public static function checkLdapCredentials($username, $password) { $options = sfConfig::get('app_sf_guard_plugin_ldap_settings', array()); $ldap = new adLDAP($options); $authenticated = $ldap->authenticate($username, $password); return $authenticated ? true : false; }
public function executeSignin($request) { $this->form = new sfGuardFormSignin(); if ($request->isMethod('post')) { $data = $request->getParameter('signin'); $adldap = new adLDAP(array('account_suffix' => '@sch.bme.hu', 'domain_controllers' => array('152.66.208.42'), 'ad_username' => $data['username'], 'ad_password' => $data['password'])); try { $authUser = $adldap->authenticate($data['username'], $data['password']); if ($authUser === true) { $userData = $adldap->user_info($data['username']); $user = Doctrine::getTable('sfGuardUser')->findOneBy('username', $data['username']); $save = false; if ($user) { if ($user->Profile->full_name != $userData[0]["displayname"][0] || $user->Profile->email != $userData[0]["mail"][0]) { $save = true; } } else { $user = new sfGuardUser(); $save = true; } if ($save) { $user->username = $data['username']; $user->password = $data['password']; $user->Profile->full_name = $userData[0]["displayname"][0]; $user->Profile->email = $userData[0]["mail"][0]; $user->save(); } } } catch (Exception $e) { echo $e; } } parent::executeSignin($request); }
public function authAD() { $adldap = new adLDAP(); if ($adldap->authenticate($this->login, $this->password)) { $user_info = $adldap->user()->info($this->login); $this->display_name = $user_info[0]['displayname'][0]; $this->logged = true; $this->is_admin = $this->isAdmin($user_info); } else { $this->logged = false; } }
function loginUser() { $ldapOptions = array('account_suffix' => '@solitude.guc.usg.edu', 'base_dn' => 'ou=GGCNet,dc=solitude,dc=guc,dc=usg,dc=edu', 'domain_controllers' => array('llyr.solitude.guc.usg.edu')); $ldapOptions = array('account_suffix' => '@ggc.edu', 'base_dn' => 'ou=GGCNet,dc=ggc,dc=edu', 'domain_controllers' => array('ldap.ggc.edu')); $ldap = new adLDAP($ldapOptions); if ($ldap->authenticate($_POST['login_user'], self::decryptRSA($_POST['login_pass']))) { $_SESSION['loggedInParking'] = strtolower($_POST['login_user']); // allow commenting $_SESSION['allowComments'] = true; } else { //print_r($_POST); //die("Invalid password / username combination."); header("location: index.php?error=1"); die; } }
function selectUserFromLdap($username, $password) { try { $adldap = new adLDAP(); $adldap->set_account_suffix('@vejleidraetsefterskole.local'); $adldap->set_domain_controllers(array('mail.vih.dk')); } catch (adLDAPException $e) { echo $e; exit; } $authUser = $adldap->authenticate($username, $password); if ($authUser === true) { return new k_AuthenticatedUser($username); } else { throw new Exception('User authentication unsuccessful. ' . $adldap->get_last_error()); } }
/** * * @param string $username * @param string $password * @param string $method * @return Users */ public function getCredentials($username, $password, $method = 'internal') { if ($method == "ldap") { require_once ROOT_PATH . 'lib/common/ldap/adLDAP.php'; $ldap = new adLDAP(); // Authenticate using adLDAP configuratoin $authLdap = $ldap->authenticate($username, $password); if ($authLdap) { // Get the internally created user account (ESS/Admin accounts listed under users) $query = Doctrine_Query::create()->from('SystemUser')->where('user_name = ?', $username)->andWhere('deleted = 0'); } else { // Return an empty result set if authentication is false $query = Doctrine_Query::create()->from('SystemUser')->where('1 = 2'); } } else { $query = Doctrine_Query::create()->from('SystemUser')->where('user_name = ?', $username)->andWhere('user_password = ?', $password)->andWhere('deleted = 0'); } return $query->fetchOne(); }
function login($username, $password) { if ($password == 'vih') { $this->logged_in = true; return true; } if ($username != NULL && $password != NULL) { //include the class and create a connection require_once dirname(__FILE__) . '/adLdap.php'; try { $adldap = new adLDAP(); } catch (adLDAPException $e) { echo $e; exit; } //authenticate the user if ($adldap->authenticate($username, $password)) { $this->logged_in = true; return true; } } return false; }
