Пример #1
0
 /**
  * Event handler: called when a user attemps to login.
  *
  * This function will check if the user exists in the LDAP directory and create it locally if it does not.
  *
  * @param array 'login', 'pass' and 'pass_md5'
  */
 function LoginAttempt(&$params)
 {
     global $localtimenow;
     global $Settings, $Hit, $evo_charset;
     // Check if LDAP is available:
     if (!function_exists('ldap_connect')) {
         $this->debug_log('This PHP installation does not support LDAP functions.');
         return false;
         // Login failed!
     }
     // Get ready to go through ALL LDAP Servers configured in the plugin:
     $search_sets = $this->Settings->get('search_sets');
     if (empty($search_sets)) {
         $this->debug_log('No LDAP servers have been configured in the LDAP plugin settings.');
         return false;
         // Login failed!
     }
     // Detect if we already have a local user with the same login:
     $UserCache =& get_Cache('UserCache');
     if ($local_User =& $UserCache->get_by_login($params['login'])) {
         $this->debug_log('User <b>' . $params['login'] . '</b> already exists locally. We will UPDATE it with the latest LDAP attibutes.');
         $update_mode = true;
         // Try to find a number of a search set which was used on successful logging previous time by current user:
         $user_search_set_num = intval($this->UserSettings->get('search_set_num', $local_User->ID));
         if ($user_search_set_num > 0 && isset($search_sets[$user_search_set_num])) {
             // We have found this, Reorder the array to use the successful set firstly:
             $success_search_set = $search_sets[$user_search_set_num];
             unset($search_sets[$user_search_set_num]);
             $search_sets = array($user_search_set_num => $success_search_set) + $search_sets;
         }
     } else {
         $update_mode = false;
     }
     $this->debug_log(sprintf('LDAP plugin will attempt to login with login=<b>%s</b> / pass=<b>%s</b> / MD5 pass=<b>%s</b>', $params['login'], $params['pass'], $params['pass_md5']));
     // ------ Loop through list of configured LDAP Servers: ------
     foreach ($search_sets as $l_id => $l_set) {
         $this->debug_log('Step 1 : STARTING LDAP AUTH WITH SERVER #' . $l_id);
         // --- CONNECT TO SERVER ---
         $server_port = explode(':', $l_set['server']);
         $server = $server_port[0];
         $port = isset($server_port[1]) ? $server_port[1] : 389;
         if (!empty($l_set['disabled'])) {
             $this->debug_log('Skipping disabled LDAP server &laquo;' . $server . ':' . $port . '&raquo;!');
             continue;
         }
         if (!($ldap_conn = @ldap_connect($server, $port))) {
             $this->debug_log('Could not connect to LDAP server &laquo;' . $server . ':' . $port . '&raquo;!');
             continue;
         }
         $this->debug_log('Connected to server &laquo;' . $server . ':' . $port . '&raquo;..');
         $ldap_rdn = str_replace('%s', $params['login'], $l_set['rdn']);
         $this->debug_log('Using RDN &laquo;' . $ldap_rdn . '&raquo; for binding...');
         // --- SET PROTOCOL VERSION ---
         // Get protocol version to use:
         if (!ldap_get_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $initial_protocol_version)) {
             $this->debug_log('Failed to get LDAP_OPT_PROTOCOL_VERSION.');
             $initial_protocol_version = null;
         }
         $protocol_version = isset($l_set['protocol_version']) ? $l_set['protocol_version'] : 'auto';
         // new setting in 2.01
         if ($protocol_version[0] == 'v') {
             // transform "vX" => "X"
             $try_versions = array(substr($protocol_version, 1));
         } else {
             // "auto"
             $try_versions = array(3, 2);
             if (isset($initial_protocol_version)) {
                 array_unshift($try_versions, $initial_protocol_version);
             }
             $try_versions = array_unique($try_versions);
         }
         $this->debug_log('We will try protocol versions: ' . implode(', ', $try_versions));
         // --- VERIFY USER CREDENTIALS BY BINDING TO SERVER ---
         // you might use this for testing with Apache DS: if( !@ldap_bind($ldap_conn, 'uid=admin,ou=system', 'secret') )
         // Bind:
         $bound = false;
         $bind_errors = array();
         foreach ($try_versions as $try_version) {
             $this->debug_log(sprintf('Trying to connect with protocol version: %s / RDN: %s / pass: %s', $try_version, $ldap_rdn, $params['pass']));
             ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $try_version);
             if (@ldap_bind($ldap_conn, $ldap_rdn, $params['pass'])) {
                 // Success
                 $this->debug_log('Binding worked.');
                 $bound = true;
                 break;
             } else {
                 $this->debug_log('Binding failed. Errno: ' . ldap_errno($ldap_conn) . ' Error: ' . ldap_error($ldap_conn));
             }
         }
         if (!$bound) {
             if (isset($initial_protocol_version)) {
                 // Reset this for the next search set:
                 ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $initial_protocol_version);
             }
             continue;
         }
         $this->debug_log('User successfully bound to server.');
         // --- STEP 2 : TRY TO OBTAIN MORE INFO ABOUT USER ---
         // Search user info
         $filter = str_replace('%s', $params['login'], $l_set['search_filter']);
         $this->debug_log(sprintf('Step 2 : Now querying for additional user info. base_dn: <b>%s</b>, filter: <b>%s</b>', $l_set['base_dn'], $filter));
         $search_result = @ldap_search($ldap_conn, $l_set['base_dn'], $filter);
         if (!$search_result) {
             // this may happen with an empty base_dn
             $this->debug_log('Invalid ldap_search result. Skipping to next search set. Errno: ' . ldap_errno($ldap_conn) . ' Error: ' . ldap_error($ldap_conn));
             continue;
         }
         $search_info = ldap_get_entries($ldap_conn, $search_result);
         //$this->debug_log( 'Results returned by LDAP Server: <pre>'.var_export( $search_info, true ).'</pre>' );
         if ($search_info['count'] != 1) {
             // We have found 0 or more than 1 users, which is a problem...
             $this->debug_log('# of entries found with search: ' . $search_info['count'] . ' - Skipping...');
             /*
             for ($i=0; $i<$search_info["count"]; $i++) {
             	echo "dn: ". $search_info[$i]["dn"] ."<br>";
             	echo "first cn entry: ". $search_info[$i]["cn"][0] ."<br>";
             	echo "first email entry: ". $search_info[$i]["mail"][0] ."<p>";
             }
             */
             continue;
         }
         $this->debug_log('User info has been found.');
         // --- CREATE OR UPDATE USER ACCOUNT IN B2EVO ---
         if ($update_mode == false) {
             $this->debug_log('Step 3 : Creating a local user in b2evolution...');
             $local_User = new User();
             $local_User->set('login', $params['login']);
             $local_User->set('locale', locale_from_httpaccept());
             // use the browser's locale
             $local_User->set_datecreated($localtimenow);
             // $local_User->set( 'level', 1 );
         } else {
             // User exists already exists
             $this->debug_log('Step 3 : Updating the existing local user.');
         }
         $this->debug_log('Randomize password in b2evolution DB and autoactivate user.');
         // Generate a random password (we never want LDAP users to be able to login without a prior LDAP check) (also on update, just in case...
         $local_User->set_password(generate_random_passwd(32));
         // $params['pass'] );
         $local_User->set('status', 'autoactivated');
         // Activate the user automatically (no email activation necessary)
         // Convert each input string to current server encoding:
         $exclude_encoding_fields = array('uid', 'mail', 'jpegphoto');
         if (isset($search_info[0]) && is_array($search_info[0])) {
             foreach ($search_info[0] as $search_info_key => $search_info_data) {
                 if (isset($search_info_data[0]) && is_string($search_info_data[0]) && !in_array($search_info_key, $exclude_encoding_fields)) {
                     // Convert string from LDAP server encoding to current server encoding:
                     $search_info[0][$search_info_key][0] = convert_charset($search_info_data[0], $l_set['encoding'], $evo_charset);
                 }
             }
         }
         // Make some updates:
         // mail -> email:
         if (isset($search_info[0]['mail'][0])) {
             $local_User->set_email($search_info[0]['mail'][0]);
         }
         // uid -> nickname
         if (isset($search_info[0]['uid'][0])) {
             $this->debug_log('UID: <b>' . $search_info[0]['uid'][0] . '</b>');
             $local_User->set('nickname', $search_info[0]['uid'][0]);
         } else {
             // if not found, use login.
