function AuthenticateUsingLdap($username, $password, &$ldap_connection) { $upn = isEmailAddress($username) ? $username : $username . "@" . $ldap_connection['fqdn']; // Authenticate error_reporting(E_ERROR | E_PARSE); $connect = ConnectToLdapServer($ldap_connection['server'], $upn, $password); return $connect; }
/** * Checks the registration form, returns a new one if there are any mistakes, and saves the new user if everything is correct * @access private * @param string Showname The name for the new user * @param string Name The nickname for the new user * @param string Email The Emailaddress for the new user * @param string Password The Password for the new user * @param string Password_repetition The Passwordrepetition to exclude typing errors * @return string PageData */ function _checkRegistration($Showname, $Name, $Email, $Password, $Password_repetition) { $out = ''; $fehlerfrei = true; //Set all errors to '' to prevent errors with clear variables $ShownameError = ''; $NameError = ''; $EmailError = ''; $PasswordError = ''; // Check the registrationfields for common errors and write them to the error variables if ($Showname == '') { $ShownameError = $this->_AdminLang['the_name_must_be_indicated']; $fehlerfrei = false; } else { // If showname is not empty check wether it is used already $sql = "SELECT *\n\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\tWHERE user_showname='{$Showname}'\n\t\t\t\t\tLIMIT 0 , 1"; $result = $this->_SqlConnection->SqlQuery($sql); if (mysql_num_rows($result) == 1) { $ShownameError = $this->_AdminLang['the_name_is_already_assigned']; $fehlerfrei = false; } } if ($Name == '') { $NameError = $this->_AdminLang['the_nickname_must_be_indicated']; $fehlerfrei = false; } else { // If nickname is not empty check wether it is used already $sql = "SELECT *\n\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\tWHERE user_name='{$Name}'\n\t\t\t\t\tLIMIT 0 , 1"; $result = $this->_SqlConnection->SqlQuery($sql); if (mysql_num_rows($result) == 1) { $NameError = $this->_AdminLang['the_nickname_is_already_assigned']; $fehlerfrei = false; } } if ($Email == '') { $EmailError = $this->_AdminLang['the_email_address_must_be_indicated']; $fehlerfrei = false; } else { // If Emailaddress is not empty check wether it is a real emailaddress and if check wether it is used already if (isEmailAddress($Email)) { $sql = "SELECT *\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\t\tWHERE user_email='{$Email}'\n\t\t\t\t\t\tLIMIT 0 , 1"; $result = $this->_SqlConnection->SqlQuery($sql); if (mysql_num_rows($result) >= 1) { $EmailError = $this->_AdminLang['the_email_is_already_assigned_to_another_user']; $fehlerfrei = false; } } else { // If its not a real emailaddress throw exception $EmailError = $this->_AdminLang['this_is_a_invalid_email_address']; $fehlerfrei = false; } } if ($Password == '' || $Password_repetition == '') { $PasswordError = $this->_AdminLang['none_of_the_passwordfields_must_not_be_empty']; $fehlerfrei = false; } elseif ($Password != $Password_repetition) { $PasswordError = $this->_AdminLang['the_password_and_its_repetition_are_unequal']; $fehlerfrei = false; } if (!$fehlerfrei) { // Show registrationform again and display all existing errors $out .= $this->_registerVar($Showname, $Name, $Email, $ShownameError, $NameError, $EmailError, $PasswordError); } else { $registrationTime = time(); $activated = false; $activationCode = ''; // If a validation of the emailaddress is required make a registration code and send email to the user if ($this->_Config->Get('validate_email', '1')) { $activationCode = md5($Showname . $registrationTime . $Email); // Send mail with registrationcode and logindata to the user $title = $this->_AdminLang['activation_of_your_new_accout_at'] . $this->_Config->Get('pagename', 'ComaCMS'); $message = sprintf($this->_AdminLang['welcome_%1\\$s:Pagename_%2\\$s:Benutzername_%3\\$s:Password_%4\\$s:Email_%5\\$s:ActivationCode'], $this->_Config->Get('pagename', 'ComaCMS'), $Name, $Password, $Email, $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'], $activationCode); $header = 'From: ' . $this->_Config->Get('administrator_emailaddress', 'administrator@comacms') . "\n"; mail($Email, $title, $message, $header); } else { if ($this->_Config->Get('activate_throw_admin', '0')) { // Send mail with logindata to the user, activation throw administrator $title = $this->_AdminLang['activation_of_your_new_accout_at'] . $this->_Config->Get('pagename', 'ComaCMS'); $message = sprintf($this->_AdminLang['welcome_%1\\$s:Pagename_%2\\$s:Benutzername_%3\\$s:Password_%4\\$s:Email_activation_throw_admin'], $this->_Config->Get('pagename', 'ComaCMS'), $Name, $Password, $Email); $header = 'From: ' . $this->_Config->Get('administrator_emailaddress', 'administrator@comacms') . "\n"; mail($Email, $title, $message, $header); } else { // Activate the useraccount $activated = true; // Send mail with logindata to the user $title = $this->_AdminLang['activation_of_your_new_accout_at'] . $this->_Config->Get('pagename', 'ComaCMS'); $message = sprintf($this->_AdminLang['welcome_%1\\$s:Pagename_%2\\$s:Benutzername_%3\\$s:Password_%4\\$s:Email'], $this->_Config->Get('pagename', 'ComaCMS'), $Name, $Password, $Email); $header = 'From: ' . $this->_Config->Get('administrator_emailaddress', 'administrator@comacms') . "\n"; mail($Email, $title, $message, $header); } } // Insert User into database $sql = "INSERT INTO " . DB_PREFIX . "users\n\t\t\t\t\t(user_name, user_showname, user_password, user_registerdate, user_email, user_activated" . ($activationCode != '' ? ", user_activationcode" : '') . ")\n\t\t\t\t\tVALUES ('{$Name}', '{$Showname}', '" . md5($Password) . "', '{$registrationTime}', '{$Email}', " . ($activated ? '1' : '0') . ($activationCode != '' ? ", '{$activationCode}'" : '') . ")"; $this->_SqlConnection->SqlQuery($sql); $out .= $this->_AdminLang['you_have_been_successfully_registred_please_check_your_emails_for_your_logininformation']; } return $out; }
// Show error if no LDAP connections defined if (count($ldap_connections) == 0) { include "include_ldap_config_err.php"; exit; } // If we have logon details POST'ed - perform LDAP authentication if (isset($_POST['username'])) { // Connect (authenticate) to LDAP $connect = AuthenticateUsingLdap($_POST['username'], $_POST['password'], $ldap_connections[$_POST['ldap_connection']]); // Check for connection error if (is_array($connect)) { DestroySession(); RedirectToUrl($_SERVER['SCRIPT_NAME'] . '?Result=Failed'); } // Set Session value - remove domain suffix if UPN was used if (isEmailAddress($_POST['username'])) { $username = explode("@", $_POST['username']); $_SESSION["username"] = $username[0]; } else { $_SESSION["username"] = $_POST['username']; } // Get user's role $_SESSION["role"] = GetUserRole($connect, $ldap_connections[$_POST['ldap_connection']]); ldap_unbind($connect); // Redirect to appropriate url based on role if ($_SESSION["role"] != "none") { LogEvent("ldap_login.php", "Main", "User " . $_SESSION["username"] . " succesfully logged on as " . $_SESSION["role"]); RedirectToUrl("./index.php"); } else { DestroySession(); RedirectToUrl($_SERVER['SCRIPT_NAME']);
function AuditLdapPaths() { global $db; $aes_key = GetAesKey(); $ldap_details = array(); // Get paths info from db $sql = "SELECT ldap_connections_server,AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') AS ldap_user, AES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password, ldap_connections_fqdn, ldap_paths_id, ldap_paths_dn "; $sql .= "FROM ldap_connections INNER JOIN ldap_paths on ldap_paths.ldap_paths_connection_id=ldap_connections.ldap_connections_id "; $sql .= "WHERE ldap_paths.ldap_paths_audit=1"; $result = mysql_query($sql, $db); if ($myrow = mysql_fetch_array($result)) { DebugEcho($myrow); // Loop thru all defined paths and audit do { $ldap_path_details["ldap_path_id"] = $myrow["ldap_paths_id"]; $ldap_path_details["ldap_server"] = $myrow["ldap_connections_server"]; // if ldap_user is not stored in UPN format, append DNS suffix to user name to make UPN if (isEmailAddress($myrow["ldap_user"])) { $ldap_path_details["ldap_user"] = $myrow["ldap_user"]; } else { $ldap_path_details["ldap_user"] = $myrow["ldap_user"] . "@" . $myrow["ldap_connections_fqdn"]; } $ldap_path_details["ldap_password"] = $myrow["ldap_password"]; $ldap_path_details["ldap_base_dn"] = $myrow["ldap_paths_dn"]; // Got details - now audit this path AuditSingleLdapPath($ldap_path_details); } while ($myrow = mysql_fetch_array($result)); } }
if ($bgcolor == "#F1F1F1") { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#F1F1F1"; } // echo "<tr bgcolor=\"" . $bgcolor . "\"><td><b>Telephone:</td><td>" . $entries[$computer_record_number]["telephonenumber"][0] . "</a></b></td></tr>"; if ($bgcolor == "#F1F1F1") { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#F1F1F1"; } echo "<tr bgcolor=\"" . $bgcolor . "\"><td>" . __("Full Account Details") . "</td><td></td></tr>"; for ($computer_record_field_number = 0; $computer_record_field_number < $entries[$computer_record_number]["count"]; $computer_record_field_number++) { $data = $entries[$computer_record_number][$computer_record_field_number]; for ($computer_record_field_number_data = 0; $computer_record_field_number_data < $entries[$computer_record_number][$data]["count"]; $computer_record_field_number_data++) { if (isEmailAddress($entries[$computer_record_number][$data][$computer_record_field_number_data])) { // If its a valid email address, highlight it, and add a URL mailto: if ($bgcolor == "#F1F1F1") { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#F1F1F1"; } echo "<tr bgcolor=\"" . $bgcolor . "\"><td><b>" . __($data) . ":</b></td><td><a href='mailto:" . $entries[$computer_record_number][$data][$computer_record_field_number_data] . "'>" . $entries[$computer_record_number][$data][$computer_record_field_number_data] . "</a></td></tr>"; } else { // Else just show it. if ($bgcolor == "#F1F1F1") { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#F1F1F1"; } echo "<tr bgcolor=\"" . $bgcolor . "\"><td>" . __($data) . ":</td><td>" . $entries[$computer_record_number][$data][$computer_record_field_number_data] . "</td></tr>";
