Ejemplo n.º 1
0
} else {
    $_SESSION['auth_message'] = 'Invalid auth_mechanism defined, please correct your configuration!';
    session_logout();
    header('Location: ' . $config['base_url']);
    exit;
}
if ($vars['page'] == "logout" && $_SESSION['authenticated']) {
    if (auth_can_logout()) {
        // No need for a feedback message if user requested a logout
        session_logout(function_exists('auth_require_login'));
    }
    header('Location: ' . $config['base_url']);
    exit;
}
$mcrypt_exists = check_extension_exists('mcrypt');
$user_unique_id = session_unique_id();
// Get unique user id and check if IP changed (if required by config)
// Check if allowed auth by CIDR
$auth_allow_cidr = TRUE;
if (isset($config['web_session_cidr']) && count($config['web_session_cidr'])) {
    $auth_allow_cidr = match_network($_SERVER['REMOTE_ADDR'], $config['web_session_cidr']);
}
if (!$_SESSION['authenticated'] && isset($_GET['username']) && isset($_GET['password'])) {
    $_SESSION['username'] = $_GET['username'];
    $auth_password = $_GET['password'];
} else {
    if (!$_SESSION['authenticated'] && isset($_POST['username']) && isset($_POST['password'])) {
        $_SESSION['username'] = $_POST['username'];
        $auth_password = $_POST['password'];
    } else {
        if ($mcrypt_exists && !$_SESSION['authenticated'] && isset($_COOKIE['ckey'])) {
Ejemplo n.º 2
0
/**
 * Bind with either the configured bind DN, the user's configured DN, or anonymously, depending on config.
 * Private function for this LDAP module only.
 *
 * @param string $username Bind username (optional)
 * @param string $password Bind password (optional)
 * @return bool FALSE if bind succeeded, TRUE if not
*/
function ldap_bind_dn($username = "", $password = "")
{
    global $config, $ds, $cache;
    print_debug("LDAP[Bind DN called]");
    // Avoid binding multiple times on one resource, this upsets some LDAP servers.
    if (isset($cache['ldap_bind_result'])) {
        return $cache['ldap_bind_result'];
    } else {
        if ($config['auth_ldap_binddn']) {
            print_debug("LDAP[Bind][" . $config['auth_ldap_binddn'] . "]");
            $bind = ldap_bind($ds, $config['auth_ldap_binddn'], $config['auth_ldap_bindpw']);
        } else {
            // Try anonymous bind if configured to do so
            if ($config['auth_ldap_bindanonymous']) {
                print_debug("LDAP[Bind][anonymous]");
                $bind = ldap_bind($ds);
            } else {
                if (($username == '' || $password == '') && isset($_SESSION['user_encpass'])) {
                    // Use session credintials
                    print_debug("LDAP[Bind][session]");
                    $username = $_SESSION['username'];
                    if (!isset($_SESSION['mcrypt_required'])) {
                        $password = decrypt($_SESSION['user_encpass'], session_unique_id() . get_unique_id());
                    } else {
                        // WARNING, requires mcrypt
                        $password = base64_decode($_SESSION['user_encpass'], TRUE);
                    }
                }
                print_debug("LDAP[Bind][" . $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'] . "]");
                $bind = ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password);
            }
        }
    }
    if ($bind) {
        $cache['ldap_bind_result'] = 0;
        return FALSE;
    } else {
        $cache['ldap_bind_result'] = 1;
        print_debug("Error binding to LDAP server: " . implode(',', $config['auth_ldap_server']) . ': ' . ldap_error($ds));
        session_logout();
        return TRUE;
    }
}