             $local_User->set('nickname', $params['login']);
         }
         // givenname -> Firstname:
         if (isset($search_info[0]['givenname'][0])) {
             $this->debug_log('First name (givenname): <b>' . $search_info[0]['givenname'][0] . '</b>');
             $local_User->set('firstname', $search_info[0]['givenname'][0]);
         }
         // sn -> Lastname:
         if (isset($search_info[0]['sn'][0])) {
             $this->debug_log('Last name (sn): <b>' . $search_info[0]['sn'][0] . '</b>');
             $local_User->set('lastname', $search_info[0]['sn'][0]);
         }
         // roomnumber -> user field "roomnumber" (if not found, autocreate it in group "Address")
         if (isset($search_info[0]['roomnumber'][0])) {
             $this->debug_log('Room number: <b>' . $search_info[0]['roomnumber'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'roomnumber', $search_info[0]['roomnumber'][0], 'Address', 'Room Number', 'word');
         }
         // businesscategory -> user field "businesscategory" (if not found, autocreate it in group "About me")
         if (isset($search_info[0]['businesscategory'][0])) {
             $this->debug_log('Business Category: <b>' . $search_info[0]['businesscategory'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'businesscategory', $search_info[0]['businesscategory'][0], 'About me', 'Business Category', 'text');
         }
         // telephonenumber -> user field "officephone" (if not found, autocreate it in group "Phone")
         if (isset($search_info[0]['telephonenumber'][0])) {
             $this->debug_log('Office phone: <b>' . $search_info[0]['telephonenumber'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'officephone', $search_info[0]['telephonenumber'][0], 'Phone', 'Office phone', 'phone');
         }
         // mobile -> user field "cellphone" (if not found, autocreate it in group "Phone")
         if (isset($search_info[0]['mobile'][0])) {
             $this->debug_log('Cell phone: <b>' . $search_info[0]['mobile'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'cellphone', $search_info[0]['mobile'][0], 'Phone', 'Cell phone', 'phone');
         }
         // employeenumber -> user field "employeenumber" (if not found, autocreate it in group "About me")
         if (isset($search_info[0]['employeenumber'][0])) {
             $this->debug_log('Employee number: <b>' . $search_info[0]['employeenumber'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'employeenumber', $search_info[0]['employeenumber'][0], 'About me', 'Employee number', 'word');
         }
         // title -> user field "title" (if not found, autocreate it in group "About me")
         if (isset($search_info[0]['title'][0])) {
             $this->debug_log('Title: <b>' . $search_info[0]['title'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'title', $search_info[0]['title'][0], 'About me', 'Title', 'word');
             $userfield_title = $search_info[0]['title'][0];
             // Use this as role for all organizations below
         } else {
             $userfield_title = '';
         }
         // departmentnumber -> join Organization with the same name (create if doesn't exist)
         if (isset($search_info[0]['departmentnumber'][0])) {
             $this->debug_log('Department Number: <b>' . $search_info[0]['departmentnumber'][0] . '</b>');
             $this->userorg_update_by_name($local_User, $search_info[0]['departmentnumber'][0], $userfield_title);
         }
         // o -> join Organization with the same name (create if doesn't exist)
         if (isset($search_info[0]['o'][0])) {
             $this->debug_log('Organization: <b>' . $search_info[0]['o'][0] . '</b>');
             $this->userorg_update_by_name($local_User, $search_info[0]['o'][0], $userfield_title);
         }
         // telexnumber -> user field "officefax" (if not found, autocreate it in group "Phone")
         if (isset($search_info[0]['telexnumber'][0])) {
             $this->debug_log('Office FAX: <b>' . $search_info[0]['telexnumber'][0] . '</b>');
             $this->userfield_update_by_code($local_User, 'officefax', $search_info[0]['telexnumber'][0], 'Phone', 'Office FAX', 'phone');
         }
         // ---- GROUP STUFF ----
         if ($update_mode == true) {
             // Updating existing user
             $this->debug_log('Updating existing user: we do NOT touch the primary group.');
             $local_User->dbupdate();
             $this->debug_log('OK -- User has been updated.');
         } else {
             // Try to assign prilary group from the search results:
             $assigned_group = false;
             if (!empty($l_set['assign_user_to_group_by'])) {
                 $this->debug_log('Plugin is configured to assign the Primary Group by the ' . $l_set['assign_user_to_group_by'] . ' key...');
                 if (isset($search_info[0][$l_set['assign_user_to_group_by']]) && isset($search_info[0][$l_set['assign_user_to_group_by']][0])) {
                     // There is info we want to assign by
                     $assign_by_value = $search_info[0][$l_set['assign_user_to_group_by']][0];
                     $this->debug_log('User info says has ' . $l_set['assign_user_to_group_by'] . ' = "<b>' . $assign_by_value . '</b>"');
                     $GroupCache =& get_Cache('GroupCache');
                     if ($users_Group =& $GroupCache->get_by_name($assign_by_value, false)) {
                         // A group with the users value returned exists.
