function AuthenticateUsingLdap($username, $password, &$ldap_connection)
{
    $upn = isEmailAddress($username) ? $username : $username . "@" . $ldap_connection['fqdn'];
    // Authenticate
    error_reporting(E_ERROR | E_PARSE);
    $connect = ConnectToLdapServer($ldap_connection['server'], $upn, $password);
    return $connect;
}
 /**
  * Checks the registration form, returns a new one if there are any mistakes, and saves the new user if everything is correct
  * @access private
  * @param string Showname The name for the new user
  * @param string Name The nickname for the new user
  * @param string Email The Emailaddress for the new user
  * @param string Password The Password for the new user
  * @param string Password_repetition The Passwordrepetition to exclude typing errors
  * @return string PageData
  */
 function _checkRegistration($Showname, $Name, $Email, $Password, $Password_repetition)
 {
     $out = '';
     $fehlerfrei = true;
     //Set all errors to '' to prevent errors with clear variables
     $ShownameError = '';
     $NameError = '';
     $EmailError = '';
     $PasswordError = '';
     // Check the registrationfields for common errors and write them to the error variables
     if ($Showname == '') {
         $ShownameError = $this->_AdminLang['the_name_must_be_indicated'];
         $fehlerfrei = false;
     } else {
         // If showname is not empty check wether it is used already
         $sql = "SELECT *\n\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\tWHERE user_showname='{$Showname}'\n\t\t\t\t\tLIMIT 0 , 1";
         $result = $this->_SqlConnection->SqlQuery($sql);
         if (mysql_num_rows($result) == 1) {
             $ShownameError = $this->_AdminLang['the_name_is_already_assigned'];
             $fehlerfrei = false;
         }
     }
     if ($Name == '') {
         $NameError = $this->_AdminLang['the_nickname_must_be_indicated'];
         $fehlerfrei = false;
     } else {
         // If nickname is not empty check wether it is used already
         $sql = "SELECT *\n\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\tWHERE user_name='{$Name}'\n\t\t\t\t\tLIMIT 0 , 1";
         $result = $this->_SqlConnection->SqlQuery($sql);
         if (mysql_num_rows($result) == 1) {
             $NameError = $this->_AdminLang['the_nickname_is_already_assigned'];
             $fehlerfrei = false;
         }
     }
     if ($Email == '') {
         $EmailError = $this->_AdminLang['the_email_address_must_be_indicated'];
         $fehlerfrei = false;
     } else {
         // If Emailaddress is not empty check wether it is a real emailaddress and if check wether it is used already
         if (isEmailAddress($Email)) {
             $sql = "SELECT *\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\t\tWHERE user_email='{$Email}'\n\t\t\t\t\t\tLIMIT 0 , 1";
             $result = $this->_SqlConnection->SqlQuery($sql);
             if (mysql_num_rows($result) >= 1) {
                 $EmailError = $this->_AdminLang['the_email_is_already_assigned_to_another_user'];
                 $fehlerfrei = false;
             }
         } else {
             // If its not a real emailaddress throw exception
             $EmailError = $this->_AdminLang['this_is_a_invalid_email_address'];
             $fehlerfrei = false;
         }
     }
     if ($Password == '' || $Password_repetition == '') {
         $PasswordError = $this->_AdminLang['none_of_the_passwordfields_must_not_be_empty'];
         $fehlerfrei = false;
     } elseif ($Password != $Password_repetition) {
         $PasswordError = $this->_AdminLang['the_password_and_its_repetition_are_unequal'];
         $fehlerfrei = false;
     }
     if (!$fehlerfrei) {
         // Show registrationform again and display all existing errors
         $out .= $this->_registerVar($Showname, $Name, $Email, $ShownameError, $NameError, $EmailError, $PasswordError);
     } else {
         $registrationTime = time();
         $activated = false;
         $activationCode = '';
