Пример #1
0
function login_with_ldap($uid, $passwd, $next_url, $perm)
{
    list($ldap_user, $error_msg) = ldap_auth($uid, $passwd);
    if ($error_msg) {
        error_page($error_msg);
    }
    $x = ldap_email_string($uid);
    $user = BoincUser::lookup_email_addr($x);
    if (!$user) {
        // LDAP authentication succeeded but we don't have a user record.
        // Create one.
        //
        $user = make_user_ldap($x, $ldap_user->name);
    }
    if (!$user) {
        error_page("Couldn't create user");
    }
    Header("Location: " . url_base() . "{$next_url}");
    send_cookie('auth', $user->authenticator, $perm);
    return;
}
Пример #2
0
function univ_authenticate($user_id, $pass, $auth = false, $prot = false, $serv_account = false)
{
    #some authorities can be endorsed - that means that, if they are authenticated, a user account may be created frmo them immediatelly;
    if (ereg('^(http:|https:|ldap:|ftp:|smtp:){0,1}(.*):(.*)$', $user_id, $res) && !$prot) {
        #ereg('([a-zA-Z0-9]+:){2,}',$user_id,$res);
        list($usId, $prot, $auth, $email) = $res;
        $valid = 0;
        $prot = ereg_replace(':$', '', $prot);
    } else {
        $email = $user_id;
    }
    switch ($prot) {
        case 'ldap':
            #if($auth=='mdanderson'){
            #$server = 'ldaps://ldap.mdanderson.org:636';
            #}
            #elseif($auth=='eApps') {
            #$server = 'ldap://s3db.virtual.vps-host.net';
            #if(!$email) $email = 'cn=Manager, dc=my-domain, dc=com';
            #if(!$pass) $pass = '******';
            #}
            $server = $auth;
            list($valid, $token) = ldap_auth($server, $email, $pass, $serv_account);
            break;
        case 'ftp':
            $valid = ftp_auth($auth, $email, $pass);
            break;
        default:
            switch ($auth) {
                case 'google':
                    list($valid, $token) = google_auth("https://www.google.com/accounts/ClientLogin", $email, $pass);
                    $token = md5($token);
                    $expires = date('Y-m-d', time() + 1 * 24 * 60 * 60);
                    ##token actually lasts for 2 weeks :O, but i will leave it 24 h for now.
                    break;
                default:
                    if (ereg('^s3db', $auth)) {
                        #start by resolving the s3db uri
                        ereg('(s3db:){0,1}(.*)$', $auth, $s3);
                        list($s3_auth, $s3root, $s3name) = $s3;
                        switch ($s3name) {
                            case 'TCGA':
                                $url = 'http://ibl.mdanderson.org/TCGA';
                                break;
                            default:
                                $url = $GLOBALS['s3db_info']['deployment']['mothership'] . $s3name;
                        }
                        list($valid, $token, $expires) = s3db_auth($url, $email, $pass);
                        #try s3db auth
                    } else {
                        $valid = 0;
                        $token = "User was not validated.";
                    }
            }
    }
    return array($valid, $token, $expires);
}
Пример #3
0
    ldap_close($ldapconn_s);
    // connect to ldap server
    $ldapconn = ldap_connect($ldap_server) or die("Could not connect to LDAP server.");
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
    if ($ldapconn) {
        // try to bind/authenticate against ldap
        $ldapbind = @ldap_bind($ldapconn, $ldap_user, $ldap_pass) || forbidden();
        // "LDAP bind successful...";
        error_log("success: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER']);
    }
    ldap_close($ldapconn);
}
// no cache
session_cache_limiter('nocache');
session_start();
header('Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
header("Expires: 0");
if (@$_SESSION['AUTH'] != 1) {
    authenticate();
}
if (empty($_SERVER['PHP_AUTH_USER'])) {
    authenticate();
}
// check credentials
ldap_auth();
// Get requested file name
$path = $_SERVER["REQUEST_URI"];
error_log("serving: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER'] . ', path: ' . $path);
header("Content-Type: ", true);
header("X-Accel-Redirect: /protected" . $path);
Пример #4
0
require_once "../inc/util.inc";
require_once "../inc/email.inc";
require_once "../inc/xml.inc";
require_once "../inc/ldap.inc";
xml_header();
$retval = db_init_xml();
if ($retval) {
    xml_error($retval);
}
$ldap_auth = get_str("ldap_auth", true);
if (LDAP_HOST && $ldap_auth) {
    // LDAP case.
    //
    $ldap_uid = get_str("ldap_uid");
    $passwd = get_str("passwd");
    list($ldap_user, $error_msg) = ldap_auth($ldap_uid, $passwd);
    if ($error_msg) {
        xml_error(ERR_BAD_USER_NAME, $error_msg);
