Ejemplo n.º 1
0
 /**
  * Used to vaidate a user's credentials. (uname, pass)
  * @param	array	$creds	the uname and password passed in as an array.
  * @return 	bool
  */
 function validateCredentials($creds)
 {
     $pwent = posix_getpwnam(strtolower($creds['uname']));
     if ($pwent == false) {
         API::Error("Invalid Username/Password");
     }
     $cryptpw = crypt($creds['password'], $pwent['passwd']);
     if ($cryptpw == $pwent['passwd']) {
         API::DEBUG("[Auth_NIS::validateCredentials] returning TRUE", 8);
         $_SESSION['authed_user'] = $pwent['uid'];
         $this->authed_user = $pwent['uid'];
         $names = explode(" ", $pwent['gecos'], 2);
         $names['fname'] = $names[0];
         $names['lname'] = $names[1];
         unset($names[1]);
         unset($names[0]);
         $prefs = new Prefs();
         if ($prefs->checkUID($this->authed_user, $this->config->prefs_auto, NULL, $names)) {
             return TRUE;
         } else {
             API::Error("Username Not Valid in system. Error: 3304");
         }
     }
     return FALSE;
 }
Ejemplo n.º 2
0
 /**
  * Check to see if a user has a permission set
  * @param 	integer 	$uid	the user id to check
  * @param	string		$perm	the perm to check for
  */
 function checkPerm($uid, $perm)
 {
     if ($uid <= 0) {
         return FALSE;
     }
     // get the user's prefs info
     $prefs = new Prefs();
     // check to make sure the user has some prefs, if not
     // this will fill in defaults.
     $prefs->checkUID($uid, true);
     $prefs->where_clause(new WhereClause('uid', $uid));
     $user_info = $prefs->getUsingWhere();
     $user_info = $user_info[0];
     // first, check to see if the user is a System Admin
     // System Admin is a special perm with a value of -1
     if ($user_info->perms == -1) {
         // *ding* *ding* *ding* WE HAVE A SYS ADMIN!
         // nothing further here, just return.
         return TRUE;
     }
     // if we are requesting sys_admin perms, but are not
     // a sys admin, then return false.
     if ($perm == 'sys_admin' && $user_info->perms != -1) {
         return FALSE;
     }
     // anything else is a db based perm, let's pull it.
     // get this perm's info
     $this->where_clause(new WhereClause('name', $perm));
     $perm_info = $this->getOneUsingWhere();
     // now let's check this user's perms for the
     // perm requested
     if (is_object($perm_info)) {
         if ($user_info->perms & 1 << $perm_info->id) {
             return TRUE;
         }
     }
     // anything else, return false.
     return FALSE;
 }
Ejemplo n.º 3
0
 /**
  * Used to vaidate a user's credentials. (uname, password)
  * @param	array	$creds	the uname and password passed in as an array.
  * @return 	bool
  */
 function validateCredentials($creds)
 {
     global $conf;
     if (!$this->_connectLDAP()) {
         return false;
     } else {
         # see if you can find the user
         $search_res = $this->_searchUser($creds['uname']);
         if ($search_res != NULL) {
             if (!is_array($search_res)) {
                 error_log("LDAP - Something went wrong with the LDAP search.");
                 return false;
             }
             # get the user attributs
             $userdn = $search_res[0];
             $user_attrs = $search_res[1];
             # Bind with old password
             error_log("UserDN: " . $userdn);
             $bind = ldap_bind($this->ldap, $userdn, $creds['password']);
             $errno = ldap_errno($this->ldap);
             if ($errno == 49 && $ad_mode) {
                 if (ldap_get_option($this->ldap, 0x32, $extended_error)) {
                     error_log("LDAP - Bind user extended_error {$extended_error}  (" . ldap_error($this->ldap) . ")");
                     $extended_error = explode(', ', $extended_error);
                     if (strpos($extended_error[2], '773')) {
                         error_log("LDAP - Bind user password needs to be changed");
                         $errno = 0;
                         return false;
                     }
                     if (strpos($extended_error[2], '532') and $ad_options['change_expired_password']) {
                         error_log("LDAP - Bind user password is expired");
                         $errno = 0;
                         return false;
                     }
                     unset($extended_error);
                 }
             }
             if ($errno) {
                 error_log("LDAP - Bind user error {$errno}  (" . ldap_error($this->ldap) . ")");
                 return false;
             } else {
                 // got a good bind, user is valid.  Let's populate some stuff
                 $this->authed_user = $user_attrs[$conf->auth_ldap->uid_attr];
                 $names = array();
                 $names['fname'] = $user_attrs[$conf->auth_ldap->fname_attr];
                 $names['lname'] = $user_attrs[$conf->auth_ldap->lname_attr];
                 $prefs = new Prefs();
                 if ($prefs->checkUID($this->authed_user, $conf->prefs_auto, NULL, $names)) {
                     $_SESSION['authed_user'] = $this->authed_user;
                     API::Debug("auth_ldap: checkUID passed");
                     return true;
                 } else {
                     API::Error("Username Not Valid in system. Error: 3304");
                 }
             }
         }
     }
     return FALSE;
 }