public function authenticate($username, $password)
{
$this->username = $username;
if (strlen($password) == 0) {
// LDAP will succeed binding with no password on AD
// (defaults to anon bind)
return false;
}
$rs = ldap_connect($this->ldap_host, $this->ldap_port);
if ($rs) {
ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($rs, LDAP_OPT_REFERRALS, 0);
$ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass;
$ldap_bind_dn = $this->ldap_search_user;
if (ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) {
$filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8');
$result = ldap_search($rs, $this->base_dn, $filter_r);
if ($result) {
$result_user = ldap_get_entries($rs, $result);
if ($result_user['count'] != 0) {
$first_user = $result_user[0];
$ldap_user_dn = $first_user['dn'];
// Bind with the dn of the user that matched our filter
// (only one user should match sAMAccountName or uid etc..)
if (ldap_bind($rs, $ldap_user_dn, $password)) {
if ($this->userExists($username)) {
// Update password if different
$tmpUser = new CUser();
$tmpUser->load($this->userId($username));
$hash_pass = $this->hashPassword($password);
if ($hash_pass != $tmpUser->user_password) {
$tmpUser->user_password = $hash_pass;
$tmpUser->store();
}
return true;
} else {
$this->createsqluser($username, $password, $first_user);
}
return true;
}
}
}
}
}
if ($this->fallback == true) {
$sqlAuth = new w2p_Authenticators_SQL();
return $sqlAuth->authenticate($username, $password);
}
return false;
}
/**
* TODO: Remove for v4.0 - caseydk 22 February 2013
*
* @deprecated
*/
function makePass()
{
trigger_error("makePass() has been deprecated in v3.0 and will be removed in v4.0. Use w2p_Authenticators_SQL->createNewPassword instead.", E_USER_NOTICE);
$auth = new w2p_Authenticators_SQL();
return $auth->createNewPassword();
}
public function authenticate($username, $password)
{
global $w2Pconfig;
$this->username = $username;
if (strlen($password) == 0) {
return false;
// LDAP will succeed binding with no password on AD (defaults to anon bind)
}
if ($rs = ldap_connect($this->ldap_host, $this->ldap_port)) {
ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($rs, LDAP_OPT_REFERRALS, 0);
if ('' == $this->ldap_complete_string) {
/*
* This should be compliant with the old/previous LDAP settings
* that we've used all along.
*/
if (strpos($this->ldap_search_user, 'CN=') === false) {
$ldap_bind_dn = 'CN=' . $this->ldap_search_user . ',OU=Users,' . $this->base_dn;
} else {
$ldap_bind_dn = $this->ldap_search_user . ',' . $this->base_dn;
}
} else {
/*
* In case the LDAP configuration is different than expected,
* we can configure a completely custom one.
*/
$ldap_bind_dn = $this->ldap_complete_string;
}
$ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass;
if ($bindok = ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) {
$filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8');
$result = ldap_search($rs, $this->base_dn, $filter_r);
if ($result) {
$result_user = ldap_get_entries($rs, $result);
if ($result_user['count'] != 0) {
$first_user = $result_user[0];
$ldap_user_dn = $first_user['dn'];
// Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..)
if ($bind_user = ldap_bind($rs, $ldap_user_dn, $password)) {
if ($this->userExists($username)) {
// Update password if different
$tmpUser = new CUser();
$tmpUser->load($this->userId($username));
$hash_pass = MD5($password);
if ($hash_pass != $tmpUser->user_password) {
$tmpUser->user_password = $hash_pass;
$tmpUser->store();
}
return true;
} else {
$this->createsqluser($username, $password, $first_user);
}
return true;
}
}
}
}
}
if ($this->fallback == true) {
return parent::authenticate($username, $password);
}
return false;
}
public function authenticate($username, $password)
{
global $db;
if (!isset($_REQUEST['userdata'])) {
// fallback to SQL Authentication if PostNuke fails.
if ($this->fallback) {
$sqlAuth = new w2p_Authenticators_SQL();
return $sqlAuth->authenticate($username, $password);
} else {
die($this->AppUI->_('You have not configured your PostNuke site
correctly'));
}
}
if (!($compressed_data = base64_decode(urldecode($_REQUEST['userdata'])))) {
die($this->AppUI->_('The credentials supplied were missing or corrupted') . ' (1)');
}
if (!($userdata = gzuncompress($compressed_data))) {
die($this->AppUI->_('The credentials supplied were missing or corrupted') . ' (2)');
}
if (!($_REQUEST['check'] = $this->hashPassword($userdata))) {
die($this->AppUI->_('The credentials supplied were issing or corrupted') . ' (3)');
}
$user_data = unserialize($userdata);
// Now we need to check if the user already exists, if so we just
// update. If not we need to create a new user and add a default
// role.