                         $local_User->set_Group($users_Group);
                         $assigned_group = true;
                         $this->debug_log('Assigning User to existing Primary Group.');
                     } else {
                         $this->debug_log('Group with that name does not exist...');
                         if ($new_Group =& $this->usergroup_create($l_set['tpl_new_grp_ID'], $assign_by_value)) {
                             // Link the user to new created group:
                             $local_User->set_Group($new_Group);
                             $assigned_group = true;
                             $this->debug_log('Assigned User to new Primary Group.');
                         }
                     }
                 }
             }
             if (!$assigned_group) {
                 // Default group:
                 $this->debug_log('Falling back to default primary group...');
                 $users_Group = NULL;
                 $fallback_grp_ID = $this->Settings->get('fallback_grp_ID');
                 if (empty($fallback_grp_ID)) {
                     $this->debug_log('No default/fallback primary group configured.');
                     $this->debug_log('User NOT created, try next LDAP server...');
                     //Continue to next LDAP server:
                     continue;
                 } else {
                     $GroupCache =& get_Cache('GroupCache');
                     $users_Group =& $GroupCache->get_by_ID($fallback_grp_ID);
                     if ($users_Group) {
                         // either $this->default_group_name is not given or wrong
                         $local_User->set_Group($users_Group);
                         $assigned_group = true;
                         $this->debug_log('Using default/fallback primary group: <b>' . $users_Group->get('name') . '</b>');
                     } else {
                         $this->debug_log('Default/fallback primary group does not exist (' . $fallback_grp_ID . ').');
                         $this->debug_log('User NOT created, try next LDAP server...');
                         //Continue to next LDAP server:
                         continue;
                     }
                 }
             }
             $local_User->dbinsert();
             $UserCache->add($local_User);
             $this->debug_log('OK -- User has been created.');
         }
         // Remember this settings number in order use this first in next logging time by current user:
         $this->UserSettings->set('search_set_num', $l_id, $local_User->ID);
         $this->UserSettings->dbupdate();
         // Assign user to organizations:
         $this->userorg_assign_to_user($local_User);
         // jpegphoto -> Save as profile pictue "ldap.jpeg" and associate with user
         if (isset($search_info[0]['jpegphoto'][0])) {
             $this->debug_log('Photo: <img src="data:image/jpeg;base64,' . base64_encode($search_info[0]['jpegphoto'][0]) . '" />');
             // Save to disk and attach to user:
             $this->userimg_attach_photo($local_User, $search_info[0]['jpegphoto'][0], !empty($l_set['expand_pics']));
         }
         // --- EXTRA GROUPS ---
         if (!empty($l_set['secondary_grp_search_filter'])) {
             global $app_version;
             if (evo_version_compare($app_version, '6.7.0-alpha') < 0) {
                 // The plugin is used on b2evo 6.6
                 $this->debug_log('Secondary groups not handled. This feature requires b2evolution v6.7.0-alpha or newer.');
             } elseif (empty($l_set['secondary_grp_name_attribute'])) {
                 $this->debug_log('Missing name attribute for secondary groups');
             } else {
                 $filter = str_replace('%s', $params['login'], $l_set['secondary_grp_search_filter']);
                 $grp_name_attribute = $l_set['secondary_grp_name_attribute'];
                 $this->debug_log(sprintf('Step 4 : Now querying for secondary groups. base_dn: <b>%s</b>, filter: <b>%s</b>, name attribue=<b>%s</b>', $l_set['secondary_grp_base_dn'], $filter, $grp_name_attribute));
                 $search_result = @ldap_search($ldap_conn, $l_set['secondary_grp_base_dn'], $filter, array($grp_name_attribute));
                 if (!$search_result) {
                     // this may happen with an empty base_dn
                     $this->debug_log('Invalid ldap_search result. No secondary groups will be assigned. Errno: ' . ldap_errno($ldap_conn) . ' Error: ' . ldap_error($ldap_conn));
                 } else {
                     $search_info = ldap_get_entries($ldap_conn, $search_result);
                     // $this->debug_log( 'Results returned by LDAP Server: <pre>'.var_export( $search_info, true ).'</pre>' );
                     $secondary_groups = array();
                     // $this->debug_log( 'Secondary groups name prefix: <pre>'.var_export( $l_set['secondary_grp_name_prefix'], true ).'</pre>' );