         // If a validation of the emailaddress is required make a registration code and send email to the user
         if ($this->_Config->Get('validate_email', '1')) {
             $activationCode = md5($Showname . $registrationTime . $Email);
             // Send mail with registrationcode and logindata to the user
             $title = $this->_AdminLang['activation_of_your_new_accout_at'] . $this->_Config->Get('pagename', 'ComaCMS');
             $message = sprintf($this->_AdminLang['welcome_%1\\$s:Pagename_%2\\$s:Benutzername_%3\\$s:Password_%4\\$s:Email_%5\\$s:ActivationCode'], $this->_Config->Get('pagename', 'ComaCMS'), $Name, $Password, $Email, $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'], $activationCode);
             $header = 'From: ' . $this->_Config->Get('administrator_emailaddress', 'administrator@comacms') . "\n";
             mail($Email, $title, $message, $header);
         } else {
             if ($this->_Config->Get('activate_throw_admin', '0')) {
                 // Send mail with logindata to the user, activation throw administrator
                 $title = $this->_AdminLang['activation_of_your_new_accout_at'] . $this->_Config->Get('pagename', 'ComaCMS');
                 $message = sprintf($this->_AdminLang['welcome_%1\\$s:Pagename_%2\\$s:Benutzername_%3\\$s:Password_%4\\$s:Email_activation_throw_admin'], $this->_Config->Get('pagename', 'ComaCMS'), $Name, $Password, $Email);
                 $header = 'From: ' . $this->_Config->Get('administrator_emailaddress', 'administrator@comacms') . "\n";
                 mail($Email, $title, $message, $header);
             } else {
                 // Activate the useraccount
                 $activated = true;
                 // Send mail with logindata to the user
                 $title = $this->_AdminLang['activation_of_your_new_accout_at'] . $this->_Config->Get('pagename', 'ComaCMS');
                 $message = sprintf($this->_AdminLang['welcome_%1\\$s:Pagename_%2\\$s:Benutzername_%3\\$s:Password_%4\\$s:Email'], $this->_Config->Get('pagename', 'ComaCMS'), $Name, $Password, $Email);
                 $header = 'From: ' . $this->_Config->Get('administrator_emailaddress', 'administrator@comacms') . "\n";
                 mail($Email, $title, $message, $header);
             }
         }
         // Insert User into database
         $sql = "INSERT INTO " . DB_PREFIX . "users\n\t\t\t\t\t(user_name, user_showname, user_password, user_registerdate, user_email, user_activated" . ($activationCode != '' ? ", user_activationcode" : '') . ")\n\t\t\t\t\tVALUES ('{$Name}', '{$Showname}', '" . md5($Password) . "', '{$registrationTime}', '{$Email}', " . ($activated ? '1' : '0') . ($activationCode != '' ? ", '{$activationCode}'" : '') . ")";
         $this->_SqlConnection->SqlQuery($sql);
         $out .= $this->_AdminLang['you_have_been_successfully_registred_please_check_your_emails_for_your_logininformation'];
     }
     return $out;
 }
Example #3
0
// Show error if no LDAP connections defined
if (count($ldap_connections) == 0) {
    include "include_ldap_config_err.php";
    exit;
}
// If we have logon details POST'ed - perform LDAP authentication
if (isset($_POST['username'])) {
    // Connect (authenticate) to LDAP
    $connect = AuthenticateUsingLdap($_POST['username'], $_POST['password'], $ldap_connections[$_POST['ldap_connection']]);
    // Check for connection error
    if (is_array($connect)) {
        DestroySession();
        RedirectToUrl($_SERVER['SCRIPT_NAME'] . '?Result=Failed');
    }
    // Set Session value - remove domain suffix if UPN was used
    if (isEmailAddress($_POST['username'])) {
        $username = explode("@", $_POST['username']);
        $_SESSION["username"] = $username[0];
    } else {
        $_SESSION["username"] = $_POST['username'];
    }
    // Get user's role
    $_SESSION["role"] = GetUserRole($connect, $ldap_connections[$_POST['ldap_connection']]);
    ldap_unbind($connect);
