Exemple #1
0
         if ($content['SearchField'] == "") {
             $content['ISERROR'] = true;
             $content['ERROR_MSG'] = $content['LN_FIELDS_ERROR_SEARCHFIELDEMPTY'];
         } else {
             if ($content['FieldDefine'] == "") {
                 $content['ISERROR'] = true;
                 $content['ERROR_MSG'] = $content['LN_FIELDS_ERROR_FIELDDEFINEEMPTY'];
             }
         }
     }
 }
 // ---
 if (!isset($content['ISERROR'])) {
     // Everything was alright, go and check if the entry exists!
     $result = DB_Query("SELECT FieldID FROM " . DB_FIELDS . " WHERE FieldID = '" . $content['FieldID'] . "'");
     $myrow = DB_GetSingleRow($result, true);
     if (!isset($myrow['FieldID'])) {
         // Add custom Field now!
         $sqlquery = "INSERT INTO " . DB_FIELDS . " (FieldID, FieldCaption, FieldDefine, SearchField, FieldAlign, DefaultWidth, FieldType, SearchOnline) \n\t\t\tVALUES (\n\t\t\t\t\t'" . $content['FieldID'] . "', \n\t\t\t\t\t'" . $content['FieldCaption'] . "',\n\t\t\t\t\t'" . $content['FieldDefine'] . "',\n\t\t\t\t\t'" . $content['SearchField'] . "',\n\t\t\t\t\t'" . $content['FieldAlign'] . "', \n\t\t\t\t\t" . $content['DefaultWidth'] . ", \n\t\t\t\t\t" . $content['FieldType'] . ", \n\t\t\t\t\t" . $content['SearchOnline'] . " \n\t\t\t\t\t)";
         $result = DB_Query($sqlquery);
         DB_FreeQuery($result);
         // Do the final redirect
         RedirectResult(GetAndReplaceLangStr($content['LN_FIELDS_HASBEENADDED'], DB_StripSlahes($content['FieldCaption'])), "fields.php");
     } else {
         // Edit the Search Entry now!
         $result = DB_Query("UPDATE " . DB_FIELDS . " SET \n\t\t\t\tFieldCaption = '" . $content['FieldCaption'] . "', \n\t\t\t\tFieldDefine = '" . $content['FieldDefine'] . "', \n\t\t\t\tSearchField = '" . $content['SearchField'] . "', \n\t\t\t\tFieldAlign = '" . $content['FieldAlign'] . "', \n\t\t\t\tDefaultWidth = " . $content['DefaultWidth'] . ", \n\t\t\t\tFieldType = " . $content['FieldType'] . ", \n\t\t\t\tSearchOnline = " . $content['SearchOnline'] . "\n\t\t\t\tWHERE FieldID = '" . $content['FieldID'] . "'");
         DB_FreeQuery($result);
         // Done redirect!
         RedirectResult(GetAndReplaceLangStr($content['LN_FIELDS_HASBEENEDIT'], DB_StripSlahes($content['FieldCaption'])), "fields.php");
     }
 }
function CheckLDAPUserLogin($username, $password)
{
    global $content;
    // Create LDAP Searchfilter
    $ldap_filter = '(&' . $content['LDAPSearchFilter'] . '(' . $content['LDAPUidAttribute'] . '=' . $username . '))';
    // Get LDAP Connection
    $ldapConn = DoLDAPConnect();
    if ($ldapConn) {
        if (!DoLDAPBind($ldapConn)) {
            if (GetConfigSetting("DebugUserLogin", 0) == 1) {
                // Die with error
                DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $content['LDAPBindDN'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
            }
            return false;
        }
    } else {
        if (GetConfigSetting("DebugUserLogin", 0) == 1) {
            // Die with error
            DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_SERVERFAILED'], $content['LDAPServer'] . ":" . $content['LDAPPort'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
        }
        // return false in this case
        return false;
    }
    // Search for the user
    if (!($r = @ldap_search($ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid", "cn", "localentryid", "userpassword")))) {
        if (GetConfigSetting("DebugUserLogin", 0) == 1) {
            // Die with error
            DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'], $username, ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
        }
        // return false in this case
        return false;
    }
    $info = ldap_get_entries($ldapConn, $r);
    if (!$info || $info["count"] != 1) {
        if (GetConfigSetting("DebugUserLogin", 0) == 1) {
            // Die with error
            DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERNOTFOUND'], $username), $ldap_filter);
        }
        // return false in this case
        return false;
    }
    // now we have the user data. Do a bind to check for his password
    if (!($r = @ldap_bind($ldapConn, $info[0]['dn'], $password))) {
        if (GetConfigSetting("DebugUserLogin", 0) == 1) {
            // Die with error
            DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_PASSWORDFAIL'], $username), $ldap_filter);
        }
        // return false in this case
        return false;
    }
    // for the moment when a user logs in from LDAP, create it in the DB.
    // then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code…
    //
    // added by czhujer
    //
    $ldapadmingroup = "cn=loganalyzeradminusers,cn=groups,cn=accounts,dc=someorg,dc=en";
    if (LdapCheckGroup($ldapConn, $info[0]['dn'], $ldapadmingroup)) {
        $ldapuser_is_admin = 1;
        $ldapuser_is_readonly = 0;
        //echo "You're (".$info[0]['dn'].") member of \"".$ldapadmingroup."\"";
    } else {
        //echo "You're (".$info[0]['dn'].") not member of \"".$ldapadmingroup."\"";
        $ldapuser_admin = 0;
        $ldapuser_is_readonly = 1;
    }
    /* debug   
       echo "<pre>";  
       print_r($info);  
       echo "</pre>";  
       DebugLDAPErrorAndDie("" , $ldap_filter );   
       */
    //
    // end of czhujer modify
    //
    /* DB_RemoveBadChars() needs to be done here to maintain backwards compatibility even if it is not needed here*/
    $md5pass = md5(DB_RemoveBadChars($password));
    // check if the user already exist
    $sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '******'";
    $result = DB_Query($sqlquery);
    $myrow = DB_GetSingleRow($result, true);
    if (!isset($myrow['is_admin'])) {
        // Create User | use password to create MD5 Hash, so technically the user could login without LDAP as well
        //$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . $md5pass . "', 0, 1)";
        //modified by czhujer
        $sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES " . "('" . $username . "', '" . $md5pass . "', " . intval($ldapuser_is_admin) . ", " . intval($ldapuser_is_readonly) . ")";
        $result = DB_Query($sqlcmd);
        DB_FreeQuery($result);
        $myrow['is_admin'] = 0;
        $myrow['last_login'] = 0;
        $myrow['is_readonly'] = 1;
    }
    // Construct Row and return
    $myrowfinal['username'] = $username;
    $myrowfinal['password'] = $md5pass;
    $myrowfinal['dn'] = $info[0]['dn'];
    if (isset($myrow['ID'])) {
        $myrowfinal['ID'] = $myrow['ID'];
    } else {
        $myrowfinal['ID'] = DB_ReturnLastInsertID();
    }
    // Get from last insert!
    $myrowfinal['is_admin'] = $myrow['is_admin'];
    $myrowfinal['is_readonly'] = $myrow['is_readonly'];
    $myrowfinal['last_login'] = $myrow['last_login'];
    return $myrowfinal;
}