function checkLogin($username, $md5password, $rawpassword)
{
global $db;
# get variables from config file
/* check if user exists in local database */
$database = new database($db['host'], $db['user'], $db['pass'], $db['name']);
$query = 'select * from `users` where `username` = binary "' . $username . '" and `password` = BINARY "' . $md5password . '" and `domainUser` = "0" limit 1;';
/* execute */
try {
$result = $database->getArray($query);
} catch (Exception $e) {
$error = $e->getMessage();
print "<div class='alert alert-error'>" . _('Error') . ": {$error}</div>";
return false;
}
/* close database connection */
$database->close();
/* locally registered */
if (sizeof($result) != 0) {
# get user lang
$lang = getLangById($result[0]['lang']);
/* start session and set variables */
session_start();
$_SESSION['ipamusername'] = $username;
$_SESSION['ipamlanguage'] = $lang['l_code'];
session_write_close();
# print success
print '<div class="alert alert-success">' . _('Login successful') . '!</div>';
# write log file
updateLogTable('User ' . $username . ' logged in.', "", 0);
} else {
/* fetch settings */
$settings = getAllSettings();
/* if local failed and AD/OpenLDAP is selected try to authenticate */
if ($settings['domainAuth'] != "0") {
/* check if user exist in database and has domain user flag */
$authAD = checkADLogin($username, $rawpassword);
if ($authAD == "ok") {
# get user lang
$lang = getLangById($result[0]['lang']);
/* start session and set variables */
session_start();
$_SESSION['ipamusername'] = $username;
$_SESSION['ipamlanguage'] = $lang['l_code'];
session_write_close();
# print success
if ($settings['domainAuth'] == "1") {
print '<div class="alert alert-success">' . _('AD login successful') . '!</div>';
updateLogTable('User ' . $username . ' logged in.', "", 0);
} else {
print '<div class="alert alert-success">' . _('LDAP login successful') . '!</div>';
updateLogTable('User ' . $username . ' logged in.', "", 0);
}
} else {
if ($authAD == 'Failed to connect to AD!') {
# print error
if ($settings['domainAuth'] == "1") {
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to connect to AD server') . '!</div>';
updateLogTable('Failed to connect to AD!', "", 2);
} else {
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to connect to LDAP server') . '!</div>';
updateLogTable('Failed to connect to LDAP!', "", 2);
}
} else {
if ($authAD == 'Failed to authenticate user via AD!') {
# print error
if ($settings['domainAuth'] == "1") {
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to authenticate user against AD') . '!</div>';
updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2);
} else {
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to authenticate user against LDAP') . '!</div>';
updateLogTable('User ' . $username . ' failed to authenticate against LDAP.', "", 2);
}
} else {
# print error
if ($settings['domainAuth'] == "1") {
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Wrong username or password') . '!</div>';
updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2);
} else {
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Wrong username or password') . '!</div>';
updateLogTable('User ' . $username . ' failed to authenticate against LDAP.', "", 2);
}
}
}
}
} else {
# print error
print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to log in') . '!</div>';
# write log file
updateLogTable('User ' . $username . ' failed to log in.', "", 2);
}
}
}
/**
* Login authentication
*
* First we try to authenticate via local database
* if it fails we querry the AD, if set in config file
*/
function checkLogin($username, $md5password, $rawpassword)
{
global $db;
# set failed flag to update authFailed table
$authFailed = true;
$updatepass = false;
$uerror = "";
$lerror = "";
# fetch settings to get auth types
$settings = getAllSettings();
# for login check
$database = new database($db['host'], $db['user'], $db['pass'], $db['name']);
# escape vars to prevent SQL injection
$username = $database->real_escape_string($username);
# try to fetch user
$query = 'select * from `users` where `username` = "' . $username . '" limit 1;';
/* execute */
try {
$result = $database->getArray($query);
} catch (Exception $e) {
$error = $e->getMessage();
print "<div class='alert alert-danger'>" . _('Error') . ": {$error}</div>";
return false;
}
# verify type and password
if (sizeof($result) > 0) {
# reset var
$user = $result[0];
/**
* local auth
*/
if ($user['domainUser'] == "0") {
# try crypt
if (substr($user['password'], 0, 1) == "\$") {
if ($user['password'] == crypt($rawpassword, $user['password'])) {
$authFailed = false;
}
} else {
if ($user['password'] == $md5password) {
$authFailed = false;
$updatepass = true;
} else {
$authFailed = true;
}
//no math, fail
}
# ok
if ($authFailed == false) {
# try to update pass to crypt, only if version already changed
if ($updatepass && $settings['version'] == "1.1") {
update_user_pass_to_crypt($username, $rawpassword);
}
# save results
$uerror = 'Login successful';
$lerror = 'User ' . $user['real_name'] . ' logged in.';
} else {
$uerror = 'Failed to log in';
$lerror = 'User ' . $username . ' failed to log in.';
}
} elseif ($settings['domainAuth'] == "1" && $user['domainUser'] == "1") {
# try to authenticate against AD
$authAD = checkADLogin($username, $rawpassword);
/**
* AD auth suceeded
*/
if ($authAD == "ok") {
# set flag
$authFailed = false;
# save results
$uerror = 'AD Login successful';
$lerror = 'User ' . $user['real_name'] . ' logged in.';
} else {
if ($authAD == 'Failed to connect to AD!') {
$uerror = 'Failed to connect to AD server';
$lerror = 'Failed to connect to AD!';
} else {
if ($authAD == 'Failed to authenticate user via AD!') {
$uerror = 'Failed to authenticate user against AD';
$lerror = 'User failed to authenticate against AD.';
} else {
$uerror = 'Wrong username or password';
$lerror = 'User failed to authenticate against AD.';
}
}
}
} elseif ($settings['domainAuth'] == "2" && $user['domainUser'] == "1") {
# try to authenticate against AD
$authAD = checkADLogin($username, $rawpassword);
/**
* AD auth suceeded
*/
if ($authAD == "ok") {
# set flag
$authFailed = false;
# save results
$uerror = 'LDAP Login successful';
$lerror = 'User ' . $user['real_name'] . ' logged in.';
} else {
if ($authAD == 'Failed to connect to AD!') {
$uerror = 'Failed to connect to LDAP server';
$lerror = 'Failed to connect to LDAP!';
} else {
if ($authAD == 'Failed to authenticate user via AD!') {
$uerror = 'Failed to authenticate user against LDAP';
$lerror = 'User failed to authenticate against LDAP.';
} else {
$uerror = 'Wrong username or password';
$lerror = 'User failed to authenticate against LDAP.';
}
}
}
} else {
$uerror = 'Failed to log in';
$lerror = 'User ' . $username . ' failed to log in.';
}
} else {
$uerror = 'Failed to log in';
$lerror = 'User ' . $username . ' failed to log in.';
}
/**
* print errors
*/
if ($authFailed == true) {
# print success
print '<div class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">×</button>' . _($uerror) . '!</div>';
# write log file
updateLogTable($lerror, "", 2);
# also update blocked IP table
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
# add block count
block_ip($ip);
} else {
# get user lang
$lang = getLangById($user['lang']);
/* start session and set variables */
global $phpsessname;
if (strlen($phpsessname) > 0) {
session_name($phpsessname);
}
session_start();
$_SESSION['ipamusername'] = $username;
$_SESSION['ipamlanguage'] = $lang['l_code'];
$_SESSION['lastactive'] = time();
session_write_close();
# print success
print '<div class="alert alert-success">' . _($uerror) . '!</div>';
# write log file
updateLogTable($lerror, "", 0);
}
}
