/** * Gets the email address associated with the ID * */ function getEmailAddr($ID) { include_once "phpAD.inc.php"; // parse the config file $config = parse_ini_file("Config.ini", 1); // create and connect to the AD $ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']); // validate the user $retVal = $ad->bind($config['Security']['ADServiceName'] . $config['Security']['DomainSuffix'], $config['Security']['ADServicePassword']); // preset the returned email address $addr = ""; // if the user authenticated if ($retVal) { // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $username = $userlu->getLoginByID($ID); // get the user info $userInfo = $ad->getUser($username); // init the return value $addr = $userInfo['mail'][0]; } // return to the caller return $addr; }
/** * Authenticates the user and retrieves a bunch of data about him/her from AD * Returns whether the user was authenticated (boolean) * * @param unknown_type $username * @param unknown_type $password */ function authenticateUser($username, $password) { // init the return value $retVal = false; // include the AD utils include_once "phpAD.inc.php"; // include the app;lication constants include_once "Constants.php"; // parse the config file $config = parse_ini_file("Config.ini", 1); // create and connect to the AD $ad = new phpAD($config['Security']['ADServer'], $config['Security']['ADPort']); // validate the user $retVal = $ad->bind($username . $config['Security']['DomainSuffix'], $password); // get the name of the product $product = $config['Product']['Name']; // if the user authenticated if ($retVal) { // get the user info $userInfo = $ad->getUser($username); // set the user info $this->setUserName($username); $this->setFirstName($userInfo['givenname'][0]); $this->setLastName($userInfo['sn'][0]); // if we got a telephone number from AD, set it if (isset($userInfo['telephonenumber'][0])) { $this->setPhoneNumber($userInfo['telephonenumber'][0]); } // if we got a department number from AD, set it if (isset($userInfo['department'][0])) { $this->setDepartment($userInfo['department'][0]); } // if we got a email address from AD, set it if (isset($userInfo['mail'][0])) { $this->setEmailAddress($userInfo['mail'][0]); } // reset role list $this->Role = array(); // include the lookup object include_once "Lookups.php"; // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $ID = $userlu->getItemIDByName($username); // did we get a valid ID if (!empty($ID)) { $this->ID = $ID; } // get a lookup object $roleLUs = new Lookups(); // get the items for the pull down $roleLUs->getLookupByName("RoleLU"); //error_log(print_r($roleLUs, true)); // check if the user is a memeber of a role if (isset($userInfo['memberof'])) { // loop though the roles for this user foreach ($userInfo['memberof'] as $item) { // look for the product identifier in the role name $pos = strpos($item, $product . " "); // did we find it if ($pos > 0) { // find the position of the end of the product name $productEnd = $pos + strlen($product); // find the position of the next comma (AD returns a comma separated list of items, we only care about the first one) $comma = strpos($item, ","); // get the role name $roleName = substr($item, $pos, $comma - $pos); // init the role ID $roleID = null; // get the ID of the role by looking up the role name in the database $roleID = $roleLUs->getItemIDByName($roleName); //error_log(print_r($roleID, true)); // did we get a valid role ID if (!empty($roleID) && isset($roleID)) { // save the role ID $this->Role[] = $roleID; // if this guy is an administrator if (strpos($roleName, "Administrator")) { $this->setAdminUser(true); } } } } } //error_log(print_r($userInfo, true)); } else { error_log("Error: Could not bind to the UNC AD for user: " . $username, 0); } // if there are no roles assigned to the user deny access if (!isset($this->Role) || !isset($this->ID) || empty($this->Role)) { $retVal = false; } // return to the caller return $retVal; }
<?php include_once "phpAD.inc.php"; $server = "addc0.ad.unc.edu"; // In the future, use ldap.ad.unc.edu $user = "******"; $pass = "******"; $basedn = "OU=Users,OU=Identity,DC=ad,DC=unc,DC=edu"; $ad = new phpAD($server, 389); // 3269 for ssl, 389 for normal $retVal = $ad->bind($user . "@ad.unc.edu", $pass); if (!$retVal) { echo "Invalid username or password"; } else { $username = "******"; // get the user info $userInfo = $ad->getUser($username); print_r($userInfo['mail'][0]); //print_r($userInfo); // include the lookup object include_once "Lookups.php"; // include the user LU object include_once "UserLU.php"; // create a new object $userlu = new UserLU(); // load the names $userlu->getAllUserNames(); // get the user ID $ID = $userlu->getItemIDByName($username); // did we get a valid ID if (!empty($ID)) {