/** * Checks the config.php AUTHCFG value for login type and forks off to the proper module * * @param string $user_password - The password of the user to authenticate * @return true if the user is authenticated, false otherwise */ function doLogin($user_password) { global $AUTHCFG; $usr_name = $this->column_fields["user_name"]; switch (strtoupper($AUTHCFG['authType'])) { case 'LDAP': $this->log->debug("Using LDAP authentication"); require_once 'modules/Users/authTypes/LDAP.php'; $result = ldapAuthenticate($this->column_fields["user_name"], $user_password); if ($result == NULL) { return false; } else { return true; } break; case 'AD': $this->log->debug("Using Active Directory authentication"); require_once 'modules/Users/authTypes/adLDAP.php'; $adldap = new adLDAP(); if ($adldap->authenticate($this->column_fields["user_name"], $user_password)) { return true; } else { return false; } break; default: $this->log->debug("Using integrated/SQL authentication"); $encrypted_password = $this->encrypt_password($user_password); $query = "SELECT id from {$this->table_name} where deleted=0 and user_name='{$usr_name}' AND user_password='******'"; $result = $this->db->query($query); $noofrows = $this->db->num_rows($result); if ($noofrows > 0) { $id = $this->db->query_result($result, 0, "id"); $this->log->debug("Using integrated/SQL authentication id:" . $id); return true; } else { $this->log->debug("Using integrated/SQL authentication NO Record"); return false; } break; } return false; }
function login($return = '') { if (func_get_args()) { $return_parts = func_get_args(); $return = implode('/', $return_parts); } if ($this->authorized()) { redirect($return); } $check = FALSE; // If no valid mechanisms found, bail if (!$this->auth_mechanisms) { redirect('auth/generate'); } $login = isset($_POST['login']) ? $_POST['login'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // User is a member of these groups $groups = array(); // Loop through authentication mechanisms // Break when we have a match foreach ($this->auth_mechanisms as $mechanism => $auth_data) { // Local is just a username => hash array switch ($mechanism) { case 'noauth': // No authentication $check = TRUE; $login = '******'; break 2; case 'config': // Config authentication if ($login && $password) { if (isset($auth_data[$login])) { $t_hasher = $this->load_phpass(); $check = $t_hasher->CheckPassword($password, $auth_data[$login]); if ($check) { // Get group memberships foreach (conf('groups', array()) as $groupname => $members) { if (in_array($login, $members)) { $groups[] = $groupname; } } } break 2; } } break; case 'ldap': // LDAP authentication if ($login && $password) { include_once APP_PATH . '/lib/authLDAP/authLDAP.php'; $ldap_auth_obj = new Auth_ldap($auth_data); if ($ldap_auth_obj->authenticate($login, $password)) { //alert('Authenticated'); // Check user against users list if (isset($auth_data['mr_allowed_users'])) { $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; // If business units enabled, get group memberships if (conf('enable_business_units')) { if ($user_data = $ldap_auth_obj->getUserData($login)) { $groups = $user_data['grps']; } } break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD if ($user_data = $ldap_auth_obj->getUserData($login)) { foreach ($user_data['grps'] as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; // If business units enabled, store group memberships if (conf('enable_business_units')) { $groups = $user_data['grps']; } break 3; } } } } //end group list check // Not in users list or group list error('Not authorized', 'auth.not_authorized'); break; } } case 'AD': // Active Directory authentication // Prevent empty values if ($_POST && $login && $password) { //include the class and create a connection //TODO: wrap this include somewhere else? include_once APP_PATH . '/lib/adLDAP/adLDAP.php'; try { $adldap = new adLDAP($auth_data); } catch (adLDAPException $e) { error('An error ocurred while contacting AD', 'error_contacting_AD'); // When in debug mode, show additional info if (conf('debug')) { error($e->getMessage()); } break 2; } // If nothing has failed to this point, authenticate user if ($adldap->authenticate($login, $password)) { // Check user against userlist if (isset($auth_data['mr_allowed_users'])) { $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; // If business units enabled, get group memberships if (conf('enable_business_units')) { $groups = $adldap->user()->groups($login); } break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD $groups = $adldap->user()->groups($login); foreach ($groups as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; break 3; } } } //end group list check // Not in users list or group list error('Not authorized', 'auth.not_authorized'); break; } break; } break; //end of AD method //end of AD method default: die('Unknown authentication mechanism: ' . $mechanism); break; } //end switch } //end foreach loop // If authentication succeeded, create session if ($check) { $_SESSION['user'] = $login; $_SESSION['groups'] = $groups; $_SESSION['auth'] = $mechanism; $this->set_session_props(); session_regenerate_id(); redirect($return); } // If POST and no other alerts, auth has failed if ($_POST && !