/**
* checkAuth
*
* PEAR::Auth標準の認証処理に加えて、OPENPNE_URL及び
* USER_AGENTのチェックもおこなう
*
* @return bool
* @see PEAR::Auth::checkAuth
*/
function checkAuth()
{
if (!$this->auth->checkAuth()) {
return false;
}
if (OPENPNE_SESSION_CHECK_URL) {
$openpne_url = $this->auth->getAuthData('OPENPNE_URL');
if ($openpne_url !== OPENPNE_URL) {
return false;
}
}
if ($this->is_check_user_agent) {
$login_user_agent = $this->auth->getAuthData('USER_AGENT');
$now_user_agent = $_SERVER['HTTP_USER_AGENT'];
// ドコモ端末からのアクセスの場合、ユーザエージェント情報から個体識別情報を取り除く
if ($GLOBALS['__Framework']['carrier'] == 'i') {
if (strncmp($now_user_agent, 'DoCoMo/1.0', 10) === 0) {
$login_user_agent = substr($login_user_agent, 0, strpos($login_user_agent, '/ser'));
$now_user_agent = substr($now_user_agent, 0, strpos($now_user_agent, '/ser'));
} elseif (strncmp($now_user_agent, 'DoCoMo/2.0', 10) === 0) {
$login_user_agent = substr($login_user_agent, 0, strpos($login_user_agent, '('));
$now_user_agent = substr($now_user_agent, 0, strpos($now_user_agent, '('));
}
}
if ($now_user_agent !== $login_user_agent) {
return false;
}
}
return true;
}
function validate($user, $pass, $challenge, $response)
{
parent::validate($user, $pass, $challenge, $response);
global $gBitDb;
if (empty($user) or empty($pass)) {
return USER_NOT_FOUND;
}
$this->mInfo["real_name"] = '';
// This needs fixing in the base code - real_name will only exist if a user has been identiied
// Use V3, which requires UTF-8:
$this->mConfig['version'] = 3;
$user_utf8 = utf8_encode($user);
if ($this->mConfig['reqcert']) {
// Skip the SSL certificate check:
// (This assumes PHP is using the OpenLDAP client library.)
putenv('LDAPTLS_REQCERT=never');
}
if ($this->mConfig['activedirectory']) {
$this->mConfig['attributes'] = (array) null;
$this->mConfig['userfilter'] = '(objectClass=' . $this->mConfig['useroc'] . ')';
$this->mConfig['groupfilter'] = '(objectClass=' . $this->mConfig['groupoc'] . ')';
$this->mConfig['groupscope'] = $this->mConfig['userscope'];
} else {
// Using bitweaver groups with LDAP still needs completing so disable for now
unset($this->mConfig['group']);
}
$a = new Auth('LDAP', $this->mConfig, "", false);
$a->_loadStorage();
// set up connection to ldap via user details
// First, try by username. If that fails, try by email address.
$success = $a->storage->fetchData($user_utf8, $pass, false);
if ($success == false) {
// The user wasn't found. Try again by email address:
$this->mConfig['userattrsto'] = $this->mConfig['userattr'];
// Keep this for later
$this->mConfig['userattr'] = $this->mConfig['email'];
// Tell PEAR::Auth() to look at the 'mail' attribute
// this needs testing better, should be no need to create second instance of Auth!
$a = new Auth('LDAP', $this->mConfig, "", false);
$a->_loadStorage();
// set up connection to ldap via user details
$success = $a->storage->fetchData($user_utf8, $pass, false);
if ($success == false) {
$this->mErrors['login'] = isset($a->storage->options['status']) ? $a->storage->options['status'] : 'Not authenticated';
return PASSWORD_INCORRECT;
}
}
// At this point, there was a successful ldap_bind() using the
// user's Distinguished Name (DN) and password for login.
// The call to ldap_get_attributes() has been saved into $a->getAuthData('attributes')
if ($this->mConfig['activedirectory']) {
// Active Directory does some things differently - mainly in the returns
$attributes = $a->getAuthData();
// Warning: ldap_get_attributes() uses case-sensitive array keys
$this->mInfo["login"] = $attributes[$this->mConfig['userattr']];
$this->mInfo["email"] = $attributes[$this->mConfig['email']];
$this->mInfo["real_name"] = empty($attributes[$this->mConfig['name']]) ? $this->mInfo["login"] : $attributes[$this->mConfig['name']];
} else {
$attributes = $a->getAuthData('attributes');
// Warning: ldap_get_attributes() uses case-sensitive array keys
$this->mInfo["login"] = $attributes[$this->mConfig['userattr']][0];
$this->mInfo["email"] = $attributes[$this->mConfig['email']][0];
$this->mInfo["real_name"] = empty($attributes[$this->mConfig['name']][0]) ? $this->mInfo["login"] : $attributes[$this->mConfig['name']][0];
}
// Note, the new (or updated) SQL user will be created by the calling BitUser class.
return USER_VALID;
// Success!
