Exemple #1
0
function login($success, $username, $password, $remember_me)
{
    global $conf;
    $allow_auth = False;
    $obj = new Ldap();
    $obj->load_config();
    $obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString());
    // if there's a users group...
    if ($obj->config['users_group']) {
        // and the user is in
        if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) {
            // it can continue
            $allow_auth = True;
        } else {
            // otherwise it means the user is not allowed to enter !
            fail($username);
        }
    } else {
        // if there's no user group, we can continue.
        $allow_auth = True;
    }
    if ($allow_auth) {
        if ($obj->ldap_bind_as($username, $password)) {
            // bind with userdn
            // search user in piwigo database
            $query = '
				SELECT	' . $conf['user_fields']['id'] . ' AS id
				FROM ' . USERS_TABLE . '
				WHERE	' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';';
            $row = pwg_db_fetch_assoc(pwg_query($query));
            // if query is not empty, it means everything is ok and we can continue, auth is done !
            if (!empty($row['id'])) {
                update_user($username, $row['id']);
                log_user($row['id'], $remember_me);
                trigger_action('login_success', stripslashes($username));
                return True;
            } else {
                // this is where we check we are allowed to create new users upon that.
                if ($obj->config['allow_newusers']) {
                    // we got the email address
                    if ($obj->ldap_mail($username)) {
                        $mail = $obj->ldap_mail($username);
                    } else {
                        $mail = NULL;
                    }
                    // we actually register the new user
                    $new_id = register_user($username, random_password(8), $mail);
                    update_user($username, $new_id);
                    // now we fetch again his id in the piwigo db, and we get them, as we just created him !
                    log_user($new_id, False);
                    trigger_action('login_success', stripslashes($username));
                    redirect('profile.php');
                    return true;
                } else {
                    fail($username);
                }
            }
        } else {
            fail($username);
        }
    } else {
        fail($username);
    }
}
    if (isset($_POST['LD_SEARCH_USERS'])) {
        $me->config['ld_search_users'] = True;
    } else {
        $me->config['ld_search_users'] = False;
    }
}
// Save LDAP configuration
if (isset($_POST['save'])) {
    $me->save_config();
}
// Check LDAP configuration
// the user need to have saved his config to do that.
if (isset($_POST['check_ldap'])) {
    if ($me->config['users_group']) {
        if ($me->user_membership($_POST['USERNAME'], $me->ldap_group($me->config['users_group']))) {
            if ($me->ldap_bind_as($_POST['USERNAME'], $_POST['PASSWORD'])) {
                // search groups
                $group_query = 'SELECT name, id FROM ' . GROUPS_TABLE . ';';
                $groups = pwg_query($group_query);
                $sentence = '';
                foreach ($groups as $group) {
                    if ($me->user_membership($_POST['USERNAME'], $me->ldap_group($group['name']))) {
                        $sentence = $sentence . ', ' . $group['name'];
                    }
                }
                $template->assign('LD_CHECK_LDAP', '<p style="color:green;">Configuration LDAP OK : ' . $_POST['USERNAME'] . ' is in users' . $sentence . ' group(s) and can auth. He is a ' . $me->ldap_status($_POST['USERNAME']) . ' user according to the plugin.</p>');
            } else {
                $template->assign('LD_CHECK_LDAP', '<p style="color:red;">Error : test ' . $me->config['uri'] . ' ' . $me->ldap_name($_POST['USERNAME']) . '</p>');
            }
        }
    } else {