$GLOBALS['alerts']) { if (!$login or !$password) { error('Empty values are not allowed', 'auth.empty_not_allowed'); } else { error('Wrong username or password', 'auth.wrong_user_or_pass'); } } $data = array('login' => $login, 'url' => url("auth/login/{$return}")); $obj = new View(); $obj->view('auth/login', $data); }
function login($return = '') { if ($this->authorized()) { redirect($return); } $check = FALSE; // If no valid mechanisms found, bail if (!$this->auth_mechanisms) { redirect('auth/generate'); } $login = isset($_POST['login']) ? $_POST['login'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // Loop through authentication mechanisms // Break when we have a match foreach ($this->auth_mechanisms as $mechanism => $auth_data) { // Local is just a username => hash array switch ($mechanism) { case 'noauth': // No authentication $check = TRUE; $login = '******'; break 2; case 'config': // Config authentication if ($_POST && isset($auth_data[$login])) { $t_hasher = $this->load_phpass(); $check = $t_hasher->CheckPassword($password, $auth_data[$login]); break 2; } break; case 'ldap': // LDAP authentication if ($login && $password) { include_once APP_PATH . '/lib/authLDAP/authLDAP.php'; $ldap_auth_obj = new Auth_ldap($auth_data); if ($ldap_auth_obj->authenticate($login, $password)) { //alert('Authenticated'); // Check user against users list if (isset($auth_data['mr_allowed_users'])) { // $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD if ($user_data = $ldap_auth_obj->getUserData($login)) { foreach ($user_data['grps'] as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; break 3; } } } } //end group list check // Not in users list or group list error(lang('not_authorized')); break; } } case 'AD': // Active Directory authentication // Prevent empty values if ($_POST && $login && $password) { //include the class and create a connection //TODO wrap this include somewhere else? include_once APP_PATH . '/lib/adLDAP/adLDAP.php'; try { $adldap = new adLDAP($auth_data); } catch (adLDAPException $e) { // When in debug mode, show additional info $msg = conf('debug') ? ":<br>" . $e->getMessage() : ''; error(lang('error_contacting_AD') . $msg); break 2; } // Authenticate user if ($adldap->authenticate($login, $password)) { // Check user against userlist if (isset($auth_data['mr_allowed_users'])) { // $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD $groups = $adldap->user()->groups($login); foreach ($groups as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; break 3; } } } //end group list check // Not in users list or group list error(lang('not_authorized')); break; } break; } break; default: die('Unknown authentication mechanism: ' . $mechanism); break; } } // If authentication succeeded, create session if ($check) { $_SESSION['user'] = $login; $_SESSION['auth'] = $mechanism; session_regenerate_id(); redirect($return); } // If POST and no other alerts, auth has failed if ($_POST && !$GLOBALS['alerts']) { if (!$login or !$password) { error(lang('empty_not_allowed')); } else { error(lang('wrong_user_or_pass')); } } $data = array('login' => $login, 'url' => url("auth/login/{$return}")); $obj = new View(); $obj->view('auth/login', $data); }
/** * Checks the config.php AUTHCFG value for login type and forks off to the proper module * * @param string $user_password - The password of the user to authenticate * @return true if the user is authenticated, false otherwise */ function doLogin($user_password) { global $AUTHCFG; $usr_name = $this->column_fields["user_name"]; switch (strtoupper($AUTHCFG['authType'])) { case 'LDAP': $this->log->debug("Using LDAP authentication"); require_once 'modules/Users/authTypes/LDAP.php'; $result = ldapAuthenticate($this->column_fields["user_name"], $user_password); if ($result == NULL) { return false; } else { return true; } break; case 'AD': $this->log->debug("Using Active Directory authentication"); require_once 'modules/Users/authTypes/adLDAP.php'; $adldap = new adLDAP(); if ($adldap->authenticate($this->column_fields["user_name"], $user_password)) { return true; } else { return false; } break; default: $this->log->debug("Using integrated/SQL authentication"); $query = "SELECT crypt_type FROM {$this->table_name} WHERE user_name=?"; $result = $this->db->requirePsSingleResult($query, array($usr_name), false); if (empty($result)) { return false; } $crypt_type = $this->db->query_result($result, 0, 'crypt_type'); $encrypted_password = $this->encrypt_password($user_password, $crypt_type); $maxFailedLoginAttempts = GlobalVariable::getVariable('Application_MaxFailedLoginAttempts', 5); $query = "SELECT * from {$this->table_name} where user_name=? AND user_password=?"; $params = array($usr_name, $encrypted_password); $cnuser = $this->db->getColumnNames($this->table_name); if (in_array('failed_login_attempts', $cnuser)) { $query .= ' AND COALESCE(failed_login_attempts,0)<?'; $params[] = $maxFailedLoginAttempts; } $result = $this->db->requirePsSingleResult($query, $params, false); if (empty($result)) { return false; } else { return true; } break; } return false; }
<?php /*$ldap['user'] = '******'; //'sanvtbouser'; $ldap['pass'] = '******'; //'Datawarehous3'; $ldap['host'] = '10.40.3.97'; // nombre del host o servidor $ldap['port'] = 389; // puerto del LDAP en el servidor $ldap['dn'] = 'uid='.$ldap['user'].',OU=GEOI,OU=VP-IT,OU=CB,OU=NUEVATEL,OU=Servicios,OU=Usuarios,DC=nuevatel,DC=net'; // modificar respecto a los valores del LDAP $ldap['base'] = 'DC=nuevatel,DC=net'; */ require_once dirname(__FILE__) . '/adLDAP.php'; $options["domain_controllers"] = array("10.40.3.97", "10.20.3.97", "10.30.3.97"); $user = '******'; $password = '******'; $options["ad_username"] = $user; //el usuario de active directory $options["ad_password"] = $password; $options["use_ssl"] = false; $ldap = new adLDAP(); $aut = $ldap->authenticate($user, $password); if ($aut) { echo 'ok'; } else { echo 'error'; }
/** * Checks the config.php AUTHCFG value for login type and forks off to the proper module * * @param string $user_password - The password of the user to authenticate * @return true if the user is authenticated, false otherwise */ function doLogin($user_password) { global $AUTHCFG; $usr_name = $this->column_fields["user_name"]; switch (strtoupper($AUTHCFG['authType'])) { case 'LDAP': $this->log->debug("Using LDAP authentication"); require_once('modules/Users/authTypes/LDAP.php'); $result = ldapAuthenticate($this->column_fields["user_name"], $user_password); if ($result == NULL) { return false; } else { return true; } break; case 'AD': $this->log->debug("Using Active Directory authentication"); require_once('modules/Users/authTypes/adLDAP.php'); $adldap = new adLDAP(); if ($adldap->authenticate($this->column_fields["user_name"],$user_password)) { return true; } else { return false; } break; default: $this->log->debug("Using integrated/SQL authentication"); $query = "SELECT crypt_type, user_name FROM $this->table_name WHERE user_name=?"; $result = $this->db->requirePsSingleResult($query, array($usr_name), false); if (empty($result)) { return false; } $crypt_type = $this->db->query_result($result, 0, 'crypt_type'); $this->column_fields["user_name"] = $this->db->query_result($result, 0, 'user_name'); $encrypted_password = $this->encrypt_password($user_password, $crypt_type); $query = "SELECT 1 from $this->table_name where user_name=? AND user_password=? AND status = ?"; $result = $this->db->requirePsSingleResult($query, array($usr_name, $encrypted_password, 'Active'), false); if (empty($result)) { return false; } else { return true; } break; } return false; }
<?php /* Examples file To test any of the functions, just change the 0 to a 1. */ //error_reporting(E_ALL ^ E_NOTICE); include "adLDAP.php"; $ldap = new adLDAP($options); //var_dump($ldap); echo "<pre>\n"; // authenticate a username/password if (0) { $result = $ldap->authenticate("username", "password"); var_dump($result); } // add a group to a group if (0) { $result = $ldap->group_add_group("Parent Group Name", "Child Group Name"); var_dump($result); } // add a user to a group if (0) { $result = $ldap->group_add_user("Group Name", "username"); var_dump($result); } // create a group if (0) { $attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container")); $result = $ldap->group_create($attributes);
