public function authenticate($username, $password) { $this->username = $username; if (strlen($password) == 0) { // LDAP will succeed binding with no password on AD // (defaults to anon bind) return false; } $rs = ldap_connect($this->ldap_host, $this->ldap_port); if ($rs) { ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); ldap_set_option($rs, LDAP_OPT_REFERRALS, 0); $ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass; $ldap_bind_dn = $this->ldap_search_user; if (ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) { $filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8'); $result = ldap_search($rs, $this->base_dn, $filter_r); if ($result) { $result_user = ldap_get_entries($rs, $result); if ($result_user['count'] != 0) { $first_user = $result_user[0]; $ldap_user_dn = $first_user['dn']; // Bind with the dn of the user that matched our filter // (only one user should match sAMAccountName or uid etc..) if (ldap_bind($rs, $ldap_user_dn, $password)) { if ($this->userExists($username)) { // Update password if different $tmpUser = new CUser(); $tmpUser->load($this->userId($username)); $hash_pass = $this->hashPassword($password); if ($hash_pass != $tmpUser->user_password) { $tmpUser->user_password = $hash_pass; $tmpUser->store(); } return true; } else { $this->createsqluser($username, $password, $first_user); } return true; } } } } } if ($this->fallback == true) { $sqlAuth = new w2p_Authenticators_SQL(); return $sqlAuth->authenticate($username, $password); } return false; }
public function authenticate($username, $password) { global $w2Pconfig; $this->username = $username; if (strlen($password) == 0) { return false; // LDAP will succeed binding with no password on AD (defaults to anon bind) } if ($rs = ldap_connect($this->ldap_host, $this->ldap_port)) { ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); ldap_set_option($rs, LDAP_OPT_REFERRALS, 0); if ('' == $this->ldap_complete_string) { /* * This should be compliant with the old/previous LDAP settings * that we've used all along. */ if (strpos($this->ldap_search_user, 'CN=') === false) { $ldap_bind_dn = 'CN=' . $this->ldap_search_user . ',OU=Users,' . $this->base_dn; } else { $ldap_bind_dn = $this->ldap_search_user . ',' . $this->base_dn; } } else { /* * In case the LDAP configuration is different than expected, * we can configure a completely custom one. */ $ldap_bind_dn = $this->ldap_complete_string; } $ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass; if ($bindok = ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) { $filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8'); $result = ldap_search($rs, $this->base_dn, $filter_r); if ($result) { $result_user = ldap_get_entries($rs, $result); if ($result_user['count'] != 0) { $first_user = $result_user[0]; $ldap_user_dn = $first_user['dn']; // Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..) if ($bind_user = ldap_bind($rs, $ldap_user_dn, $password)) { if ($this->userExists($username)) { // Update password if different $tmpUser = new CUser(); $tmpUser->load($this->userId($username)); $hash_pass = MD5($password); if ($hash_pass != $tmpUser->user_password) { $tmpUser->user_password = $hash_pass; $tmpUser->store(); } return true; } else { $this->createsqluser($username, $password, $first_user); } return true; } } } } } if ($this->fallback == true) { return parent::authenticate($username, $password); } return false; }
public function authenticate($username, $password) { global $db; if (!isset($_REQUEST['userdata'])) { // fallback to SQL Authentication if PostNuke fails. if ($this->fallback) { $sqlAuth = new w2p_Authenticators_SQL(); return $sqlAuth->authenticate($username, $password); } else { die($this->AppUI->_('You have not configured your PostNuke site correctly')); } } if (!($compressed_data = base64_decode(urldecode($_REQUEST['userdata'])))) { die($this->AppUI->_('The credentials supplied were missing or corrupted') . ' (1)'); } if (!($userdata = gzuncompress($compressed_data))) { die($this->AppUI->_('The credentials supplied were missing or corrupted') . ' (2)'); } if (!($_REQUEST['check'] = $this->hashPassword($userdata))) { die($this->AppUI->_('The credentials supplied were issing or corrupted') . ' (3)'); } $user_data = unserialize($userdata); // Now we need to check if the user already exists, if so we just // update. If not we need to create a new user and add a default // role. $username = trim($user_data['login']); $this->username = $username; $names = explode(' ', trim($user_data['name'])); $last_name = array_pop($names); $first_name = implode(' ', $names); $passwd = trim($user_data['passwd']); $email = trim($user_data['email']); $q = $this->query; $q->addTable('users'); $q->addQuery('user_id, user_password, user_contact'); $q->addWhere('user_username = \'' . $username . '\''); if (!($rs = $q->exec())) { die($this->AppUI->_('Failed to get user details') . ' - error was ' . $db->ErrorMsg()); } if ($rs->RecordCount() < 1) { $q->clear(); $this->createsqluser($username, $passwd, $email, $first_name, $last_name); } else { if (!($row = $rs->FetchRow())) { die($this->AppUI->_('Failed to retrieve user detail')); } // User exists, update the user details. $this->user_id = $row['user_id']; $q->clear(); $q->addTable('users'); $q->addUpdate('user_password', $passwd); $q->addWhere('user_id = ' . $this->user_id); if (!$q->exec()) { die($this->AppUI->_('Could not update user credentials')); } $q->clear(); $q->addTable('contacts'); $q->addUpdate('contact_first_name', $first_name); $q->addUpdate('contact_last_name', $last_name); $q->addUpdate('contact_email', $email); $q->addWhere('contact_id = ' . $row['user_contact']); if (!$q->exec()) { die($this->AppUI->_('Could not update user details')); } } return true; }