    }
    $x = ldap_email_string($ldap_uid);
    $user = BoincUser::lookup_email_addr($x);
    if (!$user) {
        $user = make_user_ldap($x, $ldap_user->name);
        if (!$user) {
            xml_error(-1, "user record creation failed");
        }
    }
} else {
    // normal (non-LDAP) case
    $email_addr = get_str("email_addr");
    $passwd_hash = get_str("passwd_hash", true);
Пример #5
0
     $username = ntlm_get_user();
 } else {
     $username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
 }
 $username = substr(str_replace("\\'", "'", $username), 0, 25);
 $username = str_replace("'", "\\'", $username);
 $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
 $sql = "SELECT user_id, username, user_password, user_active, user_level, user_type\n            FROM " . USERS_TABLE . "\n            WHERE username = '******'", "''", $username) . "'";
 if (!($result = $db->sql_query($sql))) {
     message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
 }
 $row = $db->sql_fetchrow($result);
 $use_ldap = $use_ldap && $row['user_type'] !== User_Type_phpBB ? TRUE : FALSE;
 if ($use_ldap) {
     // LDAP is in use and the user is not a phpBB Only User.
     $ldap_auth_result = ldap_auth($username, $password);
 } else {
     // We are not using LDAP or our user is phpBB only.
     $ldap_auth_result = false;
 }
 if ($row == false && $use_ldap && $ldap_auth_result == LDAP_AUTH_OK) {
     add_ldap_user($username);
     // User didnt exist, they do now, reuse the SQL.
     if (!($result = $db->sql_query($sql))) {
         message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
     }
     $row = $db->sql_fetchrow($result);
 }
 if ($row) {
     if ($row['user_level'] != ADMIN && $board_config['board_disable']) {
         redirect(append_sid("index.{$phpEx}", true));
Пример #6
0
 public function auth_user($login, $password)
 {
     global $USERSTABLE;
     $_SESSION['LOGIN_REALM'] = 'local';
     //LDAP
     if (ldap_auth($login, $password)) {
         //if password is valid in LDAP, we only have to check if user exists in the DB
         $sql = "SELECT `userID` FROM `{$USERSTABLE}` WHERE login='******' AND act=1;";
     } else {
         //if LDAP didn't work, we check both login and passwd
         $password = hashpass($password);
         $sql = "SELECT `userID` FROM `{$USERSTABLE}` WHERE login='******' AND pass='******' AND act=1;";
     }
     //END LDAP
     $result = db_query($sql);
     $ileadmin = count($result);
     if ($ileadmin == 1) {
         return $result[0][0];
     }
     return -1;
 }
Пример #7
0
<center>
<form name="form2" action="ldaplogin.php" method="post" >
	<input type="text" name="username" placeholder="Username" /><br>
	<input type="password" name="password" placeholder="password"/><br>
	<input type="submit" name="submit" value="Log in"/>
</form>
</center>
<?php 
if (isset($_POST['submit'])) {
    $user = $_POST['username'];
    $pass = $_POST['password'];
    ldap_auth($user, $pass);
}
function ldap_auth($ldap_id, $ldap_password)
{
    $ds = ldap_connect("ldap.iitb.ac.in") or die("Unable to connect to LDAP server. Please try again later.");
    if ($ldap_id == '') {
        die("You have not entered any LDAP ID. Please go back and fill it up.");
    }
    if ($ldap_password == '') {
        die("You have not entered any password. Please go back and fill it up.");
    }
    $sr = ldap_search($ds, "dc=iitb,dc=ac,dc=in", "(uid={$ldap_id})");
    $info = ldap_get_entries($ds, $sr);
    $roll = $info[0]["employeenumber"][0];
    $ldap_id = $info[0]['dn'];
    if (@ldap_bind($ds, $ldap_id, $ldap_password)) {
        echo '<pre>';
        print_r($info[0]);
        echo '</pre>';
        //for every information
Пример #8
0
function cn_login()
{
    global $COLLATE;
    global $dbo;
    include 'include/validation_functions.php';
    $action = empty($_GET['action']) ? 'show form' : $_GET['action'];
    $returnto = empty($_GET['returnto']) ? '' : $_GET['returnto'];
    if (isset($COLLATE['user']['username'])) {
        // The user is already logged in
        $notice = "alreadyloggedin-notice";
        header("Location: index.php?notice={$notice}");
        exit;
    }
    if ($action != "login") {
        require_once './include/header.php';
        echo "<h1>" . $COLLATE['languages']['selected']['Login'] . "</h1>\n" . "<br />";
        ?>
    <div style="float: left; width: 28%;">
    <form action="login.php?op=login&amp;action=login&amp;returnto=<?php 
        echo urlencode($returnto);
        ?>
" method="post">
    <p><b><?php 
        echo $COLLATE['languages']['selected']['Username'];
        ?>
:</b><br />
    <input name="username" type="text" size="15" /></p>
    <p><b><?php 
        echo $COLLATE['languages']['selected']['Password'];
