function authenticate($login, $password) { if (!(require_once 'php-radius/radius.php')) { $this->_log('Cannot require radius class files!'); return FALSE; } if ($login && $password) { if (!defined('RADIUS_AUTH_SERVER') or !defined('RADIUS_AUTH_SECRET')) { $this->_log('Could not parse RADIUS_AUTH_ options from config.php!'); return FALSE; } elseif (!defined('RADIUS_AUTH_PORT')) { define('RADIUS_AUTH_PORT', 1812); } $radius = new Radius(RADIUS_AUTH_SERVER, RADIUS_AUTH_SECRET, '', 5, RADIUS_AUTH_PORT); $radius->SetNasIpAddress('1.2.3.4'); $auth = $radius->AccessRequest($login, $password); if ($auth) { return $this->base->auto_create_user($login); } else { $this->_log('Radius authentication rejected!'); return FALSE; } } return FALSE; }
/** * Authenticates user on radius server * * @access private * @param mixed $username * @param mixed $password * @return void */ private function auth_radius($username, $password) { # decode radius parameters $params = json_decode($this->authmethodparams); # check for socket support ! if (!in_array("sockets", get_loaded_extensions())) { $this->Log->write("Radius login", "php Socket extension missing", 2); $this->Result->show("danger", _("php Socket extension missing"), true); } # initialize radius class require dirname(__FILE__) . '/class.Radius.php'; $Radius = new Radius($params->hostname, $params->secret, $params->suffix, $params->timeout, $params->port); $Radius->SetNasIpAddress($params->hostname); //debugging $this->debugging !== true ?: $Radius->SetDebugMode(TRUE); # authenticate $auth = $Radius->AccessRequest($username, $password); # debug? if ($this->debugging) { print "<pre style='width:700px;margin:auto;margin-top:10px;'>"; print implode("<br>", $Radius->debug_text); print "</pre>"; } # authenticate user if ($auth) { # save to session $this->write_session_parameters(); $this->Log->write("Radius login", "User " . $this->user->real_name . " logged in via radius", 0, $username); $this->Result->show("success", _("Radius login successful")); # write last logintime $this->update_login_time(); # remove possible blocked IP $this->block_remove_entry(); } else { # add blocked count $this->block_ip(); $this->Log->write("Radius login", "Failed to authenticate user on radius server", 2, $username); $this->Result->show("danger", _("Invalid username or password"), true); } }