/**
* Used to vaidate a user's credentials. (uname, pass)
* @param array $creds the uname and password passed in as an array.
* @return bool
*/
function validateCredentials($creds)
{
$pwent = posix_getpwnam(strtolower($creds['uname']));
if ($pwent == false) {
API::Error("Invalid Username/Password");
}
$cryptpw = crypt($creds['password'], $pwent['passwd']);
if ($cryptpw == $pwent['passwd']) {
API::DEBUG("[Auth_NIS::validateCredentials] returning TRUE", 8);
$_SESSION['authed_user'] = $pwent['uid'];
$this->authed_user = $pwent['uid'];
$names = explode(" ", $pwent['gecos'], 2);
$names['fname'] = $names[0];
$names['lname'] = $names[1];
unset($names[1]);
unset($names[0]);
$prefs = new Prefs();
if ($prefs->checkUID($this->authed_user, $this->config->prefs_auto, NULL, $names)) {
return TRUE;
} else {
API::Error("Username Not Valid in system. Error: 3304");
}
}
return FALSE;
}
/**
* Check to see if a user has a permission set
* @param integer $uid the user id to check
* @param string $perm the perm to check for
*/
function checkPerm($uid, $perm)
{
if ($uid <= 0) {
return FALSE;
}
// get the user's prefs info
$prefs = new Prefs();
// check to make sure the user has some prefs, if not
// this will fill in defaults.
$prefs->checkUID($uid, true);
$prefs->where_clause(new WhereClause('uid', $uid));
$user_info = $prefs->getUsingWhere();
$user_info = $user_info[0];
// first, check to see if the user is a System Admin
// System Admin is a special perm with a value of -1
if ($user_info->perms == -1) {
// *ding* *ding* *ding* WE HAVE A SYS ADMIN!
// nothing further here, just return.
return TRUE;
}
// if we are requesting sys_admin perms, but are not
// a sys admin, then return false.
if ($perm == 'sys_admin' && $user_info->perms != -1) {
return FALSE;
}
// anything else is a db based perm, let's pull it.
// get this perm's info
$this->where_clause(new WhereClause('name', $perm));
$perm_info = $this->getOneUsingWhere();
// now let's check this user's perms for the
// perm requested
if (is_object($perm_info)) {
if ($user_info->perms & 1 << $perm_info->id) {
return TRUE;
}
}
// anything else, return false.
return FALSE;
}
/**
* Used to vaidate a user's credentials. (uname, password)
* @param array $creds the uname and password passed in as an array.
* @return bool
*/
function validateCredentials($creds)
{
global $conf;
if (!$this->_connectLDAP()) {
return false;
} else {
# see if you can find the user
$search_res = $this->_searchUser($creds['uname']);
if ($search_res != NULL) {
if (!is_array($search_res)) {
error_log("LDAP - Something went wrong with the LDAP search.");
return false;
}
# get the user attributs
$userdn = $search_res[0];
$user_attrs = $search_res[1];
# Bind with old password
error_log("UserDN: " . $userdn);
$bind = ldap_bind($this->ldap, $userdn, $creds['password']);
$errno = ldap_errno($this->ldap);
if ($errno == 49 && $ad_mode) {
if (ldap_get_option($this->ldap, 0x32, $extended_error)) {
error_log("LDAP - Bind user extended_error {$extended_error} (" . ldap_error($this->ldap) . ")");
$extended_error = explode(', ', $extended_error);
if (strpos($extended_error[2], '773')) {
error_log("LDAP - Bind user password needs to be changed");
$errno = 0;
return false;
}
if (strpos($extended_error[2], '532') and $ad_options['change_expired_password']) {
error_log("LDAP - Bind user password is expired");
$errno = 0;
return false;
}
unset($extended_error);
}
}
if ($errno) {
error_log("LDAP - Bind user error {$errno} (" . ldap_error($this->ldap) . ")");
return false;
} else {
// got a good bind, user is valid. Let's populate some stuff
$this->authed_user = $user_attrs[$conf->auth_ldap->uid_attr];
$names = array();
$names['fname'] = $user_attrs[$conf->auth_ldap->fname_attr];
$names['lname'] = $user_attrs[$conf->auth_ldap->lname_attr];
$prefs = new Prefs();
if ($prefs->checkUID($this->authed_user, $conf->prefs_auto, NULL, $names)) {
$_SESSION['authed_user'] = $this->authed_user;
API::Debug("auth_ldap: checkUID passed");
return true;
} else {
API::Error("Username Not Valid in system. Error: 3304");
}
}
}
}
return FALSE;
}