        ?>
:</b><br />
    <input name="password" type="password" size="15" /></p>  
    <p><input type="submit" value=" <?php 
        echo $COLLATE['languages']['selected']['Go'];
        ?>
 " /></p>
    </form>
    </div>
    <script type="text/javascript">
	    window.onload = function() {
	  	setTimeout("document.forms[0].username.focus()",1);
	    }
    </script>
    <?php 
        if ($COLLATE['settings']['auth_type'] != 'db') {
            echo "<div id=\"helper\" style=\"float: left; width: 70%; padding-left: 10px; border-left: 1px solid #000;\">\n" . "<p><b>" . $COLLATE['languages']['selected']['Note'] . ":</b><br />\n" . $COLLATE['languages']['selected']['ldapformatnote'] . "</p>\n";
            if (!empty($COLLATE['settings']['domain'])) {
                echo "<p>" . $COLLATE['languages']['selected']['domainnote'] . "</p>";
            } else {
                echo "<p>" . $COLLATE['languages']['selected']['nodomainnote'] . "</p>\n";
            }
            echo "</div>";
        }
        echo "<p style=\"clear: left;\">";
        require_once './include/footer.php';
        exit;
    }
    $username = clean($_POST['username']);
    $password = clean($_POST['password']);
    if (strlen($username) < "4") {
        $notice = "shortusername-notice";
        $returnto = urlencode($returnto);
        header("Location: login.php?notice={$notice}&returnto={$returnto}");
        exit;
    }
    $auth = auth($username, $password);
    if ($auth == 'ldap') {
        $auth = ldap_auth($username, $password);
        $authtype = 'ldap';
    }
    if ($auth == FALSE) {
        $level = "5";
        $message = "authentication failed: {$username}";
        collate_log($level, $message);
        $sql = "UPDATE users SET loginattempts=loginattempts+1 WHERE username='******'";
        $dbo->query($sql);
        $notice = "failedlogin-notice";
        $returnto = urlencode($returnto);
        header("Location: login.php?notice={$notice}&returnto={$returnto}");
        exit;
    }
    if ($auth == "locked") {
        $level = "5";
        $message = "user account locked: {$username}";
        collate_log($level, $message);
        $notice = "lockedaccount-notice";
        header("Location: login.php?notice={$notice}");
        exit;
    }
    // If they have gotten this far, they entered a correct pair of username and password.
    $now = date('Y-m-d H:i:s');
    $_SESSION['username'] = $username;
    $_SESSION['accesslevel'] = $auth['accesslevel'];
    $_SESSION['language'] = $auth['language'];
    $_SESSION['ldapexempt'] = $auth['ldapexempt'];
    $sql = "UPDATE users SET loginattempts='0' WHERE username='******'";
    $dbo->query($sql);
    $sql = "UPDATE users SET last_login_at=NOW() WHERE username='******'";
    $dbo->query($sql);
    if ($auth['passwdexpire'] < $now && $auth['passwdexpire'] != '0000-00-00 00:00:00' || isset($auth['tmppasswd'])) {
        $returnto = urlencode($returnto);
        $notice = "passwdexpired-notice";
        header("Location: login.php?op=changepasswd&returnto={$returnto}&notice={$notice}");
        exit;
    }
    if ($authtype == 'ldap') {
        $_SESSION['auth_type'] = 'ldap';
    }
    $notice = "loginsuccess-notice";
    if (stristr($returnto, "?") == TRUE) {
        $sep = "&";
    } else {
        $sep = "?";
    }
    $returnto .= $sep . "notice=" . $notice;
    if (stristr($returnto, ".php") == TRUE) {
        header("Location: {$returnto}");
        exit;
    } else {
        header("Location: index.php?notice={$notice}");
        exit;
    }
}
Пример #9
0
if (!defined('DIRECT_ACCESS')) {
    die('ERR: access denied');
    die;
}
require_once 'f-settings.php';
require_once 'f-ldap.php';
require_once 'f-ip.php';
if (isset($_POST['myusername'], $_POST['mypassword'])) {
    ob_start();
    /*
     *---------------------------------------------------------------
     * Call ldap_auth function from f-ldap.php
     *---------------------------------------------------------------
     *
     */
    if (ldap_auth($_POST['myusername'], $_POST['mypassword'])) {
        $my_usr = $_POST['myusername'];
        /*
         *---------------------------------------------------------------
         * Sanitize username
         *---------------------------------------------------------------
         *
         */
        $my_usr = filter_var($my_usr, FILTER_SANITIZE_STRING);
        $my_usr = filter_var($my_usr, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH);
        /*
         *---------------------------------------------------------------
         * Save the vars accross pages
         *---------------------------------------------------------------
         *
         */
Пример #10
0
function verify() {