                     // Walk through results:
                     foreach ($search_info as $group_candidate) {
                         if (is_array($group_candidate) && isset($group_candidate[$grp_name_attribute][0])) {
                             $group_candidate_cn = $group_candidate[$grp_name_attribute][0];
                             if (empty($l_set['secondary_grp_name_prefix']) || strpos($group_candidate_cn, $l_set['secondary_grp_name_prefix']) === 0) {
                                 // prefix is ok
                                 $this->debug_log('Accepted Secondary Group: ' . $group_candidate_cn);
                                 $secondary_groups[] = $group_candidate_cn;
                             } else {
                                 // prefix is NOT ok
                                 $this->debug_log('REJECTED Secondary Group: ' . $group_candidate_cn);
                             }
                         }
                     }
                     // Hardcode two secondary groups:
                     // $secondary_groups = array( 'Blog B members', 'Blog D Members' );
                     $this->debug_log('Secondary groups to be assigned: <pre>' . var_export($secondary_groups, true) . '</pre>');
                     // Update secondary groups for the User:
                     $this->usersecgroup_update($local_User, $secondary_groups, $l_set['tpl_new_secondary_grp_ID']);
                 }
             }
         }
         if (isset($initial_protocol_version)) {
             ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $initial_protocol_version);
         }
         // --- CONSIDER THE LOGIN ATTEMPT TO BE SUCCESSFUL AND WE ACCEPT IT ---
         // Update this value which has been passed by REFERENCE:
         $params['pass_ok'] = true;
         return true;
         // Login was a success (but return "true" does not trigger anything special in b2evolution)
     }
     if (isset($initial_protocol_version)) {
         ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $initial_protocol_version);
     }
     return false;
     // Login failed!
 }
Пример #2
0
 }
 if ($registration_require_lastname) {
     $paramsList['lastname'] = $lastname;
 }
 if ($registration_require_gender == 'required') {
     $paramsList['gender'] = $gender;
 }
 if ($Settings->get('newusers_canregister') == 'invite') {
     // Invitation code must be not empty when user can register ONLY with this code
     $paramsList['invitation'] = get_param('invitation');
 }
 // Check profile params:
 profile_check_params($paramsList);
 if ($is_quick && !$Messages->has_errors()) {
     // Generate a login and password for quick registration
     $pass1 = generate_random_passwd(10);
     // Get the login from email address:
     $login = preg_replace('/^([^@]+)@(.+)$/', '$1', utf8_strtolower($email));
     $login = preg_replace('/[\'"><@\\s]/', '', $login);
     if ($Settings->get('strict_logins')) {
         // We allow only the plain ACSII characters, digits, the chars _ and .
         $login = preg_replace('/[^A-Za-z0-9_.]/', '', $login);
     } else {
         // We allow any character that is not explicitly forbidden in Step 1
         // Enforce additional limitations
         $login = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $login);
         // Kill octets
         $login = preg_replace('/&.+?;/', '', $login);
         // Kill entities
     }
     $login = preg_replace('/^usr_/i', '', $login);
Пример #3
0
/**
 * Create sample users and display a process of creating
 *
 * @param integer Group ID
 * @param integer Number of users
 */
function tool_create_sample_users($group_ID, $num_users)
{
    global $Messages, $DB, $Debuglog;
    echo T_('Creating of the sample users...');
    evo_flush();
    /**
     * Disable log queries because it increases the memory and stops the process with error "Allowed memory size of X bytes exhausted..."
     */
    $DB->log_queries = false;
    $count = 1;
    for ($i = 1; $i <= $num_users; $i++) {
        $login = generate_random_passwd();
        while (user_exists($login)) {
            // Generate new unique login
            $login = generate_random_passwd();
        }
        $User = new User();
        // Create out of range hashes for better security
        $User->set('pass', generate_random_passwd());
        $User->set('login', $login);
        $User->set('email', 'test_' . $i . '@test.com');
        $User->set('firstname', 'Test user ' . $i);
        $User->set('url', 'http://www.test-' . rand(1, 3) . '.com/test_user_' . $i);
        $User->set('grp_ID', $group_ID);
        $User->dbinsert();
        $count++;
        if ($count % 100 == 0) {
            // Display a process of creating by one dot for 100 users
            echo ' .';
            evo_flush();
        }
        // Clear all debug messages, To avoid an error about full memory
        $Debuglog->clear('all');
    }
    echo ' OK.';
    $Messages->add(sprintf(T_('Created %d users.'), $num_users), 'success');
}