function login_with_ldap($uid, $passwd, $next_url, $perm)
{
list($ldap_user, $error_msg) = ldap_auth($uid, $passwd);
if ($error_msg) {
error_page($error_msg);
}
$x = ldap_email_string($uid);
$user = BoincUser::lookup_email_addr($x);
if (!$user) {
// LDAP authentication succeeded but we don't have a user record.
// Create one.
//
$user = make_user_ldap($x, $ldap_user->name);
}
if (!$user) {
error_page("Couldn't create user");
}
Header("Location: " . url_base() . "{$next_url}");
send_cookie('auth', $user->authenticator, $perm);
return;
}
function univ_authenticate($user_id, $pass, $auth = false, $prot = false, $serv_account = false)
{
#some authorities can be endorsed - that means that, if they are authenticated, a user account may be created frmo them immediatelly;
if (ereg('^(http:|https:|ldap:|ftp:|smtp:){0,1}(.*):(.*)$', $user_id, $res) && !$prot) {
#ereg('([a-zA-Z0-9]+:){2,}',$user_id,$res);
list($usId, $prot, $auth, $email) = $res;
$valid = 0;
$prot = ereg_replace(':$', '', $prot);
} else {
$email = $user_id;
}
switch ($prot) {
case 'ldap':
#if($auth=='mdanderson'){
#$server = 'ldaps://ldap.mdanderson.org:636';
#}
#elseif($auth=='eApps') {
#$server = 'ldap://s3db.virtual.vps-host.net';
#if(!$email) $email = 'cn=Manager, dc=my-domain, dc=com';
#if(!$pass) $pass = '******';
#}
$server = $auth;
list($valid, $token) = ldap_auth($server, $email, $pass, $serv_account);
break;
case 'ftp':
$valid = ftp_auth($auth, $email, $pass);
break;
default:
switch ($auth) {
case 'google':
list($valid, $token) = google_auth("https://www.google.com/accounts/ClientLogin", $email, $pass);
$token = md5($token);
$expires = date('Y-m-d', time() + 1 * 24 * 60 * 60);
##token actually lasts for 2 weeks :O, but i will leave it 24 h for now.
break;
default:
if (ereg('^s3db', $auth)) {
#start by resolving the s3db uri
ereg('(s3db:){0,1}(.*)$', $auth, $s3);
list($s3_auth, $s3root, $s3name) = $s3;
switch ($s3name) {
case 'TCGA':
$url = 'http://ibl.mdanderson.org/TCGA';
break;
default:
$url = $GLOBALS['s3db_info']['deployment']['mothership'] . $s3name;
}
list($valid, $token, $expires) = s3db_auth($url, $email, $pass);
#try s3db auth
} else {
$valid = 0;
$token = "User was not validated.";
}
}
}
return array($valid, $token, $expires);
}
ldap_close($ldapconn_s);
// connect to ldap server
$ldapconn = ldap_connect($ldap_server) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($ldapconn) {
// try to bind/authenticate against ldap
$ldapbind = @ldap_bind($ldapconn, $ldap_user, $ldap_pass) || forbidden();
// "LDAP bind successful...";
error_log("success: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER']);
}
ldap_close($ldapconn);
}
// no cache
session_cache_limiter('nocache');
session_start();
header('Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
header("Expires: 0");
if (@$_SESSION['AUTH'] != 1) {
authenticate();
}
if (empty($_SERVER['PHP_AUTH_USER'])) {
authenticate();
}
// check credentials
ldap_auth();
// Get requested file name
$path = $_SERVER["REQUEST_URI"];
error_log("serving: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER'] . ', path: ' . $path);
header("Content-Type: ", true);
header("X-Accel-Redirect: /protected" . $path);
require_once "../inc/util.inc";
require_once "../inc/email.inc";
require_once "../inc/xml.inc";
require_once "../inc/ldap.inc";
xml_header();
$retval = db_init_xml();
if ($retval) {
xml_error($retval);
}
$ldap_auth = get_str("ldap_auth", true);
if (LDAP_HOST && $ldap_auth) {
// LDAP case.