    // Redirect to appropriate url based on role
    if ($_SESSION["role"] != "none") {
        LogEvent("ldap_login.php", "Main", "User " . $_SESSION["username"] . " succesfully logged on as " . $_SESSION["role"]);
        RedirectToUrl("./index.php");
    } else {
        DestroySession();
        RedirectToUrl($_SERVER['SCRIPT_NAME']);
function AuditLdapPaths()
{
    global $db;
    $aes_key = GetAesKey();
    $ldap_details = array();
    // Get paths info from db
    $sql = "SELECT ldap_connections_server,AES_DECRYPT(ldap_connections_user,'" . $aes_key . "') AS ldap_user, AES_DECRYPT(ldap_connections_password,'" . $aes_key . "') AS ldap_password, ldap_connections_fqdn, ldap_paths_id, ldap_paths_dn ";
    $sql .= "FROM ldap_connections INNER JOIN ldap_paths on ldap_paths.ldap_paths_connection_id=ldap_connections.ldap_connections_id ";
    $sql .= "WHERE ldap_paths.ldap_paths_audit=1";
    $result = mysql_query($sql, $db);
    if ($myrow = mysql_fetch_array($result)) {
        DebugEcho($myrow);
        // Loop thru all defined paths and audit
        do {
            $ldap_path_details["ldap_path_id"] = $myrow["ldap_paths_id"];
            $ldap_path_details["ldap_server"] = $myrow["ldap_connections_server"];
            // if ldap_user is not stored in UPN format, append DNS suffix to user name to make UPN
            if (isEmailAddress($myrow["ldap_user"])) {
                $ldap_path_details["ldap_user"] = $myrow["ldap_user"];
            } else {
                $ldap_path_details["ldap_user"] = $myrow["ldap_user"] . "@" . $myrow["ldap_connections_fqdn"];
            }
            $ldap_path_details["ldap_password"] = $myrow["ldap_password"];
            $ldap_path_details["ldap_base_dn"] = $myrow["ldap_paths_dn"];
            // Got details - now audit this path
            AuditSingleLdapPath($ldap_path_details);
        } while ($myrow = mysql_fetch_array($result));
    }
}
 if ($bgcolor == "#F1F1F1") {
     $bgcolor = "#FFFFFF";
 } else {
     $bgcolor = "#F1F1F1";
 }
 //	  echo "<tr bgcolor=\"" . $bgcolor . "\"><td><b>Telephone:</td><td>" . $entries[$computer_record_number]["telephonenumber"][0] . "</a></b></td></tr>";
 if ($bgcolor == "#F1F1F1") {
     $bgcolor = "#FFFFFF";
 } else {
     $bgcolor = "#F1F1F1";
 }
 echo "<tr bgcolor=\"" . $bgcolor . "\"><td>" . __("Full Account Details") . "</td><td></td></tr>";
 for ($computer_record_field_number = 0; $computer_record_field_number < $entries[$computer_record_number]["count"]; $computer_record_field_number++) {
     $data = $entries[$computer_record_number][$computer_record_field_number];
     for ($computer_record_field_number_data = 0; $computer_record_field_number_data < $entries[$computer_record_number][$data]["count"]; $computer_record_field_number_data++) {
         if (isEmailAddress($entries[$computer_record_number][$data][$computer_record_field_number_data])) {
             // If its a valid email address, highlight it, and add a URL mailto:
             if ($bgcolor == "#F1F1F1") {
                 $bgcolor = "#FFFFFF";
             } else {
                 $bgcolor = "#F1F1F1";
             }
             echo "<tr bgcolor=\"" . $bgcolor . "\"><td><b>" . __($data) . ":</b></td><td><a href='mailto:" . $entries[$computer_record_number][$data][$computer_record_field_number_data] . "'>" . $entries[$computer_record_number][$data][$computer_record_field_number_data] . "</a></td></tr>";
         } else {
             // Else just show it.
             if ($bgcolor == "#F1F1F1") {
                 $bgcolor = "#FFFFFF";
             } else {
                 $bgcolor = "#F1F1F1";
             }
             echo "<tr bgcolor=\"" . $bgcolor . "\"><td>" . __($data) . ":</td><td>" . $entries[$computer_record_number][$data][$computer_record_field_number_data] . "</td></tr>";
	[Nick Brown]	17/04/2009
	Minor change to GetImage(). Added support for $image_link_ldap_attribute and $human_readable_ldap_fields config
	options. Now using DisplayError() from "include_functions.php".
