public function authenticate($username, $password)
{
$this->username = $username;
if (strlen($password) == 0) {
// LDAP will succeed binding with no password on AD
// (defaults to anon bind)
return false;
}
$rs = ldap_connect($this->ldap_host, $this->ldap_port);
if ($rs) {
ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($rs, LDAP_OPT_REFERRALS, 0);
$ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass;
$ldap_bind_dn = $this->ldap_search_user;
if (ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) {
$filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8');
$result = ldap_search($rs, $this->base_dn, $filter_r);
if ($result) {
$result_user = ldap_get_entries($rs, $result);
if ($result_user['count'] != 0) {
$first_user = $result_user[0];
$ldap_user_dn = $first_user['dn'];
// Bind with the dn of the user that matched our filter
// (only one user should match sAMAccountName or uid etc..)
if (ldap_bind($rs, $ldap_user_dn, $password)) {
if ($this->userExists($username)) {
// Update password if different
$tmpUser = new CUser();
$tmpUser->load($this->userId($username));
$hash_pass = $this->hashPassword($password);
if ($hash_pass != $tmpUser->user_password) {
$tmpUser->user_password = $hash_pass;
$tmpUser->store();
}
return true;
} else {
$this->createsqluser($username, $password, $first_user);
}
return true;
}
}
}
}
}
if ($this->fallback == true) {
$sqlAuth = new w2p_Authenticators_SQL();
return $sqlAuth->authenticate($username, $password);
}
return false;
}
public function authenticate($username, $password)
{
global $w2Pconfig;
$this->username = $username;
if (strlen($password) == 0) {
return false;
// LDAP will succeed binding with no password on AD (defaults to anon bind)
}
if ($rs = ldap_connect($this->ldap_host, $this->ldap_port)) {
ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($rs, LDAP_OPT_REFERRALS, 0);
if ('' == $this->ldap_complete_string) {
/*
* This should be compliant with the old/previous LDAP settings
* that we've used all along.
*/
if (strpos($this->ldap_search_user, 'CN=') === false) {
$ldap_bind_dn = 'CN=' . $this->ldap_search_user . ',OU=Users,' . $this->base_dn;
} else {
$ldap_bind_dn = $this->ldap_search_user . ',' . $this->base_dn;
}
} else {
/*
* In case the LDAP configuration is different than expected,
* we can configure a completely custom one.
*/
$ldap_bind_dn = $this->ldap_complete_string;
}
$ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass;
if ($bindok = ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) {
$filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8');
$result = ldap_search($rs, $this->base_dn, $filter_r);
if ($result) {
$result_user = ldap_get_entries($rs, $result);
if ($result_user['count'] != 0) {
$first_user = $result_user[0];
$ldap_user_dn = $first_user['dn'];
// Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..)
if ($bind_user = ldap_bind($rs, $ldap_user_dn, $password)) {
if ($this->userExists($username)) {
// Update password if different
$tmpUser = new CUser();
$tmpUser->load($this->userId($username));
$hash_pass = MD5($password);
if ($hash_pass != $tmpUser->user_password) {
$tmpUser->user_password = $hash_pass;
$tmpUser->store();
}
return true;
} else {
$this->createsqluser($username, $password, $first_user);
}
return true;
}
}
}
}
}
if ($this->fallback == true) {
return parent::authenticate($username, $password);
}
return false;
}
public function authenticate($username, $password)
{
global $db;
if (!isset($_REQUEST['userdata'])) {
// fallback to SQL Authentication if PostNuke fails.
if ($this->fallback) {
$sqlAuth = new w2p_Authenticators_SQL();
return $sqlAuth->authenticate($username, $password);
} else {
die($this->AppUI->_('You have not configured your PostNuke site
correctly'));
}
}
if (!($compressed_data = base64_decode(urldecode($_REQUEST['userdata'])))) {
die($this->AppUI->_('The credentials supplied were missing or corrupted') . ' (1)');
}
if (!($userdata = gzuncompress($compressed_data))) {
die($this->AppUI->_('The credentials supplied were missing or corrupted') . ' (2)');
}
if (!($_REQUEST['check'] = $this->hashPassword($userdata))) {
die($this->AppUI->_('The credentials supplied were issing or corrupted') . ' (3)');
}
$user_data = unserialize($userdata);
// Now we need to check if the user already exists, if so we just
// update. If not we need to create a new user and add a default
// role.
$username = trim($user_data['login']);
$this->username = $username;
$names = explode(' ', trim($user_data['name']));
$last_name = array_pop($names);
$first_name = implode(' ', $names);
$passwd = trim($user_data['passwd']);
$email = trim($user_data['email']);
$q = $this->query;
$q->addTable('users');
$q->addQuery('user_id, user_password, user_contact');
$q->addWhere('user_username = \'' . $username . '\'');
if (!($rs = $q->exec())) {
die($this->AppUI->_('Failed to get user details') . ' - error was ' . $db->ErrorMsg());
}
if ($rs->RecordCount() < 1) {
$q->clear();
$this->createsqluser($username, $passwd, $email, $first_name, $last_name);
} else {
if (!($row = $rs->FetchRow())) {
die($this->AppUI->_('Failed to retrieve user detail'));
}
// User exists, update the user details.
$this->user_id = $row['user_id'];
$q->clear();
$q->addTable('users');
$q->addUpdate('user_password', $passwd);
$q->addWhere('user_id = ' . $this->user_id);
if (!$q->exec()) {
die($this->AppUI->_('Could not update user credentials'));
}
$q->clear();
$q->addTable('contacts');
$q->addUpdate('contact_first_name', $first_name);
$q->addUpdate('contact_last_name', $last_name);
$q->addUpdate('contact_email', $email);
$q->addWhere('contact_id = ' . $row['user_contact']);
if (!$q->exec()) {
die($this->AppUI->_('Could not update user details'));
}
}
return true;
}