//
$ldap_uid = get_str("ldap_uid");
$passwd = get_str("passwd");
list($ldap_user, $error_msg) = ldap_auth($ldap_uid, $passwd);
if ($error_msg) {
xml_error(ERR_BAD_USER_NAME, $error_msg);
}
$x = ldap_email_string($ldap_uid);
$user = BoincUser::lookup_email_addr($x);
if (!$user) {
$user = make_user_ldap($x, $ldap_user->name);
if (!$user) {
xml_error(-1, "user record creation failed");
}
}
} else {
// normal (non-LDAP) case
$email_addr = get_str("email_addr");
$passwd_hash = get_str("passwd_hash", true);
$username = ntlm_get_user();
} else {
$username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
}
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_type\n FROM " . USERS_TABLE . "\n WHERE username = '******'", "''", $username) . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$use_ldap = $use_ldap && $row['user_type'] !== User_Type_phpBB ? TRUE : FALSE;
if ($use_ldap) {
// LDAP is in use and the user is not a phpBB Only User.
$ldap_auth_result = ldap_auth($username, $password);
} else {
// We are not using LDAP or our user is phpBB only.
$ldap_auth_result = false;
}
if ($row == false && $use_ldap && $ldap_auth_result == LDAP_AUTH_OK) {
add_ldap_user($username);
// User didnt exist, they do now, reuse the SQL.
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
}
if ($row) {
if ($row['user_level'] != ADMIN && $board_config['board_disable']) {
redirect(append_sid("index.{$phpEx}", true));
public function auth_user($login, $password)
{
global $USERSTABLE;
$_SESSION['LOGIN_REALM'] = 'local';
//LDAP
if (ldap_auth($login, $password)) {
//if password is valid in LDAP, we only have to check if user exists in the DB
$sql = "SELECT `userID` FROM `{$USERSTABLE}` WHERE login='******' AND act=1;";
} else {
//if LDAP didn't work, we check both login and passwd
$password = hashpass($password);
$sql = "SELECT `userID` FROM `{$USERSTABLE}` WHERE login='******' AND pass='******' AND act=1;";
}
//END LDAP
$result = db_query($sql);
$ileadmin = count($result);
if ($ileadmin == 1) {
return $result[0][0];
}
return -1;
}
<center>
<form name="form2" action="ldaplogin.php" method="post" >
<input type="text" name="username" placeholder="Username" /><br>
<input type="password" name="password" placeholder="password"/><br>
<input type="submit" name="submit" value="Log in"/>
</form>
</center>
<?php
if (isset($_POST['submit'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
ldap_auth($user, $pass);
}
function ldap_auth($ldap_id, $ldap_password)
{
$ds = ldap_connect("ldap.iitb.ac.in") or die("Unable to connect to LDAP server. Please try again later.");
if ($ldap_id == '') {
die("You have not entered any LDAP ID. Please go back and fill it up.");
}
if ($ldap_password == '') {
die("You have not entered any password. Please go back and fill it up.");
}
$sr = ldap_search($ds, "dc=iitb,dc=ac,dc=in", "(uid={$ldap_id})");
$info = ldap_get_entries($ds, $sr);
$roll = $info[0]["employeenumber"][0];
$ldap_id = $info[0]['dn'];
if (@ldap_bind($ds, $ldap_id, $ldap_password)) {
echo '<pre>';
print_r($info[0]);
echo '</pre>';
//for every information
function cn_login()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$action = empty($_GET['action']) ? 'show form' : $_GET['action'];
$returnto = empty($_GET['returnto']) ? '' : $_GET['returnto'];
if (isset($COLLATE['user']['username'])) {
// The user is already logged in
$notice = "alreadyloggedin-notice";
header("Location: index.php?notice={$notice}");
exit;
}
if ($action != "login") {
require_once './include/header.php';
echo "<h1>" . $COLLATE['languages']['selected']['Login'] . "</h1>\n" . "<br />";
?>
<div style="float: left; width: 28%;">
<form action="login.php?op=login&action=login&returnto=<?php
echo urlencode($returnto);
?>
" method="post">