    if (isset($_SESSION['user'])) {

        // Return: Already logged in
        return true;

    }

    $userName = $_POST["userName"];
    $password = $_POST["md5"];

    $userName = sanitize_input($userName,2);
    $password = sanitize_input($password,1);

    ### Disable clear text password.  Password is encrypted in the browser with javascript
    #$password = $_POST["password"];


    // Assuming we have a valid username/password, check LDAP for authentication
    if (($userName != "") && ($password != "")) {


        $ldapVerified = ldap_auth ($userName, $password);

    } else {

        // user must log in
        $text = "Please login";
        write_log_in( $text );
        exit;

    }

    // If LDAP is disabled, use database to authenticate
    if ($ldapVerified == -1) {

        // verify username/password and log in
        $query = "
            SELECT id
            FROM people
            WHERE username = '******'
            AND password = '******'
            AND status > 0";

        $result = run_query($query);
        $numMatchingUsers = count($result);

    } elseif ($ldapVerified == 0) {

         // LDAP is enabled but authentication failed -> deny login
         $numMatchingUsers = 0;

    } elseif ($ldapVerified == 1) {

        // LDAP authentication succeeded

        // Remove the domain portion of the username
        $shortUserName = get_user_sans_domain($userName);

        // Get the userid for the short form of the username after authenticating with domain
        $result = get_ldap_userid($shortUserName);
        $numMatchingUsers = count($result);

    } else {

        $msg = "Unable to authenticate: Unknown return code from ldap_auth: ($ldapVerified)";
        log_entry ($msg);
        die ($msg);

    }

    if ( ($numMatchingUsers == 0) and ($ldapVerified == 1) ) {

        // New user exists in LDAP.  Create entry for new user.

        $msg = "Creating new user entry for $userName after authenticating with LDAP.";
        log_entry($msg);

        // Remove the domain portion of the username
        $shortUserName = get_user_sans_domain($userName);
        // add_update_user($username, $md5, $password, $firstname, $lastname, $email, $totalGroup, $randomPass);
        add_update_user($shortUserName, "LDAP", "LDAP", $shortUserName, null,null, "users", null);

        $result = get_ldap_userid($shortUserName);
        $numMatchingUsers = count($result);


    }

    if ($numMatchingUsers > 0) {

        // Make sure we don't have more than one matching user (should be impossible)
        if ($numMatchingUsers > 1) {
            $msg = "Error: Multiple users with the same username: $userName";
            log_entry ($msg);
            die ($msg);
        }

        $user = implode ("", $result);

        // register session variables and log the login
        $_SESSION['user'] = $user;
        $_SESSION['username'] = $userName;

        log_session ("login");

        $cmd = "UPDATE people SET last_login = now() WHERE id = $user";


        // Get the user's rights and save them in a session var
        $query = "
            SELECT rights.Actionid
            FROM  people_groups, rights
            WHERE people_groups.userid = '$user'
            AND   people_groups.groupid = rights.Usergroupid";

        $actionId = run_query($query);
        $_SESSION['rights'] = $actionId;

        run_sql_cmd($cmd);

        // Return: successful login
        return true;

    } elseif (
                ($numMatchingUsers == 0)
                and ( ($ldapVerified == 0) or ($ldapVerified == -1) )
             ) {

        // bad user and password

        $_SESSION['badlogin'] = $userName;
        log_session ("badlogin");

        $text = "Invalid username and/or password";
        write_log_in( $text );
        exit;

    } else {

        // This should never happen.
        debug_msg ("Unanticipated condition: numMatchingUsers=($numMatchingUsers) and ldapVerified=($ldapVerified)");

        $msg = "Error: Unrecoverable condition during login for user ($userName)";
        log_entry ($msg);
        die ($msg);

    }

} // end verify function