$username = trim($user_data['login']);
$this->username = $username;
$names = explode(' ', trim($user_data['name']));
$last_name = array_pop($names);
$first_name = implode(' ', $names);
$passwd = trim($user_data['passwd']);
$email = trim($user_data['email']);
$q = $this->query;
$q->addTable('users');
$q->addQuery('user_id, user_password, user_contact');
$q->addWhere('user_username = \'' . $username . '\'');
if (!($rs = $q->exec())) {
die($this->AppUI->_('Failed to get user details') . ' - error was ' . $db->ErrorMsg());
}
if ($rs->RecordCount() < 1) {
$q->clear();
$this->createsqluser($username, $passwd, $email, $first_name, $last_name);
} else {
if (!($row = $rs->FetchRow())) {
die($this->AppUI->_('Failed to retrieve user detail'));
}
// User exists, update the user details.
$this->user_id = $row['user_id'];
$q->clear();
$q->addTable('users');
$q->addUpdate('user_password', $passwd);
$q->addWhere('user_id = ' . $this->user_id);
if (!$q->exec()) {
die($this->AppUI->_('Could not update user credentials'));
}
$q->clear();
$q->addTable('contacts');
$q->addUpdate('contact_first_name', $first_name);
$q->addUpdate('contact_last_name', $last_name);
$q->addUpdate('contact_email', $email);
$q->addWhere('contact_id = ' . $row['user_contact']);
if (!$q->exec()) {
die($this->AppUI->_('Could not update user details'));
}
}
return true;
}
function sendNewPass()
{
global $AppUI;
// ensure no malicous sql gets past
$checkusername = preg_replace("/[^A-Za-z0-9]/", "", w2PgetParam($_POST, 'checkusername', ''));
$confirmEmail = trim(w2PgetParam($_POST, 'checkemail', ''));
$confirmEmail = strtolower(db_escape($confirmEmail));
$q = new w2p_Database_Query();
$q->addTable('users');
$q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner');
$q->addQuery('user_id');
$q->addWhere("user_username = '******'");
/* Begin Hack */
/*
* This is a particularly annoying hack but I don't know of a better
* way to resolve #457. In v2.0, there was a refactoring to allow for
* muliple contact methods which resulted in the contact_email being
* removed from the contacts table. If the user is upgrading from
* v1.x and they try to log in before applying the database, crash.
* Info: http://bugs.web2project.net/view.php?id=457
*/
$qTest = new w2p_Database_Query();
$qTest->addTable('w2pversion');
$qTest->addQuery('max(db_version)');
$dbVersion = $qTest->loadResult();
if ($dbVersion >= 21 && $dbVersion < 26) {
$q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id');
$q->addWhere("cm.method_value = '{$confirmEmail}'");
} else {
$q->addWhere("LOWER(user_email) = '{$confirmEmail}'");
}
/* End Hack */
$user_id = $q->loadResult();
if (!$user_id) {
$AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
$AppUI->redirect();
}
$auth = new w2p_Authenticators_SQL();
$newpass = $auth->createNewPassword();
$hashed = $auth->hashPassword($newpass);
$q->addTable('users');
$q->addUpdate('user_password', $hashed);
$q->addWhere('user_id=' . $user_id);
$cur = $q->exec();
if ($cur) {
$emailManager = new w2p_Output_EmailManager($AppUI);
$body = $emailManager->notifyPasswordReset($checkusername, $newpass);
$m = new w2p_Utilities_Mail();
// create the mail
$m->To($confirmEmail);
$subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername;
$m->Subject($subject);
$m->Body($body, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
// set the body
$m->Send();
// send the mail
$AppUI->setMsg('New User Password created and emailed to you');
$AppUI->redirect();
}
}