<p><b><?php
echo $COLLATE['languages']['selected']['Username'];
?>
:</b><br />
<input name="username" type="text" size="15" /></p>
<p><b><?php
echo $COLLATE['languages']['selected']['Password'];
?>
:</b><br />
<input name="password" type="password" size="15" /></p>
<p><input type="submit" value=" <?php
echo $COLLATE['languages']['selected']['Go'];
?>
" /></p>
</form>
</div>
<script type="text/javascript">
window.onload = function() {
setTimeout("document.forms[0].username.focus()",1);
}
</script>
<?php
if ($COLLATE['settings']['auth_type'] != 'db') {
echo "<div id=\"helper\" style=\"float: left; width: 70%; padding-left: 10px; border-left: 1px solid #000;\">\n" . "<p><b>" . $COLLATE['languages']['selected']['Note'] . ":</b><br />\n" . $COLLATE['languages']['selected']['ldapformatnote'] . "</p>\n";
if (!empty($COLLATE['settings']['domain'])) {
echo "<p>" . $COLLATE['languages']['selected']['domainnote'] . "</p>";
} else {
echo "<p>" . $COLLATE['languages']['selected']['nodomainnote'] . "</p>\n";
}
echo "</div>";
}
echo "<p style=\"clear: left;\">";
require_once './include/footer.php';
exit;
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
if (strlen($username) < "4") {
$notice = "shortusername-notice";
$returnto = urlencode($returnto);
header("Location: login.php?notice={$notice}&returnto={$returnto}");
exit;
}
$auth = auth($username, $password);
if ($auth == 'ldap') {
$auth = ldap_auth($username, $password);
$authtype = 'ldap';
}
if ($auth == FALSE) {
$level = "5";
$message = "authentication failed: {$username}";
collate_log($level, $message);
$sql = "UPDATE users SET loginattempts=loginattempts+1 WHERE username='******'";
$dbo->query($sql);
$notice = "failedlogin-notice";
$returnto = urlencode($returnto);
header("Location: login.php?notice={$notice}&returnto={$returnto}");
exit;
}
if ($auth == "locked") {
$level = "5";
$message = "user account locked: {$username}";
collate_log($level, $message);
$notice = "lockedaccount-notice";
header("Location: login.php?notice={$notice}");
exit;
}
// If they have gotten this far, they entered a correct pair of username and password.
$now = date('Y-m-d H:i:s');
$_SESSION['username'] = $username;
$_SESSION['accesslevel'] = $auth['accesslevel'];
$_SESSION['language'] = $auth['language'];
$_SESSION['ldapexempt'] = $auth['ldapexempt'];
$sql = "UPDATE users SET loginattempts='0' WHERE username='******'";
$dbo->query($sql);
$sql = "UPDATE users SET last_login_at=NOW() WHERE username='******'";
$dbo->query($sql);
if ($auth['passwdexpire'] < $now && $auth['passwdexpire'] != '0000-00-00 00:00:00' || isset($auth['tmppasswd'])) {
$returnto = urlencode($returnto);
$notice = "passwdexpired-notice";
header("Location: login.php?op=changepasswd&returnto={$returnto}¬ice={$notice}");
exit;
}
if ($authtype == 'ldap') {
$_SESSION['auth_type'] = 'ldap';
}
$notice = "loginsuccess-notice";
if (stristr($returnto, "?") == TRUE) {
$sep = "&";
} else {
$sep = "?";
}
$returnto .= $sep . "notice=" . $notice;
if (stristr($returnto, ".php") == TRUE) {
header("Location: {$returnto}");
exit;
} else {
header("Location: index.php?notice={$notice}");
exit;
}
}
if (!defined('DIRECT_ACCESS')) {
die('ERR: access denied');
die;
}
require_once 'f-settings.php';
require_once 'f-ldap.php';
require_once 'f-ip.php';
if (isset($_POST['myusername'], $_POST['mypassword'])) {
ob_start();
/*
*---------------------------------------------------------------
* Call ldap_auth function from f-ldap.php
*---------------------------------------------------------------
*
*/
if (ldap_auth($_POST['myusername'], $_POST['mypassword'])) {
$my_usr = $_POST['myusername'];
/*
*---------------------------------------------------------------
* Sanitize username
