/**
* Authenticate a user using mulitple authentication providers
*
* <p>Authenticate a user using authentication providers defined
* in an ini based file. The name of this file is fixed and
* should be called <tt>auth.ini</tt>. Location for this file should
* be defined in <tt>config.php</tt> in the <tt>$CFG->auth_multiple_ini</tt>
* directive. It is best to place this file outside of your document
* root since it may contain sensitive inforation.</p>
*
* <p>This function will try the providers one by one and will stop
* if one returns a valid result. Else it will default to basic
* elgg (database) authentication and return that result.</p>
*
* @author Misja Hoebe
* @since 0.7
* @package elgg
* @subpackage elgg.auth.multiple
* @param string username
* @param string password
* @return mixed authentication result
*/
function multiple_authenticate_user_login($username, $password)
{
global $CFG, $messages;
$auth_config = null;
// Check if an auth.ini location is defined
if (!$CFG->auth_multiple_ini) {
$messages[] = 'No "auth.ini" location defined';
return false;
}
// and if the file exists
if (!file_exists($CFG->auth_multiple_ini)) {
$messages[] = 'File "auth.ini" does not exist';
return false;
} else {
// Load the file
$auth_config = parse_ini_file($CFG->auth_multiple_ini, true);
}
// Walk through the config values
foreach ($auth_config as $key => $settings) {
// Set the configuration parameters
foreach ($settings as $setting => $value) {
$CFG->{$setting} = $value;
}
// All done call the provider
require_once $CFG->dirroot . "auth/{$CFG->auth}/lib.php";
$function = $CFG->auth . "_authenticate_user_login";
$result = $function($username, $password);
if ($result == false) {
continue;
} else {
// We're happy
return $result;
}
}
// If we have reached this point no provider has returned true,
// so we use the internal authentication code as a final resort
// Reset to internal
$CFG->auth = 'internal';
require_once $CFG->dirroot . "auth/internal/lib.php";
return internal_authenticate_user_login($username, $password);
}
/**
* Sets up configuration variables and puts together the above functions
* to perform an authentication
*/
function ldap_authenticate_user_login($username, $password)
{
global $CFG, $messages;
if (!function_exists('ldap_connect')) {
$messages[] = 'No PHP LDAP module available, please contact the system administrator.';
return false;
}
/////////// Set up config //////////////
// LDAP host
if (!$CFG->ldap_host) {
// No host defined, switch to plain login
require_once $CFG->dirroot . 'auth/internal/lib.php';
return internal_authenticate_user_login($username, $password);
}
// LDAP port
if (!$CFG->ldap_port) {
$CFG->ldap_port = 389;
}
// Base DN setup
if (!$CFG->ldap_basedn) {
$CFG->ldap_basedn = array();
} else {
if (!is_array($CFG->ldap_basedn)) {
//single DN specified
$CFG->ldap_basedn = array($CFG->ldap_basedn);
}
}
// Which filter to apply for the username, e.g. cn or uid
if (!$CFG->ldap_filter_attr) {
$CFG->ldap_filter_attr = 'uid';
}
// Which search attributes to return
if (!$CFG->ldap_search_attr) {
$CFG->ldap_search_attr = array('dn' => 'dn');
}
// Set protocol version, default is v3
$version = 3;
// Set up LDAP protocol version
if ($CFG->ldap_protocol_version) {
$version = $CFG->ldap_protocol_version;
}
////////// Done setting up config /////////
//connect and bind
$ds = ldap_init_connection($CFG->ldap_host, $CFG->ldap_port, $CFG->ldap_protocol_version, $CFG->ldap_bind_dn, $CFG->ldap_bind_pwd);
if (!$ds) {
return false;
}
// Perform LDAP search
foreach ($CFG->ldap_basedn as $this_ldap_basedn) {
$ldap_user_info = ldap_do_auth($ds, $this_ldap_basedn, $username, $password, $CFG->ldap_filter_attr, $CFG->ldap_search_attr);
if ($ldap_user_info) {
// LDAP login successful
// If we need to create the user
if ($CFG->ldap_user_create == true) {
ldap_create_elgg_user($username, $password, $ldap_user_info);
}
ldap_close($ds);
// Return the user object
return get_record_select('users', "username = ? AND active = ? AND user_type = ? ", array($username, 'yes', 'person'));
}
}
// Done with LDAP
ldap_close($ds);
// No such user in LDAP, fallback to internal authentication
if ($CFG->ldap_internal_fallback == true) {
require_once $CFG->dirroot . 'auth/internal/lib.php';
return internal_authenticate_user_login($username, $password);
} else {
return false;
}
}
