public static function run($inContent = '') { $user = currentUser::getUserSession(); if ($user->isLoggedIn()) { return; } $pluginEnabled = VariableEngine::getInstance()->getVariable('ldapEnabled'); if ($pluginEnabled === false) { return; } if ($pluginEnabled->getValue() === 'false') { return; } $variableEngine = VariableEngine::getInstance(); $ldapServer = $variableEngine->getVariable('ldapServer'); if ($ldapServer === false) { return; } $ldapDomain = $variableEngine->getVariable('ldapDomain'); if ($ldapDomain === false) { return; } $ldapIsActiveDirectory = $variableEngine->getVariable('ldapIsActiveDirectory'); if ($ldapIsActiveDirectory === false) { return; } $ldapConnection = ldap_connect($ldapServer->getValue()); if (!$ldapConnection) { return; } ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_start_tls($ldapConnection); $userName = htmlspecialchars($_POST['username']); $password = htmlspecialchars($_POST['password']); if ($userName === null) { return; } if ($userName === '') { return; } if ($password === null) { return; } if ($password === '') { return; } $authenticated = ldap_bind($ldapConnection, $userName . '@' . $ldapDomain->getValue(), $password); unset($password); if (!$authenticated) { ldap_close($ldapConnection); return; } $database = database::getInstance(); $userName = $database->escapeString($userName); $haveSeenBefore = $database->getData('userID', 'activeDirectory', 'WHERE adUsername=\'' . $userName . '\''); if ($haveSeenBefore === null) { $ou = $variableEngine->getVariable('ldapOrganizationUnit'); if ($ou === false) { ldap_close($ldapConnection); return; } $dn = 'cn=' . $userName . ',ou=' . $ou->getValue(); $domain = explode('.', $ldapDomain->getValue()); $numberOfSubServers = count($domain); for ($i = 0; $i < $numberOfSubServers; $i++) { $dn .= ',dc=' . $domain[$i]; } $search = ldap_read($ldapConnection, $dn, '(objectclass=*)', array('sn', 'givenname', 'mail')); if (!$search) { ldap_close($ldapConnection); return; } $info = ldap_get_entries($ldapConnection, $search); ldap_close($ldapConnection); if ($info['count'] !== 1) { return; } $function = new general('generateRandomString'); $password = $function->run(array('length' => 50)); $defaultRoleID = $variableEngine->getVariable('ldapDefaultRoleID'); if ($defaultRoleID === false) { return; } $defaultRoleID = $defaultRoleID->getValue(); //No email found in ad if ($info[0]['count'] === 2) { if ($info[0]['sn']['count'] !== 1) { return; } if ($info[0]['givenname']['count'] !== 1) { return; } $firstName = $info[0]['givenname'][0]; $lastName = $info[0]['sn'][0]; if (!self::addUser($firstName, $lastName, $userName, $password, $defaultRoleID)) { return; } self::logIn($userName); return; } //3 = the number of fields requested. if ($info[0]['count'] !== 3) { ldap_close($ldapConnection); return; } if ($info[0]['sn']['count'] !== 1) { ldap_close($ldapConnection); return; } if ($info[0]['givenname']['count'] !== 1) { ldap_close($ldapConnection); return; } if ($info[0]['mail']['count'] !== 1) { ldap_close($ldapConnection); return; } $firstName = $info[0]['givenname'][0]; $lastName = $info[0]['sn'][0]; $email = $info[0]['mail'][0]; if (!self::addUser($firstName, $lastName, $userName, $password, $defaultRoleID, $email)) { return; } self::logIn($userName); return; } ldap_close($ldapConnection); self::logIn($userName); }