*---------------------------------------------------------------
*
*/
$my_usr = filter_var($my_usr, FILTER_SANITIZE_STRING);
$my_usr = filter_var($my_usr, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH);
/*
*---------------------------------------------------------------
* Save the vars accross pages
*---------------------------------------------------------------
*
*/
function verify() {
if (isset($_SESSION['user'])) {
// Return: Already logged in
return true;
}
$userName = $_POST["userName"];
$password = $_POST["md5"];
$userName = sanitize_input($userName,2);
$password = sanitize_input($password,1);
### Disable clear text password. Password is encrypted in the browser with javascript
#$password = $_POST["password"];
// Assuming we have a valid username/password, check LDAP for authentication
if (($userName != "") && ($password != "")) {
$ldapVerified = ldap_auth ($userName, $password);
} else {
// user must log in
$text = "Please login";
write_log_in( $text );
exit;
}
// If LDAP is disabled, use database to authenticate
if ($ldapVerified == -1) {
// verify username/password and log in
$query = "
SELECT id
FROM people
WHERE username = '******'
AND password = '******'
AND status > 0";
$result = run_query($query);
$numMatchingUsers = count($result);
} elseif ($ldapVerified == 0) {
// LDAP is enabled but authentication failed -> deny login
$numMatchingUsers = 0;
} elseif ($ldapVerified == 1) {
// LDAP authentication succeeded
// Remove the domain portion of the username
$shortUserName = get_user_sans_domain($userName);
// Get the userid for the short form of the username after authenticating with domain
$result = get_ldap_userid($shortUserName);
$numMatchingUsers = count($result);
} else {
$msg = "Unable to authenticate: Unknown return code from ldap_auth: ($ldapVerified)";
log_entry ($msg);
die ($msg);
}
if ( ($numMatchingUsers == 0) and ($ldapVerified == 1) ) {
// New user exists in LDAP. Create entry for new user.
$msg = "Creating new user entry for $userName after authenticating with LDAP.";
log_entry($msg);
// Remove the domain portion of the username
$shortUserName = get_user_sans_domain($userName);
// add_update_user($username, $md5, $password, $firstname, $lastname, $email, $totalGroup, $randomPass);
add_update_user($shortUserName, "LDAP", "LDAP", $shortUserName, null,null, "users", null);
$result = get_ldap_userid($shortUserName);
$numMatchingUsers = count($result);
}
if ($numMatchingUsers > 0) {
// Make sure we don't have more than one matching user (should be impossible)
if ($numMatchingUsers > 1) {
$msg = "Error: Multiple users with the same username: $userName";
log_entry ($msg);
die ($msg);
}
$user = implode ("", $result);
// register session variables and log the login
$_SESSION['user'] = $user;
$_SESSION['username'] = $userName;
log_session ("login");
$cmd = "UPDATE people SET last_login = now() WHERE id = $user";
// Get the user's rights and save them in a session var
$query = "
SELECT rights.Actionid
FROM people_groups, rights
WHERE people_groups.userid = '$user'
AND people_groups.groupid = rights.Usergroupid";
$actionId = run_query($query);
$_SESSION['rights'] = $actionId;
run_sql_cmd($cmd);
// Return: successful login
return true;
} elseif (
($numMatchingUsers == 0)
and ( ($ldapVerified == 0) or ($ldapVerified == -1) )
) {
// bad user and password
$_SESSION['badlogin'] = $userName;
log_session ("badlogin");
$text = "Invalid username and/or password";
write_log_in( $text );
exit;
} else {
// This should never happen.
debug_msg ("Unanticipated condition: numMatchingUsers=($numMatchingUsers) and ldapVerified=($ldapVerified)");
$msg = "Error: Unrecoverable condition during login for user ($userName)";
log_entry ($msg);
die ($msg);
}
} // end verify function
