DB_RemoveBadChars($password)); // check if the user already exist $sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '******'"; $result = DB_Query($sqlquery); $myrow = DB_GetSingleRow($result, true); if (!isset($myrow['is_admin'])) { // Create User | use password to create MD5 Hash, so technically the user could login without LDAP as well //$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . $md5pass . "', 0, 1)"; //modified by czhujer $sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES " . "('" . $username . "', '" . $md5pass . "', " . intval($ldapuser_is_admin) . ", " . intval($ldapuser_is_readonly) . ")"; $result = DB_Query($sqlcmd); DB_FreeQuery($result); $myrow['is_admin'] = 0; $myrow['last_login'] = 0; $myrow['is_readonly'] = 1; } // Construct Row and return $myrowfinal['username'] = $username; $myrowfinal['password'] = $md5pass; $myrowfinal['dn'] = $info[0]['dn']; if (isset($myrow['ID'])) { $myrowfinal['ID'] = $myrow['ID']; } else { $myrowfinal['ID'] = DB_ReturnLastInsertID(); } // Get from last insert! $myrowfinal['is_admin'] = $myrow['is_admin']; $myrowfinal['is_readonly'] = $myrow['is_readonly']; $myrowfinal['last_login'] = $myrow['last_login']; return $myrowfinal; }