/** * Authenticates the user and retrieves a bunch of data about him/her from AD * Returns whether the user was authenticated (boolean) * * @param unknown_type $username * @param unknown_type $password */ function authenticateUser($username, $password) { // init the return value $retVal = false; // include the AD utils include_once "phpAD.inc.php"; // include the app;lication constants include_once "Constants.php"; // parse the config file $config = parse_ini_file("Config.ini", 1); // create and connect to the AD $ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']); // validate the user $retVal = $ad->bind($username . $config['Security']['DomainSuffix'], $password); // get the name of the product $product = $config['Product']['Name']; // if the user authenticated if ($retVal) { // get the user info $userInfo = $ad->getUser($username); // set the user info $this->setUserName($username); $this->setFirstName($userInfo['givenname'][0]); $this->setLastName($userInfo['sn'][0]); // if we got a telephone number from AD, set it if (isset($userInfo['telephonenumber'][0])) { $this->setPhoneNumber($userInfo['telephonenumber'][0]); } // if we got a department number from AD, set it if (isset($userInfo['department'][0])) { $this->setDepartment($userInfo['department'][0]); } // if we got a email address from AD, set it if (isset($userInfo['mail'][0])) { $this->setEmailAddress($userInfo['mail'][0]); } // reset role list $this->Role = array(); // include the lookup object include_once "Lookups.php"; // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $ID = $userlu->getItemIDByName($username); // did we get a valid ID if (!empty($ID)) { $this->ID = $ID; } // get a lookup object $roleLUs = new Lookups(); // get the items for the pull down $roleLUs->getLookupByName("RoleLU"); //error_log(print_r($roleLUs, true)); // check if the user is a memeber of a role if (isset($userInfo['memberof'])) { // loop though the roles for this user foreach ($userInfo['memberof'] as $item) { // look for the product identifier in the role name $pos = strpos($item, $product . " "); // did we find it if ($pos > 0) { // find the position of the end of the product name $productEnd = $pos + strlen($product); // find the position of the next comma (AD returns a comma separated list of items, we only care about the first one) $comma = strpos($item, ","); // get the role name $roleName = substr($item, $pos, $comma - $pos); // init the role ID $roleID = null; // get the ID of the role by looking up the role name in the database $roleID = $roleLUs->getItemIDByName($roleName); //error_log(print_r($roleID, true)); // did we get a valid role ID if (!empty($roleID) && isset($roleID)) { // save the role ID $this->Role[] = $roleID; // if this guy is an administrator if (strpos($roleName, "Administrator")) { $this->setAdminUser(true); } } } } } //error_log(print_r($userInfo, true)); } else { error_log("Error: Could not bind to the UNC AD for user: " . $username, 0); } // if there are no roles assigned to the user deny access if (!isset($this->Role) || !isset($this->ID) || empty($this->Role)) { $retVal = false; } // return to the caller return $retVal; }
/** * Gets the name of a LU item by the ID * * @param string $luTbl * @param int $ID */ function displayLUItemNameByID($luTbl, $ID) { // include the lookup object include_once "Lookups.php"; // the name to return $name = ""; // get a lookup object $lus = new Lookups(); // get the items for the pull down $retval = $lus->getLookupByName($luTbl); // success? get the name if ($retval == 0) { $name = $lus->getItemNameByID($ID); } // return to the caller return $name; }
$lus = new Lookups(); $retval = $lus->GetAllLUItems(); // success? if ($retval == 0) { $arr = $lus->getLookupList(); foreach ($arr as $item) { $luname = $item[0]; $obj = $item[1]; if ($luname == "InventoryStatusLU") { echo "Name:" . $luname . ", ID:" . $obj->ID . "\n"; } } } echo "\n Now by name \n"; $itemName = "InventoryStatusLU"; $retval = $lus->getLookupByName($itemName); // success? if ($retval == 0) { $arr = $lus->getLookupList(); foreach ($arr as $item) { echo "Name:" . $item->Name . ", ID:" . $item->ID . "\n"; } } echo "\n Now by name by ID \n"; $retval = $lus->getItemNameByID(1); echo "ID: 1, name:" . $retval . "\n"; echo "\n Get the user names\n"; include_once "UserLU.php"; $userlu = new UserLU(); $retval = $userlu->getAllUserNames(); // success?
/** * Gets all the email addresses for everyone in the system. * */ function getAllEmailAddrs() { include_once "phpAD.inc.php"; // parse the config file $config = parse_ini_file("Config.ini", 1); // create and connect to the AD $ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']); // validate the user $retVal = $ad->bind($config['Security']['ADServiceName'] . $config['Security']['DomainSuffix'], $config['Security']['ADServicePassword']); // if the user authenticated if ($retVal) { // include the lookup object include_once "Lookups.php"; // get a lookup object $lus = new Lookups(); // get the items for the pull down $lus->getLookupByName("RoleLU"); // get the list $items = $lus->getLookupList(); // init the return value $addrs = ""; // for each AD group foreach ($items as $item) { // get the items for the role $name = "RENCI_" . $lus->getItemNameByID($item->getID()); // get the members of the group $groupMembers = $ad->getGroupMembers($name); // did we get any group members if (!empty($groupMembers)) { // for each member retrieved foreach ($groupMembers as $groupMember) { // get the email address if (isset($groupMember['mail'][0])) { $email = $groupMember['mail'][0]; } else { $email = null; } // did we get an email address back if (!empty($email)) { // force mine to be something else if ($email == "*****@*****.**") { $email = "*****@*****.**"; } // if we dont have this string already, save the email address if (strpos($addrs, $email) === false) { $addrs = $addrs . $email . ","; } } } } } } $addrs = substr($addrs, 0, strlen($addrs) - 1); // return to the caller return $addrs; }
// create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $ID = $userlu->getItemIDByName($username); // did we get a valid ID if (!empty($ID)) { $this->ID = $ID; } // save the email address $this->setEmailAddress($userInfo['mail'][0]); // get a lookup object $lus = new Lookups(); // get the items for the pull down $lus->getLookupByName("RoleLU"); // loop though the roles for this user foreach ($userInfo['memberof'] as $item) { // look for the NCGENES identifier $pos = strpos($item, "RENCI_NCGENES "); // did we find it if ($pos > 0) { // find the next comma $comma = strpos($item, ","); // get the role name $roleName = substr($item, $pos, $comma - $pos); // get the ID of the role $ID = $lus->getItemIDByName($roleName); // did we get a valid ID if (!empty($ID)) { $this->Role[] = $ID;