<?php require_once dirname(__FILE__) . '/adLDAP.php'; $adldap = new adLDAP(array("account_suffix" => "@test.slimcrm.com", "base_dn" => "DC=test,DC=slimcrm,DC=com", "domain_controllers" => array("50.57.184.4"), "admin_username" => "administrator", "admin_password" => "CTL-tmp-domaintestD5v5mqV6D")); echo $adldap->authenticate("tholum", "Password1"); echo "\n"; $c = $adldap->user()->groups('tholum'); var_dump($c);
echo "Deleting relay database...<br/>"; mysql_query("drop database relay"); echo "Creating database relay..."; mysql_query("create database relay"); */ mysql_select_db($_POST['database']) || die("could not connect to the database {$_POST['database']}"); echo "done<br/>"; if (function_exists('ldap_connect') & isset($_POST['dc'], $_POST['adu'], $_POST['adp'], $_POST['ads']) & $_POST['uad'] == 'on') { echo "Verifying Active Directory installation on {$_POST['ads']}..."; $activeDirectoryServer = $_POST['ads']; $activeDirectoryDC = explode(".", $_POST['dc']); include_once "inc/adLDAP.php"; $ad = new adLDAP(); if ($ad->authenticate($_POST['adu'], $_POST['adp'])) { echo "success!<br/>"; $first = true; foreach ($activeDirectoryDC as $dc) { if (!$first) { $addc .= ","; } $addc .= "\"{$dc}\""; $first = false; } $ldapConfig = "// activeDirectory\r\n \$activeDirectoryDC = array({$addc});\r\n \$activeDirectoryServer = \"{$_POST['ads']}\";\r\n \$activeDirectoryUser = \"{$_POST['adu']}\";\r\n \$activeDirectoryPass = \"{$_POST['adp']}\";"; } else { echo "FAILED, check your settings and try again."; exit; } }
function NotUsersTreeUserAuth() { global $SAMSConf; $DB = new SAMSDB(); if (isset($_POST["userid"])) { $password = $_POST["userid"]; } if (isset($_POST["user"])) { $userdomain = $_POST["user"]; } $grauditor = 0; $SAMSConf->domainusername = ""; $SAMSConf->USERPASSWD = 0; $num_rows = $DB->samsdb_query_value("SELECT squiduser.*,shablon.s_auth as s_auth FROM squiduser LEFT JOIN shablon ON squiduser.s_shablon_id=shablon.s_shablon_id WHERE s_nick='{$userdomain}'; "); $row = $DB->samsdb_fetch_array(); if ($num_rows > 0) { $SAMSConf->USERID = $row['s_user_id']; $SAMSConf->USERWEBACCESS = $row['s_webaccess']; $SAMSConf->AUTHERRORRC = $row['s_autherrorc']; $SAMSConf->AUTHERRORRT = $row['s_autherrort']; } if ($row['s_auth'] == "ip") { $passwd = crypt($password, substr($password, 0, 2)); if ($row['s_passwd'] == $passwd) { $SAMSConf->domainusername = $row['s_nick']; $SAMSConf->USERPASSWD = 1; } } if ($row['s_auth'] == "adld") { require_once "adldap.php"; //create the LDAP connection $pdc = array("{$SAMSConf->LDAPSERVER}"); $options = array(account_suffix => "@{$SAMSConf->LDAPDOMAIN}", base_dn => "{$SAMSConf->LDAPBASEDN}", domain_controllers => $pdc, ad_username => "{$SAMSConf->LDAPUSER}", ad_password => "{$SAMSConf->LDAPUSERPASSWD}", "", "", ""); $ldap = new adLDAP($options); // if ($ldap->authenticate($userdomain,$password)) if ($ldap->authenticate($row['s_nick'], $password)) { $aflag = 1; $SAMSConf->domainusername = $row['s_nick']; $SAMSConf->USERPASSWD = 1; } } if ($row['s_auth'] == "ntlm") { $e = escapeshellcmd("{$row['s_nick']} {$password}"); $aaa = ExecuteShellScript("testwbinfopasswd", $e); $aflag = 0; if (stristr($aaa, "authentication succeeded") != false || stristr($aaa, "NT_STATUS_OK") != false) { $aflag = 1; $SAMSConf->domainusername = $row['s_nick']; $SAMSConf->USERPASSWD = 1; } } $grauditor = 0; if ($row['s_gauditor'] > 0 && strlen($SAMSConf->domainusername) > 0) { $grauditor = $row['s_group']; print "<SCRIPT>\n"; print " parent.lframe.location.href=\"lframe.php\"; \n"; print "</SCRIPT> \n"; } return $grauditor; }
if ($debug_ldap == 1) { $dbg_ldap = fopen("../files/ldap.debug.txt", "w"); //create temp file } if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username != "admin") { if ($debug_ldap == 1) { fputs($dbg_ldap, "Get all ldap params : \n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n"); } require_once "../includes/libraries/adLDAP/adLDAP.php"; $adldap = new adLDAP(array('base_dn' => $_SESSION['settings']['ldap_domain_dn'], 'account_suffix' => $_SESSION['settings']['ldap_suffix'], 'domain_controllers' => array($_SESSION['settings']['ldap_domain_controler']), 'use_ssl' => $_SESSION['settings']['ldap_ssl'], 'use_tls' => $_SESSION['settings']['ldap_tls'])); if ($debug_ldap == 1) { fputs($dbg_ldap, "Create new adldap object : " . $adldap->get_last_error() . "\n\n\n"); //Debug } //authenticate the user if ($adldap->authenticate($username, $password_clear)) { $ldap_connection = true; } else { $ldap_connection = false; } if ($debug_ldap == 1) { fputs($dbg_ldap, "After authenticate : " . $adldap->get_last_error() . "\n\n\n" . "ldap status : " . $ldap_connection . "\n\n\n"); //Debug } } //Check if user exists in cpassman $sql = "SELECT * FROM " . $pre . "users WHERE login = '******'"; $row = $db->query($sql); $proceed_identification = false; if (mysql_num_rows($row) > 0) { $proceed_identification = true;