}
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<?php
if ($a->getAuth()) {
echo "One can only see this if he is logged in!";
echo $a->getAuthData('firstname') . " <br>";
}
?>
<footer class="mdl-mini-footer">
<div class="mdl-mini-footer__left-section">
<div class="mdl-logo">www.rack.pub</div>
<ul class="mdl-mini-footer__link-list">
<li><a href="/help">Help</a></li>
<li><a href="/terms">Privacy & Terms</a></li>
</ul>
</div>
</footer>
</div>
</section>
</div>
</main>
function validate_user_auth($user, $pass)
{
global $tikilib, $user_ldap_attributes, $prefs;
include_once "Auth/Auth.php";
// just make sure we're supposed to be here
if ($prefs['auth_method'] != 'auth') {
return false;
}
// set the Auth options based on auth_type
if ($prefs['auth_type'] == 'LDAP') {
// get all of the LDAP options from the database
$options['url'] = $prefs['auth_ldap_url'];
$options['host'] = $prefs['auth_pear_host'];
$options['port'] = $prefs['auth_pear_port'];
$options['scope'] = $prefs['auth_ldap_scope'];
$options['basedn'] = $prefs['auth_ldap_basedn'];
$options['userdn'] = $prefs['auth_ldap_userdn'];
$options['userattr'] = $prefs['auth_ldap_userattr'];
$options['useroc'] = $prefs['auth_ldap_useroc'];
$options['groupdn'] = $prefs['auth_ldap_groupdn'];
$options['groupattr'] = $prefs['auth_ldap_groupattr'];
$options['groupoc'] = $prefs['auth_ldap_groupoc'];
$options['memberattr'] = $prefs['auth_ldap_memberattr'];
$options['memberisdn'] = $prefs['auth_ldap_memberisdn'] == 'y';
$options['version'] = $prefs['auth_ldap_version'];
//added to allow for ldap systems that do not allow anonymous bind
$options['binddn'] = $prefs['auth_ldap_adminuser'];
$options['bindpw'] = $prefs['auth_ldap_adminpass'];
// attributes to fetch
$options['attributes'] = array();
if ($nameattr = $prefs['auth_ldap_nameattr']) {
$options['attributes'][] = $nameattr;
}
// set the Auth options
//$a = new Auth('LDAP', $options, '', false, $user, $pass);
//corrected for the Auth v.13 upgrade
$a = new Auth('LDAP', $options, '', false);
} else {
if ($prefs['auth_type'] == 'IMAP') {
$options['host'] = $prefs['auth_pear_host'];
$options['port'] = $prefs['auth_pear_port'];
$options['baseDSN'] = $prefs['auth_imap_pop3_basedsn'];
$options['checkServer'] = 'false';
$a = new Auth('IMAP', $options, '', false);
} else {
if ($prefs['auth_type'] == 'POP3') {
$options['host'] = $prefs['auth_pear_host'];
$options['port'] = $prefs['auth_pear_port'];
$options['baseDSN'] = $prefs['auth_imap_pop3_basedsn'];
$options['checkServer'] = 'false';
$a = new Auth('POP3', $options, '', false);
} else {
if ($prefs['auth_type'] == 'vpopmail') {
$options['host'] = $prefs['auth_pear_host'];
$options['port'] = $prefs['auth_pear_port'];
$options['baseDSN'] = $prefs['auth_imap_pop3_basedsn'];
$options['checkServer'] = 'false';
$a = new Auth('vpopmail', $options, '', false);
}
}
}
}
//added to support Auth v1.3
$a->username = $user;
$a->password = $pass;
$a->status = AUTH_LOGIN_OK;
// check if the login correct
$a->login();
switch ($a->getStatus()) {
case AUTH_LOGIN_OK:
// Retrieve LDAP information to update user data a bit later (when he will be completely validated or auto-created)
if ($nameattr != '') {
$user_ldap_attributes['auth_ldap_nameattr'] = $a->getAuthData($nameattr);
}
return USER_VALID;
case AUTH_USER_NOT_FOUND:
return USER_NOT_FOUND;
case AUTH_WRONG_LOGIN:
return PASSWORD_INCORRECT;
default:
return SERVER_ERROR;
}
}
$a->start();
function loginFunction()
{
// show login page
}
function loginSuccess($username, $a)
{
// write successful login to log
}
function loginFailed($username, $a)
{
// write failed login to log
}
if ($a->getAuth()) {
$email = $a->getUsername();
$firstname = $a->getAuthData('firstname');
$lastname = $a->getAuthData('lastname');
$street = $a->getAuthData('street');
$city = $a->getAuthData('city');
$state = $a->getAuthData('state');
$zip = $a->getAuthData('zip');
$birthday = $a->getAuthData('birthday');
$phone = $a->getAuthData('phone');
}
include 'includes/head.php';
?>
<!-- Produced By Ron Royston, ron@stndip.com -->
<html lang="en">
<body>
<div class="mdl-layout mdl-js-layout mdl-layout--fixed-header">
