function checkLogin($username, $md5password, $rawpassword) { global $db; # get variables from config file /* check if user exists in local database */ $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); $query = 'select * from `users` where `username` = binary "' . $username . '" and `password` = BINARY "' . $md5password . '" and `domainUser` = "0" limit 1;'; /* execute */ try { $result = $database->getArray($query); } catch (Exception $e) { $error = $e->getMessage(); print "<div class='alert alert-error'>" . _('Error') . ": {$error}</div>"; return false; } /* close database connection */ $database->close(); /* locally registered */ if (sizeof($result) != 0) { # get user lang $lang = getLangById($result[0]['lang']); /* start session and set variables */ session_start(); $_SESSION['ipamusername'] = $username; $_SESSION['ipamlanguage'] = $lang['l_code']; session_write_close(); # print success print '<div class="alert alert-success">' . _('Login successful') . '!</div>'; # write log file updateLogTable('User ' . $username . ' logged in.', "", 0); } else { /* fetch settings */ $settings = getAllSettings(); /* if local failed and AD/OpenLDAP is selected try to authenticate */ if ($settings['domainAuth'] != "0") { /* check if user exist in database and has domain user flag */ $authAD = checkADLogin($username, $rawpassword); if ($authAD == "ok") { # get user lang $lang = getLangById($result[0]['lang']); /* start session and set variables */ session_start(); $_SESSION['ipamusername'] = $username; $_SESSION['ipamlanguage'] = $lang['l_code']; session_write_close(); # print success if ($settings['domainAuth'] == "1") { print '<div class="alert alert-success">' . _('AD login successful') . '!</div>'; updateLogTable('User ' . $username . ' logged in.', "", 0); } else { print '<div class="alert alert-success">' . _('LDAP login successful') . '!</div>'; updateLogTable('User ' . $username . ' logged in.', "", 0); } } else { if ($authAD == 'Failed to connect to AD!') { # print error if ($settings['domainAuth'] == "1") { print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to connect to AD server') . '!</div>'; updateLogTable('Failed to connect to AD!', "", 2); } else { print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to connect to LDAP server') . '!</div>'; updateLogTable('Failed to connect to LDAP!', "", 2); } } else { if ($authAD == 'Failed to authenticate user via AD!') { # print error if ($settings['domainAuth'] == "1") { print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to authenticate user against AD') . '!</div>'; updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2); } else { print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to authenticate user against LDAP') . '!</div>'; updateLogTable('User ' . $username . ' failed to authenticate against LDAP.', "", 2); } } else { # print error if ($settings['domainAuth'] == "1") { print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Wrong username or password') . '!</div>'; updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2); } else { print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Wrong username or password') . '!</div>'; updateLogTable('User ' . $username . ' failed to authenticate against LDAP.', "", 2); } } } } } else { # print error print '<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>' . _('Failed to log in') . '!</div>'; # write log file updateLogTable('User ' . $username . ' failed to log in.', "", 2); } } }
/** * Login authentication * * First we try to authenticate via local database * if it fails we querry the AD, if set in config file */ function checkLogin($username, $md5password, $rawpassword) { global $db; # set failed flag to update authFailed table $authFailed = true; $updatepass = false; $uerror = ""; $lerror = ""; # fetch settings to get auth types $settings = getAllSettings(); # for login check $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); # escape vars to prevent SQL injection $username = $database->real_escape_string($username); # try to fetch user $query = 'select * from `users` where `username` = "' . $username . '" limit 1;'; /* execute */ try { $result = $database->getArray($query); } catch (Exception $e) { $error = $e->getMessage(); print "<div class='alert alert-danger'>" . _('Error') . ": {$error}</div>"; return false; } # verify type and password if (sizeof($result) > 0) { # reset var $user = $result[0]; /** * local auth */ if ($user['domainUser'] == "0") { # try crypt if (substr($user['password'], 0, 1) == "\$") { if ($user['password'] == crypt($rawpassword, $user['password'])) { $authFailed = false; } } else { if ($user['password'] == $md5password) { $authFailed = false; $updatepass = true; } else { $authFailed = true; } //no math, fail } # ok if ($authFailed == false) { # try to update pass to crypt, only if version already changed if ($updatepass && $settings['version'] == "1.1") { update_user_pass_to_crypt($username, $rawpassword); } # save results $uerror = 'Login successful'; $lerror = 'User ' . $user['real_name'] . ' logged in.'; } else { $uerror = 'Failed to log in'; $lerror = 'User ' . $username . ' failed to log in.'; } } elseif ($settings['domainAuth'] == "1" && $user['domainUser'] == "1") { # try to authenticate against AD $authAD = checkADLogin($username, $rawpassword); /** * AD auth suceeded */ if ($authAD == "ok") { # set flag $authFailed = false; # save results $uerror = 'AD Login successful'; $lerror = 'User ' . $user['real_name'] . ' logged in.'; } else { if ($authAD == 'Failed to connect to AD!') { $uerror = 'Failed to connect to AD server'; $lerror = 'Failed to connect to AD!'; } else { if ($authAD == 'Failed to authenticate user via AD!') { $uerror = 'Failed to authenticate user against AD'; $lerror = 'User failed to authenticate against AD.'; } else { $uerror = 'Wrong username or password'; $lerror = 'User failed to authenticate against AD.'; } } } } elseif ($settings['domainAuth'] == "2" && $user['domainUser'] == "1") { # try to authenticate against AD $authAD = checkADLogin($username, $rawpassword); /** * AD auth suceeded */ if ($authAD == "ok") { # set flag $authFailed = false; # save results $uerror = 'LDAP Login successful'; $lerror = 'User ' . $user['real_name'] . ' logged in.'; } else { if ($authAD == 'Failed to connect to AD!') { $uerror = 'Failed to connect to LDAP server'; $lerror = 'Failed to connect to LDAP!'; } else { if ($authAD == 'Failed to authenticate user via AD!') { $uerror = 'Failed to authenticate user against LDAP'; $lerror = 'User failed to authenticate against LDAP.'; } else { $uerror = 'Wrong username or password'; $lerror = 'User failed to authenticate against LDAP.'; } } } } else { $uerror = 'Failed to log in'; $lerror = 'User ' . $username . ' failed to log in.'; } } else { $uerror = 'Failed to log in'; $lerror = 'User ' . $username . ' failed to log in.'; } /** * print errors */ if ($authFailed == true) { # print success print '<div class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">×</button>' . _($uerror) . '!</div>'; # write log file updateLogTable($lerror, "", 2); # also update blocked IP table if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } # add block count block_ip($ip); } else { # get user lang $lang = getLangById($user['lang']); /* start session and set variables */ global $phpsessname; if (strlen($phpsessname) > 0) { session_name($phpsessname); } session_start(); $_SESSION['ipamusername'] = $username; $_SESSION['ipamlanguage'] = $lang['l_code']; $_SESSION['lastactive'] = time(); session_write_close(); # print success print '<div class="alert alert-success">' . _($uerror) . '!</div>'; # write log file updateLogTable($lerror, "", 0); } }