function login($return = '')
{
if ($this->authorized()) {
redirect($return);
}
$check = FALSE;
// If no valid mechanisms found, bail
if (!$this->auth_mechanisms) {
redirect('auth/generate');
}
$login = isset($_POST['login']) ? $_POST['login'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
// Loop through authentication mechanisms
// Break when we have a match
foreach ($this->auth_mechanisms as $mechanism => $auth_data) {
// Local is just a username => hash array
switch ($mechanism) {
case 'noauth':
// No authentication
$check = TRUE;
$login = '******';
break 2;
case 'config':
// Config authentication
if ($_POST && isset($auth_data[$login])) {
$t_hasher = $this->load_phpass();
$check = $t_hasher->CheckPassword($password, $auth_data[$login]);
break 2;
}
break;
case 'ldap':
// LDAP authentication
if ($login && $password) {
include_once APP_PATH . '/lib/authLDAP/authLDAP.php';
$ldap_auth_obj = new Auth_ldap($auth_data);
if ($ldap_auth_obj->authenticate($login, $password)) {
//alert('Authenticated');
// Check user against users list
if (isset($auth_data['mr_allowed_users'])) {
//
$admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']);
if (in_array(strtolower($login), array_map('strtolower', $admin_users))) {
$check = TRUE;
break 2;
}
}
// Check user against group list
if (isset($auth_data['mr_allowed_groups'])) {
// Set mr_allowed_groups to array
$admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']);
// Get groups from AD
if ($user_data = $ldap_auth_obj->getUserData($login)) {
foreach ($user_data['grps'] as $group) {
if (in_array($group, $admin_groups)) {
$check = TRUE;
break 3;
}
}
}
}
//end group list check
// Not in users list or group list
error(lang('not_authorized'));
break;
}
}
case 'AD':
// Active Directory authentication
// Prevent empty values
if ($_POST && $login && $password) {
//include the class and create a connection
//TODO wrap this include somewhere else?
include_once APP_PATH . '/lib/adLDAP/adLDAP.php';
try {
$adldap = new adLDAP($auth_data);
} catch (adLDAPException $e) {
// When in debug mode, show additional info
$msg = conf('debug') ? ":<br>" . $e->getMessage() : '';
error(lang('error_contacting_AD') . $msg);
break 2;
}
// Authenticate user
if ($adldap->authenticate($login, $password)) {
// Check user against userlist
if (isset($auth_data['mr_allowed_users'])) {
//
$admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']);
if (in_array(strtolower($login), array_map('strtolower', $admin_users))) {
$check = TRUE;
break 2;
}
}
// Check user against group list
if (isset($auth_data['mr_allowed_groups'])) {
// Set mr_allowed_groups to array
$admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']);
// Get groups from AD
$groups = $adldap->user()->groups($login);
foreach ($groups as $group) {
if (in_array($group, $admin_groups)) {
$check = TRUE;
break 3;
}
}
}
//end group list check
// Not in users list or group list
error(lang('not_authorized'));
break;
}
break;
}
break;
default:
die('Unknown authentication mechanism: ' . $mechanism);
break;
}
}
// If authentication succeeded, create session
if ($check) {
$_SESSION['user'] = $login;
$_SESSION['auth'] = $mechanism;
session_regenerate_id();
redirect($return);
}
// If POST and no other alerts, auth has failed
if ($_POST && !$GLOBALS['alerts']) {
if (!$login or !$password) {
error(lang('empty_not_allowed'));
} else {
error(lang('wrong_user_or_pass'));
}
}
$data = array('login' => $login, 'url' => url("auth/login/{$return}"));
$obj = new View();
$obj->view('auth/login', $data);
}
function login($return = '')
{
if (func_get_args()) {
$return_parts = func_get_args();
$return = implode('/', $return_parts);
}
if ($this->authorized()) {
redirect($return);
}
$check = FALSE;
// If no valid mechanisms found, bail
if (!$this->auth_mechanisms) {
redirect('auth/generate');
}
$login = isset($_POST['login']) ? $_POST['login'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
// User is a member of these groups
$groups = array();
// Loop through authentication mechanisms
// Break when we have a match