[Nick Brown] 17/04/2009 Minor change to GetImage(). Added support for $image_link_ldap_attribute and $human_readable_ldap_fields config options. Now using DisplayError() from "include_functions.php". [Nick Brown] 24/04/2009 Added utf8_encode() to LDAP search filter strings **********************************************************************************************************/ require_once "include.php"; $ldap_info = GetLdapConnection(); // Didn't get LDAP connection - alert user & done if ($ldap_info === False) { DisplayError(__("Cannot retrieve LDAP details as you have no LDAP connection defined for this domain.")); } // Connect (authenticate) to LDAP $upn = isEmailAddress($ldap_info['user']) ? $ldap_info['user'] : $ldap_info['user'] . "@" . $ldap_info['fqdn']; $ldap = ConnectToLdapServer($ldap_info['server'], $upn, $ldap_info['password']); // Get LDAP info if ($_GET["record_type"] == "computer") { $sam_account_name = $ldap_info['system_name'] . "\$"; $attributes = $_GET["full_details"] == "y" ? array() : $computer_ldap_attributes; } else { // Get user account name - user name *may* be in DOMAIN\ACCOUNT format or may not :-) $sam_account_name = stripos($ldap_info["net_user_name"], "\\") !== FALSE ? array_pop(explode("\\", $ldap_info["net_user_name"])) : $ldap_info["net_user_name"]; $attributes = $_GET["full_details"] == "y" ? array() : $user_ldap_attributes; } $filter = "(&(objectClass=" . $_GET["record_type"] . ")(sAMAccountName=" . $sam_account_name . "))"; $sr = ldap_search($ldap, $ldap_info['nc'], utf8_encode($filter), $attributes); $info = ldap_get_entries($ldap, $sr); // Couldn't retrieve user or computer object from LDAP - alert user & done if ($info == NULL) {
function SaveLdapConnectionXml($db) { header("Content-type: text/xml"); // Validate supplied details $html = TestLdapConnectionHtml(); $testresult = strpos($html, "LDAP bind successful") === false ? "false" : "true"; if ($testresult != "true") { return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>"; } // Connect anonymously to get default domain NC & config NC $l = ConnectToLdapServer($_GET["ldap_connection_server"]); $domain_nc = GetDefaultNC($l); $config_nc = GetConfigNC($l); $fqdn = implode(".", explode(",DC=", substr($domain_nc, 3))); ldap_unbind($l); // Authenticate and get domain GUID and NetBIOS name $ldap_user = isEmailAddress($_GET["ldap_connection_user"]) ? $_GET["ldap_connection_user"] : $_GET["ldap_connection_user"] . "@" . $fqdn; $l = ConnectToLdapServer($_GET["ldap_connection_server"], $ldap_user, $_GET["ldap_connection_password"]); $ldap_connection_name = GetDomainNetbios($l, "CN=Partitions," . $config_nc, $domain_nc); ldap_unbind($l); $aes_key = GetAesKey(); if (isset($_GET["ldap_connection_id"]) and strlen($_GET["ldap_connection_id"]) > 0) { // UPDATE query - connection already exists so modify LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "Edit Connection: " . $ldap_connection_name); $sql = "UPDATE `ldap_connections` SET `ldap_connections_nc`='" . $domain_nc . "',`ldap_connections_fqdn`='" . $fqdn . "',"; $sql .= "`ldap_connections_server`='" . $_GET["ldap_connection_server"] . "',`ldap_connections_user`=AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),"; $sql .= "`ldap_connections_password`=AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),`ldap_connections_name`='" . $ldap_connection_name . "' "; $sql .= "WHERE ldap_connections_id='" . $_GET["ldap_connection_id"] . "'"; } else { // INSERT query - new connection LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "New Connection: " . $ldap_connection_name); $sql = "INSERT INTO `ldap_connections` (`ldap_connections_nc`,`ldap_connections_fqdn`,`ldap_connections_server`,`ldap_connections_user`,`ldap_connections_password`,`ldap_connections_name`,`ldap_connections_schema`) "; $sql .= "VALUES ('" . $domain_nc . "','" . $fqdn . "','" . $_GET["ldap_connection_server"] . "',"; $sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),"; $sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),'" . $ldap_connection_name . "','AD')"; } mysql_query($sql, $db); //return "<SaveLdapConnection><html>".$html."</html><sql_query>".$sql."</sql_query><result>".$testresult."</result></SaveLdapConnection>"; return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>"; }