/**
* plugin installation
*
* perform here all needed step for the plugin installation
* such as create default config, add database tables,
* add fields to existing tables, create local folders...
*/
function install($plugin_version, &$errors = array())
{
global $conf;
$config = new Ldap();
if (file_exists(LDAP_LOGIN_PATH . 'data.dat')) {
$config->load_config();
} else {
$config->load_default_config();
}
$config->save_config();
$this->installed = true;
}
<?php
if (!defined('PHPWG_ROOT_PATH')) {
die('Hacking attempt!');
}
/*
*
* Here we have everything if valid ldap users are allowed or not to connect to piwigo
* Valid ldap users with no piwigo login can create their login this way.
*
*/
global $template;
$template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/newusers.tpl'));
$template->assign(array('PLUGIN_NEWUSERS' => get_root_url() . 'admin.php?page=plugin-Ldap_Login-newusers'));
$me = new Ldap();
$me->load_config();
// do we allow new users to have a piwigo login created if they have a valid ldap login ?
$template->assign('ALLOW_NEWUSERS', $me->config['allow_newusers']);
// do we send a mail to admins in case of new users ?
$template->assign('ADVERTISE_ADMINS', $me->config['advertise_admin_new_ldapuser']);
// do we send the piwigo (!) password to the mail address provided by ldap ?
$template->assign('SEND_CASUAL_MAIL', $me->config['send_password_by_mail_ldap']);
// Is there a restriction in the ldap users group ?
// Only members of this ldap group can log in !
$template->assign('USERS_GROUP', $me->config['users_group']);
if (isset($_POST['save'])) {
$me->config['users_group'] = $_POST['USERS_GROUP'];
if (isset($_POST['ALLOW_NEWUSERS'])) {
$me->config['allow_newusers'] = True;
} else {
$me->config['allow_newusers'] = False;
function login($success, $username, $password, $remember_me)
{
global $conf;
$allow_auth = False;
$obj = new Ldap();
$obj->load_config();
$obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString());
// if there's a users group...
if ($obj->config['users_group']) {
// and the user is in
if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) {
// it can continue
$allow_auth = True;
} else {
// otherwise it means the user is not allowed to enter !
fail($username);
}
} else {
// if there's no user group, we can continue.
$allow_auth = True;
}
if ($allow_auth) {
if ($obj->ldap_bind_as($username, $password)) {
// bind with userdn
// search user in piwigo database
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';';
$row = pwg_db_fetch_assoc(pwg_query($query));
// if query is not empty, it means everything is ok and we can continue, auth is done !
if (!empty($row['id'])) {
update_user($username, $row['id']);
log_user($row['id'], $remember_me);
trigger_action('login_success', stripslashes($username));
return True;
} else {
// this is where we check we are allowed to create new users upon that.
if ($obj->config['allow_newusers']) {
// we got the email address
if ($obj->ldap_mail($username)) {
$mail = $obj->ldap_mail($username);
} else {
$mail = NULL;
}
// we actually register the new user
$new_id = register_user($username, random_password(8), $mail);
update_user($username, $new_id);
// now we fetch again his id in the piwigo db, and we get them, as we just created him !
log_user($new_id, False);
trigger_action('login_success', stripslashes($username));
redirect('profile.php');
return true;
} else {
fail($username);
}
}
} else {
fail($username);
}
} else {
fail($username);
}
}