function authenticate($user, $password)
{
global $ldap_host, $ldap_dn, $ldap_username, $ldap_password, $site_admin_username, $site_admin_password;
ldap_settings();
$ldap_user = '******' . $user . ',' . $ldap_dn;
if ($user === $site_admin_username) {
if ($password === $site_admin_password) {
$access = 2;
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
} else {
return false;
}
return true;
}
if (empty($user) || empty($password)) {
return false;
}
// connect to active directory
//UNCOMMENT the line below for troubleshooting LDAP issues
#ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldap = ldap_connect('ldaps://' . $ldap_host);
// verify user and password
if ($bind = ldap_bind($ldap, $ldap_user, $password)) {
//set filter for search to be equal to the users account name
$filter = "(sAMAccountName=" . $user . ")";
//Attribute value to be returned. Not in use but keeping in place for the future.
$attr = array("memberof");
//execute search for user based on filter
$result = ldap_search($ldap, $ldap_dn, $filter) or exit("Unable to search LDAP server");
//If entries are returned, user is found
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
$access = 1;
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}
}
function search($user, $password, $searchString, $type, $searchString2)
{
global $ldap_host, $ldap_dn, $ldap_username, $ldap_password, $ldap_filter, $user_photo_url;
ldap_settings();
if (empty($user) || empty($password)) {
return false;
}
$ldap = ldap_connect('ldaps://' . $ldap_host);
// verify user and password
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($bind = @ldap_bind($ldap, $ldap_username, $ldap_password)) {
$filter = "(&(|(cn=*{$searchString}*)(uid={$searchString}))" . $ldap_filter . ")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
$access = 1;
$returns = "";
if ($access != 0) {
for ($i = 0; $i < $entries["count"]; $i++) {
$returns .= '<tr style="border-bottom: 1pt solid #A9A9A9;">';
$returns .= '<td style="vertical-align: top;" width="50px">';
if (strlen($user_photo_url) == 0) {
$returns .= '<img style="padding-top:3px;" width=30 height=35 src="default_user.jpg" />';
} else {
$returns .= '<img style="padding-top:3px;" src="' . $user_photo_url . '' . $entries[$i]["cn"][0] . '" />';
}
$returns .= '</td>';
$returns .= '<td style="vertical-align: top;" width="150px">';
$returns .= '<a type="button" style="font-size: 11px;cursor: pointer;" class="button_tag ';
$returns .= 'btn-default btn-xs">';
$returns .= $entries[$i]["description"][0] . '</a> ';
$returns .= '<br />';
$returns .= '<a type="button" style="font-size: 11px;cursor: pointer;" class="button_title ';
$returns .= 'btn-default btn-xs">';
$returns .= $entries[$i]["title"][0] . '</a> ';
$returns .= '<br />';
$returns .= '<a type="button" style="font-size: 11px;cursor: pointer;" class="button_phone" href="tel:';
$returns .= $entries[$i]["telephonenumber"][0];
$returns .= '" ';
$returns .= 'btn-default btn-xs">';
$returns .= $entries[$i]["telephonenumber"][0] . '</a> ';
$returns .= '<br />';
$returns .= '<a type="button" style="font-size: 11px;cursor: pointer;" class="button_email" href="mailto:';
$returns .= $entries[$i]["mail"][0];
$returns .= '" ';
$returns .= 'btn-default btn-xs">';
$returns .= $entries[$i]["mail"][0] . '</a> ';
$returns .= '<br />';
$returns .= '</td>';
$returns .= '<td>';
$returns .= '<div style="padding-bottom: 5px;" id="' . $entries[$i]["cn"][0] . '_tags">';
$returns .= get_tags($entries[$i]["cn"][0], $searchString2);
#$returns .= '<p>'.var_dump($entries[$i]).'</p>';
$returns .= '</div>';
#if ($type == 'tags') {
$returns .= addTagsForm($entries[$i]["cn"][0]);
#}
$returns .= '</td>';
$returns .= '</tr>';
}
return $returns;
} else {
$returns .= "<div style='padding-bottom: 5px;'>";
$returns .= "<b>0</b> users found";
$returns .= "</div>";
}
} else {
// invalid name or password
return "LDAP SERVER: " . $ldap_host . " DN: " . $ldap_dn . " Could not bind";
}
}
if (isset($_SESSION['user']) && $_SESSION['user'] === "admin") {
//Do Nothing, user can access this page.
include "authenticate.php";
} else {
//User not allowed. Return user back to index page.
header("Location: index.php");
die;
}
include "html_head.php";
?>
<body>
<?php
//Get ldap settings
ldap_settings();
//+++++++++++++++++++++++++++++++++++++++++++++++++
//Get site settings for editing
//+++++++++++++++++++++++++++++++++++++++++++++++++
function get_site_admin()
{
global $site_title, $site_admin_username, $site_admin_password, $site_photo_url, $site_logo_url;
$servername = "127.0.0.1";
$username = "******";
$password = "******";
$dbname = "who_what";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);