/**
* Authenticates the user and retrieves a bunch of data about him/her from AD
* Returns whether the user was authenticated (boolean)
*
* @param unknown_type $username
* @param unknown_type $password
*/
function authenticateUser($username, $password)
{
// init the return value
$retVal = false;
// include the AD utils
include_once "phpAD.inc.php";
// include the app;lication constants
include_once "Constants.php";
// parse the config file
$config = parse_ini_file("Config.ini", 1);
// create and connect to the AD
$ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']);
// validate the user
$retVal = $ad->bind($username . $config['Security']['DomainSuffix'], $password);
// get the name of the product
$product = $config['Product']['Name'];
// if the user authenticated
if ($retVal) {
// get the user info
$userInfo = $ad->getUser($username);
// set the user info
$this->setUserName($username);
$this->setFirstName($userInfo['givenname'][0]);
$this->setLastName($userInfo['sn'][0]);
// if we got a telephone number from AD, set it
if (isset($userInfo['telephonenumber'][0])) {
$this->setPhoneNumber($userInfo['telephonenumber'][0]);
}
// if we got a department number from AD, set it
if (isset($userInfo['department'][0])) {
$this->setDepartment($userInfo['department'][0]);
}
// if we got a email address from AD, set it
if (isset($userInfo['mail'][0])) {
$this->setEmailAddress($userInfo['mail'][0]);
}
// reset role list
$this->Role = array();
// include the lookup object
include_once "Lookups.php";
// include the user LU object
include_once "UserLU.php";
// create a new object
$userlu = new UserLU();
// load the names
$userlu->getAllUserNames();
// get the user ID
$ID = $userlu->getItemIDByName($username);
// did we get a valid ID
if (!empty($ID)) {
$this->ID = $ID;
}
// get a lookup object
$roleLUs = new Lookups();
// get the items for the pull down
$roleLUs->getLookupByName("RoleLU");
//error_log(print_r($roleLUs, true));
// check if the user is a memeber of a role
if (isset($userInfo['memberof'])) {
// loop though the roles for this user
foreach ($userInfo['memberof'] as $item) {
// look for the product identifier in the role name
$pos = strpos($item, $product . " ");
// did we find it
if ($pos > 0) {
// find the position of the end of the product name
$productEnd = $pos + strlen($product);
// find the position of the next comma (AD returns a comma separated list of items, we only care about the first one)
$comma = strpos($item, ",");
// get the role name
$roleName = substr($item, $pos, $comma - $pos);
// init the role ID
$roleID = null;
// get the ID of the role by looking up the role name in the database
$roleID = $roleLUs->getItemIDByName($roleName);
//error_log(print_r($roleID, true));
// did we get a valid role ID
if (!empty($roleID) && isset($roleID)) {
// save the role ID
$this->Role[] = $roleID;
// if this guy is an administrator
if (strpos($roleName, "Administrator")) {
$this->setAdminUser(true);
}
}
}
}
}
//error_log(print_r($userInfo, true));
} else {
error_log("Error: Could not bind to the UNC AD for user: " . $username, 0);
}
// if there are no roles assigned to the user deny access
if (!isset($this->Role) || !isset($this->ID) || empty($this->Role)) {
$retVal = false;
}
// return to the caller
return $retVal;
}
// get a lookup object
$lus = new Lookups();
// get the items for the pull down
$lus->getLookupByName("RoleLU");
// loop though the roles for this user
foreach ($userInfo['memberof'] as $item) {
// look for the NCGENES identifier
$pos = strpos($item, "RENCI_NCGENES ");
// did we find it
if ($pos > 0) {
// find the next comma
$comma = strpos($item, ",");
// get the role name
$roleName = substr($item, $pos, $comma - $pos);
// get the ID of the role
$ID = $lus->getItemIDByName($roleName);
// did we get a valid ID
if (!empty($ID)) {
$this->Role[] = $ID;
}
// save the role ID
}
}
}
/*
$retVal = $ad->getUser("jpevans");//ptowen.adm
print_r($retVal);
print_r($retVal['memberof']);