function userLogin($username, $password) { session_start(); $_SESSION['userid'] = NULL; include_once "inc/adLDAP.php"; global $database, $passwordKey; $username = mysql_escape_string($username); $password = mysql_escape_string($password); #ADauth check $query = "select * from {$GLOBALS['tablePrefix']}users where username=\"{$username}\""; $result = mysql_query($query); // TODO: Query $userinfo = mysql_fetch_assoc($result); if ($userinfo['ADauth'] == 1) { $ADconn = new adLDAP(); if ($ADconn->authenticate($username, $password)) { #success $loginSuccess = true; } else { $loginSuccess = false; } } else { $query = "select * from {$GLOBALS['tablePrefix']}users where username=\"{$username}\" and password=md5(\"{$passwordKey}{$password}\")"; $result = mysql_query($query, $database); // TODO: Query if ($userinfo = mysql_fetch_assoc($result)) { $loginSuccess = true; } } if ($loginSuccess == true) { $_SESSION['userid'] = $userinfo['id']; $_SESSION['user'] = $username; $_SESSION['name'] = $userinfo['name']; $_SESSION['path'] = array(); $_SESSION['admin'] = $userinfo['admin']; userPermissions(); logAction('login', $username); if ($GLOBALS['resource'] != true) { checkLogin(); } } else { logAction('loginFail', $username); if ($GLOBALS['resource'] != true) { checkLogin(); } } }
/** * Test la connexion à l'ad * @param array $valeur * $valeur['login'] * $valeur['passwd'] * $valeur['dc'] * $valeur['suffix'] * $valeur['serveur'] * @return Boolean */ function testerAD($valeur) { // instanciation de adldap $cheminAdldap = $this->getAbsolutePathForm() . "/adldap"; require_once $cheminAdldap . '/adLDAP.php'; $serveur[0] = $valeur['serveur']; $adldap = new adLDAP(array('base_dn' => $valeur['dc'], 'account_suffix' => $valeur['suffix'], 'domain_controllers' => $serveur)); //$adldap->close(); return $adldap->authenticate($valeur['login'], $valeur['passwd']); }
/** * Test la connexion à l'ad * @param array $valeur * $valeur['login'] * $valeur['passwd'] * $valeur['dc'] * $valeur['suffix'] * $valeur['serveur'] */ function testerAD($valeur) { // instanciation de adldap $cheminAdldap = $this->getAbsolutePath() . "adldap"; require_once $cheminAdldap . '/adLDAP.php'; $serveur[0] = $valeur['serveur']; $adldap = new adLDAP(array('base_dn' => $valeur['dc'], 'account_suffix' => $valeur['suffix'], 'domain_controllers' => $serveur)); $authUser = $adldap->authenticate($valeur['login'], $valeur['passwd']); $adldap->close(); if ($authUser == true) { echo "Test de connexion réussit"; } else { echo "Test de connexion échoué"; } }
$_SESSION['authenticated'] = ""; $_SESSION['rpage'] = $_SERVER['PHP_SELF']; $type = ""; $page = ""; } //LOGIN SCRIPT if ($login != "") { if ($user != NULL && $pass != NULL) { include "../includes/adLDAPgroup.php"; try { $adldap = new adLDAP(); } catch (adLDAPException $e) { echo $e; exit; } if ($adldap->authenticate($user, $pass)) { session_start(); $_SESSION['authenticated'] = "login"; $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; } else { $failed = 1; $_SESSION['authenticated'] = ""; } $group = "Corporate IT"; if ($adldap->user_ingroup($user, $group)) { $_SESSION['authenticated'] = "corpit"; header("Location: http://" . $_SERVER['HTTP_HOST'] . "/site/home.php"); } else { $failed2 = 1; $_SESSION['authenticated'] = "";
/** * Check user against AD */ function checkADLogin($username, $password) { /* get All settings */ $settings = getAllSettings(); //include login script include dirname(__FILE__) . "/adLDAP/src/adLDAP.php"; //open connection try { //get settings for connection $ad = getADSettings(); //AD $adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port'])); // set OpenLDAP flag if ($settings['domainAuth'] == "2") { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { die('<div class="alert alert-error">' . $e . '</div>'); } //user authentication $authUser = $adldap->authenticate($username, $password); if ($authUser == true) { global $db; $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); $query = "SELECT id FROM users WHERE username = '******';"; $user_id = $database->getRow($query); if (count($user_id) == 0) { $real_name = str_replace('.', ' ', $username); $real_name = ucwords($real_name); $email = $username . "@enovance.com"; $query = "INSERT INTO users (username, role, real_name, email, domainUser, lang) VALUES ('{$username}', 'Administrator', '{$real_name}', '{$email}', 1, 1);"; $database->executeQuery($query); $user_id = $database->insert_id; if (count($user_id) > 0) { updateLogTable('Created user ' . $username . ' successfully', "", 0); } } $database->close(); if (count($user_id) > 0) { updateLogTable('User ' . $username . ' authenticated against AD.', "", 0); return 'ok'; } else { updateLogTable('Failed to create user .' . $username, "", 2); return "Failed to creater user {$username}"; } } else { updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2); $err = $adldap->getLastError(); return 'Failed to authenticate user via AD!'; } }