	
	[Nick Brown]	24/04/2009
	Added utf8_encode() to LDAP search filter strings
	
**********************************************************************************************************/
require_once "include.php";
$ldap_info = GetLdapConnection();
// Didn't get LDAP connection -  alert user & done
if ($ldap_info === False) {
    DisplayError(__("Cannot retrieve LDAP details as you have no LDAP connection defined for this domain."));
}
// Connect (authenticate) to LDAP
$upn = isEmailAddress($ldap_info['user']) ? $ldap_info['user'] : $ldap_info['user'] . "@" . $ldap_info['fqdn'];
$ldap = ConnectToLdapServer($ldap_info['server'], $upn, $ldap_info['password']);
// Get LDAP info
if ($_GET["record_type"] == "computer") {
    $sam_account_name = $ldap_info['system_name'] . "\$";
    $attributes = $_GET["full_details"] == "y" ? array() : $computer_ldap_attributes;
} else {
    // Get user account name - user name *may* be in DOMAIN\ACCOUNT format or may not :-)
    $sam_account_name = stripos($ldap_info["net_user_name"], "\\") !== FALSE ? array_pop(explode("\\", $ldap_info["net_user_name"])) : $ldap_info["net_user_name"];
    $attributes = $_GET["full_details"] == "y" ? array() : $user_ldap_attributes;
}
$filter = "(&(objectClass=" . $_GET["record_type"] . ")(sAMAccountName=" . $sam_account_name . "))";
$sr = ldap_search($ldap, $ldap_info['nc'], utf8_encode($filter), $attributes);
$info = ldap_get_entries($ldap, $sr);
// Couldn't retrieve user or computer object from LDAP - alert user & done
if ($info == NULL) {
function SaveLdapConnectionXml($db)
{
    header("Content-type: text/xml");
    // Validate supplied details
    $html = TestLdapConnectionHtml();
    $testresult = strpos($html, "LDAP bind successful") === false ? "false" : "true";
    if ($testresult != "true") {
        return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>";
    }
    // Connect anonymously to get default domain NC & config NC
    $l = ConnectToLdapServer($_GET["ldap_connection_server"]);
    $domain_nc = GetDefaultNC($l);
    $config_nc = GetConfigNC($l);
    $fqdn = implode(".", explode(",DC=", substr($domain_nc, 3)));
    ldap_unbind($l);
    // Authenticate and get domain GUID and NetBIOS name
    $ldap_user = isEmailAddress($_GET["ldap_connection_user"]) ? $_GET["ldap_connection_user"] : $_GET["ldap_connection_user"] . "@" . $fqdn;
    $l = ConnectToLdapServer($_GET["ldap_connection_server"], $ldap_user, $_GET["ldap_connection_password"]);
    $ldap_connection_name = GetDomainNetbios($l, "CN=Partitions," . $config_nc, $domain_nc);
    ldap_unbind($l);
    $aes_key = GetAesKey();
    if (isset($_GET["ldap_connection_id"]) and strlen($_GET["ldap_connection_id"]) > 0) {
        // UPDATE query - connection already exists so modify
        LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "Edit Connection: " . $ldap_connection_name);
        $sql = "UPDATE `ldap_connections` SET `ldap_connections_nc`='" . $domain_nc . "',`ldap_connections_fqdn`='" . $fqdn . "',";
        $sql .= "`ldap_connections_server`='" . $_GET["ldap_connection_server"] . "',`ldap_connections_user`=AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),";
        $sql .= "`ldap_connections_password`=AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),`ldap_connections_name`='" . $ldap_connection_name . "' ";
        $sql .= "WHERE ldap_connections_id='" . $_GET["ldap_connection_id"] . "'";
    } else {
        // INSERT query - new connection
        LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "New Connection: " . $ldap_connection_name);
        $sql = "INSERT INTO `ldap_connections` (`ldap_connections_nc`,`ldap_connections_fqdn`,`ldap_connections_server`,`ldap_connections_user`,`ldap_connections_password`,`ldap_connections_name`,`ldap_connections_schema`) ";
        $sql .= "VALUES ('" . $domain_nc . "','" . $fqdn . "','" . $_GET["ldap_connection_server"] . "',";
        $sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),";
        $sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),'" . $ldap_connection_name . "','AD')";
    }
    mysql_query($sql, $db);
    //return "<SaveLdapConnection><html>".$html."</html><sql_query>".$sql."</sql_query><result>".$testresult."</result></SaveLdapConnection>";
    return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>";
}