foreach ($this->auth_mechanisms as $mechanism => $auth_data) {
// Local is just a username => hash array
switch ($mechanism) {
case 'noauth':
// No authentication
$check = TRUE;
$login = '******';
break 2;
case 'config':
// Config authentication
if ($login && $password) {
if (isset($auth_data[$login])) {
$t_hasher = $this->load_phpass();
$check = $t_hasher->CheckPassword($password, $auth_data[$login]);
if ($check) {
// Get group memberships
foreach (conf('groups', array()) as $groupname => $members) {
if (in_array($login, $members)) {
$groups[] = $groupname;
}
}
}
break 2;
}
}
break;
case 'ldap':
// LDAP authentication
if ($login && $password) {
include_once APP_PATH . '/lib/authLDAP/authLDAP.php';
$ldap_auth_obj = new Auth_ldap($auth_data);
if ($ldap_auth_obj->authenticate($login, $password)) {
//alert('Authenticated');
// Check user against users list
if (isset($auth_data['mr_allowed_users'])) {
$admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']);
if (in_array(strtolower($login), array_map('strtolower', $admin_users))) {
$check = TRUE;
// If business units enabled, get group memberships
if (conf('enable_business_units')) {
if ($user_data = $ldap_auth_obj->getUserData($login)) {
$groups = $user_data['grps'];
}
}
break 2;
}
}
// Check user against group list
if (isset($auth_data['mr_allowed_groups'])) {
// Set mr_allowed_groups to array
$admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']);
// Get groups from AD
if ($user_data = $ldap_auth_obj->getUserData($login)) {
foreach ($user_data['grps'] as $group) {
if (in_array($group, $admin_groups)) {
$check = TRUE;
// If business units enabled, store group memberships
if (conf('enable_business_units')) {
$groups = $user_data['grps'];
}
break 3;
}
}
}
}
//end group list check
// Not in users list or group list
error('Not authorized', 'auth.not_authorized');
break;
}
}
case 'AD':
// Active Directory authentication
// Prevent empty values
if ($_POST && $login && $password) {
//include the class and create a connection
//TODO: wrap this include somewhere else?
include_once APP_PATH . '/lib/adLDAP/adLDAP.php';
try {
$adldap = new adLDAP($auth_data);
} catch (adLDAPException $e) {
error('An error ocurred while contacting AD', 'error_contacting_AD');
// When in debug mode, show additional info
if (conf('debug')) {
error($e->getMessage());
}
break 2;
}
// If nothing has failed to this point, authenticate user
if ($adldap->authenticate($login, $password)) {
// Check user against userlist
if (isset($auth_data['mr_allowed_users'])) {
$admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']);
if (in_array(strtolower($login), array_map('strtolower', $admin_users))) {
$check = TRUE;
// If business units enabled, get group memberships
if (conf('enable_business_units')) {
$groups = $adldap->user()->groups($login);
}
break 2;
}
}
// Check user against group list
if (isset($auth_data['mr_allowed_groups'])) {
// Set mr_allowed_groups to array
$admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']);
// Get groups from AD
$groups = $adldap->user()->groups($login);
foreach ($groups as $group) {
if (in_array($group, $admin_groups)) {
$check = TRUE;
break 3;
}
}
}
//end group list check
// Not in users list or group list
error('Not authorized', 'auth.not_authorized');
break;
}
break;
}
break;
//end of AD method
//end of AD method
default:
die('Unknown authentication mechanism: ' . $mechanism);
break;
}
//end switch
}
//end foreach loop
// If authentication succeeded, create session
if ($check) {
$_SESSION['user'] = $login;
$_SESSION['groups'] = $groups;
$_SESSION['auth'] = $mechanism;
$this->set_session_props();
session_regenerate_id();
redirect($return);
}
// If POST and no other alerts, auth has failed
if ($_POST && !$GLOBALS['alerts']) {
if (!$login or !$password) {
error('Empty values are not allowed', 'auth.empty_not_allowed');
} else {
error('Wrong username or password', 'auth.wrong_user_or_pass');
}
}
$data = array('login' => $login, 'url' => url("auth/login/{$return}"));
$obj = new View();
$obj->view('auth/login', $data);
}
