<?php
session_start();
require_once 'config/config.inc.php';
require_once 'config/db_config.inc.php';
require_once 'language_files/language.inc.php';
require_once 'config/ldap_common.php';
$LDAP = getLDAP('config/');
//--- check the user name and password
$bAccessAllowed = false;
if ($LDAP['auth_method'] == 'HYBRID' || $LDAP['auth_method'] == 'HYBRID_AD') {
//Check LDAP for the user
//Check user credentials against LDAP
$check = ldapAuthenticate($_REQUEST['UserId'], $_REQUEST['Password'], false);
if ($check['passed']) {
//See if user is in the database
$db = checkDB($_REQUEST['UserId'], $_REQUEST['Password']);
if ($db[success]) {
if ($db[level] == 2 || $db[level] == 4 || $db[level] == 8 || $db[level] == 1) {
$bAccessAllowed = true;
}
} else {
//LDAP Credentials failed
$bAccessAllowed = false;
}
} else {
//LDAP Credentials failed
$bAccessAllowed = false;
}
//Check Database for the user
if ($bAccessAllowed == false) {
function ldapAuthenticate($id, $password)
{
//Get LDAP Config values
$ldap = getLDAP("config/");
$auth_method = $ldap["auth_method"];
$ldap_host = $ldap["ldap_host"];
$ldap_domain = $ldap["ldap_domain"];
$ldap_binddn = $ldap["ldap_binddn"];
$ldap_bindpwd = $ldap["ldap_bindpwd"];
$ldap_searchattr = $ldap["ldap_searchattr"];
$ldap_fname = $ldap["ldap_fname"];
$ldap_lname = $ldap["ldap_lname"];
$ldap_uname = $ldap["ldap_uname"];
$ldap_email_add = $ldap["ldap_email"];
$ldap_office = $ldap["ldap_office"];
$ldap_phone = $ldap["ldap_phone"];
$ldap_context = $ldap["ldap_context"];
$ldap_rootdn = $ldap["ldap_rootdn"];
$default_level = $ldap["default_level"];
$connection = @ldap_connect($ldap_host) or die('Could not connect to LDAP server.');
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
//Cant connect to ldap
if (!$connection) {
$LDAPInfo['passed'] = false;
return $LDAPInfo;
}
//Connection made -- bind and get dn for username
$ldapbind = ldap_bind($connection, $ldap_binddn, $ldap_bindpwd);
//Check to make sure we are bound
if (!$ldapbind) {
ldap_close($connection);
$LDAPInfo['passed'] = false;
return $LDAPInfo;
}
$filter = $ldap_searchattr . '=' . $id;
$sr = ldap_search($connection, $ldap_rootdn, $filter);
//Make sure only ONE result was returned
if (ldap_count_entries($connection, $sr) != 1) {
ldap_close($connection);
$LDAPInfo['passed'] = false;
return $LDAPInfo;
}
$info = ldap_get_entries($connection, $sr);
//Now, try to rebind with their full dn and password
if ($auth_method == 'AD' || $auth_method == 'HYBRID_AD') {
$userbind = $id . '@' . $ldap_domain;
} else {
$userbind = $info[0][$ldap_context];
}
//Make sure a password was sent
if (!isset($password) || $password != '') {
$ldapbind = ldap_bind($connection, $userbind, $password);
if (!$ldapbind) {
ldap_close($connection);
$LDAPInfo['passed'] = false;
return $LDAPInfo;
}
$LDAPInfo['passed'] = true;
$LDAPInfo['fname'] = $info[0][$ldap_fname][0];
$LDAPInfo['lname'] = $info[0][$ldap_lname][0];
$LDAPInfo['uname'] = $info[0][$ldap_uname][0];
$LDAPInfo['email'] = $info[0][$ldap_email_add][0];
$LDAPInfo['password'] = md5($password);
$LDAPInfo['office'] = $info[0][$ldap_office][0];
$LDAPInfo['phone'] = $info[0][$ldap_phone][0];
$LDAPInfo['default_level'] = $default_level;
return $LDAPInfo;
} else {
ldap_close($connection);
$LDAPInfo["passed"] = false;
return $LDAPInfo;
}
}
<?php
session_start();
require_once '../config/config.inc.php';
require_once '../language_files/language.inc.php';
require_once '../config/ldap_common.php';
//Get LDAP Values
$LDAP = getLDAP('../config/');
$nColsRunningNumber = 0;
$nAllColsRunningNumber = 0;
$nColsMax = sizeof($ARR_COL_SPLIT);
for ($nColsIndex = 0; $nColsIndex < $nColsMax; $nColsIndex++) {
$strCurCol = $ARR_COL_SPLIT[$nColsIndex];
$nColsIndex = $nColsIndex + 1;
$bActive = $ARR_COL_SPLIT[$nColsIndex];
switch ($strCurCol) {
case 'NAME':
$arrCONF_AllCols[$nAllColsRunningNumber]['strTitle'] = 'COL_CIRCULATION_NAME';
$arrCONF_AllCols[$nAllColsRunningNumber]['strScreenTitle'] = $CIRCORDER_NAME;
if ($bActive) {
$arrCirculation_Cols[] = 'COL_CIRCULATION_NAME';
}
break;
case 'STATION':
$arrCONF_AllCols[$nAllColsRunningNumber]['strTitle'] = 'COL_CIRCULATION_STATION';
$arrCONF_AllCols[$nAllColsRunningNumber]['strScreenTitle'] = $CIRCORDER_STATION;
if ($bActive) {
$arrCirculation_Cols[] = 'COL_CIRCULATION_STATION';
}
break;
case 'DAYS':