/** * Validate a user's login credentials * * @param string $username A user's AD username * @param string $password A user's AD password * @param bool optional $prevent_rebind * @return bool */ public function authenticate($username, $password, $preventRebind = false) { return $this->adldap->authenticate($username, $password, $preventRebind); }
} //at least 2 chars if (strlen($_POST['dfilter']) < 2) { $Result->show("danger", _('Please enter at least 2 characters'), true); } //open connection try { if ($server->type == "NetIQ") { $params->account_suffix = ""; } //set options $options = array('base_dn' => $params->base_dn, 'account_suffix' => $params->account_suffix, 'domain_controllers' => explode(";", $params->domain_controllers), 'use_ssl' => $params->use_ssl, 'use_tls' => $params->use_tls, 'ad_port' => $params->ad_port); //AD $adldap = new adLDAP($options); //try to login with higher credentials for search $authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword); if ($authUser == false) { $Result->show("danger", _("Invalid credentials"), true); } // set OpenLDAP flag if ($server->type == "LDAP") { $adldap->setUseOpenLDAP(true); } //search groups $groups = $adldap->group()->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, true, "*{$_POST['dfilter']}*"); //echo $adldap->getLastError(); } catch (adLDAPException $e) { $Result->show("danger", $adldap->getLastError(), false); $Result->show("danger", $e->getMessage(), true); } //check for found
function UserIDAuthenticate($userid, $password) { $this->userid = $userid; $request = "SELECT s_nick, s_passwd, s_domain, s_gauditor, squiduser.s_group_id, s_autherrorc, s_autherrort, s_user_id FROM squiduser WHERE s_user_id='{$userid}'"; if ($this->LoadUserVariables($request) > 0) { require_once "src/adldap.php"; $adldserver = GetAuthParameter("adld", "adldserver"); $basedn = GetAuthParameter("adld", "basedn"); $adadmin = GetAuthParameter("adld", "adadmin"); $adadminpasswd = GetAuthParameter("adld", "adadminpasswd"); $adldusergroup = GetAuthParameter("adld", "usergroup"); $LDAPBASEDN2 = strtok($basedn, "."); $LDAPBASEDN = "DC={$LDAPBASEDN2}"; while (strlen($LDAPBASEDN2) > 0) { $LDAPBASEDN2 = strtok("."); if (strlen($LDAPBASEDN2) > 0) { $LDAPBASEDN = "{$LDAPBASEDN},DC={$LDAPBASEDN2}"; } } $pdc = array("{$adldserver}"); $options = array(account_suffix => "@{$basedn}", base_dn => "{$LDAPBASEDN}", domain_controllers => $pdc, ad_username => "{$adadmin}", ad_password => "{$adadminpasswd}", "", "", ""); $ldap = new adLDAP($options); if ($ldap->authenticate(SAMSLangToUTF8($this->UserName), $password)) { $this->authOk = 1; } } return $this->authOk; }
function checkcreds_ADGroups_ToServer($groups, $hostname, $username, $password, $account_suffix) { if (strlen($groups) == 0) { if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer no defined group in line:" . __LINE__); } return true; } $YGroups = array(); $zGroups = explode("\n", $groups); while (list($num, $ligne) = each($zGroups)) { $ligne = trim(strtolower($ligne)); if ($ligne == null) { continue; } $YGroups[$ligne] = $ligne; if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer checks group {$ligne} in line:" . __LINE__); } } if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer " . count($YGroups) . " in line:" . __LINE__); } if (count($YGroups) == 0) { if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer no group defined, return true in line:" . __LINE__); } return true; } if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer checks {$username} groups in line:" . __LINE__); } $account_suffixZ = explode(".", $account_suffix); while (list($num, $a) = each($account_suffixZ)) { $zsuffix[] = "DC={$a}"; } $suffix = @implode(",", $zsuffix); $options = array('base_dn' => $suffix, 'ad_username' => $username, 'ad_password' => $password, 'recursive_groups' => true, 'domain_controllers' => array($hostname), 'account_suffix' => "@{$account_suffix}"); $adldap = new adLDAP($options); $adldap->authenticate("{$username}", $password); $result = $adldap->user()->groups($username); if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog_array($GLOBALS["CLASS_ACTV"]); } if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer {$username} in:" . count($result) . " groups in line:" . __LINE__); } while (list($num, $group) = each($result)) { $group = trim(strtolower($group)); if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_AD checks {$group} group in line:" . __LINE__); } if (isset($YGroups[$group])) { if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_AD checks {$group} is OK in line:" . __LINE__); } return true; } } return false; }
/** * Check user against AD */ function checkADLogin($username, $password) { /* get All settings */ $settings = getAllSettings(); # include login script include dirname(__FILE__) . "/adLDAP/src/adLDAP.php"; # open connection try { # get settings for connection $ad = getADSettings(); # AD $adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port'])); # set OpenLDAP flag if ($settings['domainAuth'] == "2") { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { die('<div class="alert alert-danger">' . $e . '</div>'); } # user authentication $authUser = $adldap->authenticate($username, $password); # result if ($authUser == true) { return 'ok'; } else { $err = $adldap->getLastError(); print "<div class='alert alert-danger'>{$err}</div>"; return 'Failed to authenticate user via AD!'; } }
/** * AD (Active directory) authentication function * * Authenticates users against MS Active Directory * Using library > adLDAP - LDAP Authentication with PHP for Active Directory * http://adldap.sourceforge.net * * @access private * @param mixed $username * @param mixed $password * @return void */ private function auth_AD($username, $password) { # adLDAP script require dirname(__FILE__) . "/../adLDAP/src/adLDAP.php"; # open connection try { $ad = json_decode($this->authmethodparams, true); // parse settings for LDAP connection and store them to array # set controllers $ad['domain_controllers'] = explode(";", str_replace(" ", "", $ad['domain_controllers'])); # Initialize AD class $adldap = new adLDAP(array('base_dn' => @$ad['base_dn'], 'account_suffix' => @$ad['account_suffix'], 'domain_controllers' => @$ad['domain_controllers'], 'use_ssl' => @$ad['use_ssl'], 'use_tls' => @$ad['use_tls'], 'ad_port' => @$ad['ad_port'])); # set OpenLDAP flag if ($this->ldap) { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { $this->Log->write("AD connect error", "Failed to connect to AD: " . $e->getMessage(), 2, $username); $this->Result->show("danger", _("Error: ") . $e->getMessage(), true); } # authenticate if ($adldap->authenticate($username, $password)) { # save to session $this->write_session_parameters(); $this->Log->write("AD login", "User " . $this->user->real_name . " logged in via AD", 0, $username); $this->Result->show("success", _("AD Login successful")); # write last logintime $this->update_login_time(); # remove possible blocked IP $this->block_remove_entry(); } else { if (@$authAD == 'Failed to connect to AD!') { $this->Log->write("AD login", "Failed to connect to AD server", 2, $username); $this->Result->show("danger", _("Failed to connect to AD server"), true); } else { if (@$authAD == 'Failed to authenticate user via AD!') { # add blocked count $this->block_ip(); $this->Log->write("AD login", "User {$username} failed to authenticate against AD", 1, $username); $this->Result->show("danger", _("Failed to authenticate user against AD"), true); } else { # add blocked count $this->block_ip(); $this->Log->write("AD login", "User {$username} failed to authenticate against AD", 1, $username); $this->Result->show("danger", _("Invalid username or password"), true); } } } }
/** * Test la connexion à l'ad * @param array $valeur * $valeur['login'] * $valeur['passwd'] * $valeur['dc'] * $valeur['suffix'] * $valeur['serveur'] * @return Boolean */ function testerAD($valeur, $cheminAdldap = null) { // instanciation de adldap if ($cheminAdldap == null) { $cheminAdldap = $this->getAbsolutePath() . "plugins/groupead/adldap/adLDAP.php"; } require_once $cheminAdldap; $serveur[0] = $valeur['serveur']; $adldap = new adLDAP(array('base_dn' => $valeur['dc'], 'account_suffix' => $valeur['suffix'], 'domain_controllers' => $serveur)); //$adldap->close(); return $adldap->authenticate($valeur['login'], $valeur['passwd']); }