| [ Index ] |
PHP Cross Reference of phpBB 3.0 Beta 3 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * LDAP auth plug-in for phpBB3 5 * 6 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. 7 * 8 * @package login 9 * @version $Id: auth_ldap.php,v 1.22 2006/11/03 21:04:09 acydburn Exp $ 10 * @copyright (c) 2005 phpBB Group 11 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 12 * 13 */ 14 15 /** 16 * Connect to ldap server 17 * Only allow changing authentication to ldap if we can connect to the ldap server 18 * Called in acp_board while setting authentication plugins 19 */ 20 function init_ldap() 21 { 22 global $config, $user; 23 24 if (!@extension_loaded('ldap')) 25 { 26 return $user->lang['LDAP_NO_LDAP_EXTENSION']; 27 } 28 29 if (!($ldap = @ldap_connect($config['ldap_server']))) 30 { 31 return $user->lang['LDAP_NO_SERVER_CONNECTION']; 32 } 33 34 @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 35 @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); 36 37 // ldap_connect only checks whether the specified server is valid, so the connection might still fail 38 $search = @ldap_search( 39 $ldap, 40 $config['ldap_base_dn'], 41 '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($user->data['username'])) . ')', 42 (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 43 0, 44 1 45 ); 46 47 if ($search === false) 48 { 49 return $user->lang['LDAP_NO_SERVER_CONNECTION']; 50 } 51 52 $result = @ldap_get_entries($ldap, $search); 53 54 @ldap_close($ldap); 55 56 57 if (!is_array($result) || sizeof($result) < 2) 58 { 59 return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); 60 } 61 62 if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']])) 63 { 64 return $user->lang['LDAP_NO_EMAIL']; 65 } 66 67 return false; 68 } 69 70 /** 71 * Login function 72 */ 73 function login_ldap(&$username, &$password) 74 { 75 global $db, $config, $user; 76 77 if (!@extension_loaded('ldap')) 78 { 79 return array( 80 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 81 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', 82 'user_row' => array('user_id' => ANONYMOUS), 83 ); 84 } 85 86 if (!($ldap = @ldap_connect($config['ldap_server']))) 87 { 88 return array( 89 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 90 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 91 'user_row' => array('user_id' => ANONYMOUS), 92 ); 93 } 94 95 @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 96 @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); 97 98 $search = @ldap_search( 99 $ldap, 100 $config['ldap_base_dn'], 101 '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')', 102 (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 103 0, 104 1 105 ); 106 107 $ldap_result = @ldap_get_entries($ldap, $search); 108 109 if (is_array($ldap_result) && sizeof($ldap_result) > 1) 110 { 111 if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) 112 { 113 @ldap_close($ldap); 114 115 $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type 116 FROM ' . USERS_TABLE . " 117 WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; 118 $result = $db->sql_query($sql); 119 $row = $db->sql_fetchrow($result); 120 $db->sql_freeresult($result); 121 122 if ($row) 123 { 124 unset($ldap_result); 125 126 // User inactive... 127 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 128 { 129 return array( 130 'status' => LOGIN_ERROR_ACTIVE, 131 'error_msg' => 'ACTIVE_ERROR', 132 'user_row' => $row, 133 ); 134 } 135 136 // Successful login... set user_login_attempts to zero... 137 return array( 138 'status' => LOGIN_SUCCESS, 139 'error_msg' => false, 140 'user_row' => $row, 141 ); 142 } 143 else 144 { 145 // retrieve default group id 146 $sql = 'SELECT group_id 147 FROM ' . GROUPS_TABLE . " 148 WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' 149 AND group_type = " . GROUP_SPECIAL; 150 $result = $db->sql_query($sql); 151 $row = $db->sql_fetchrow($result); 152 $db->sql_freeresult($result); 153 154 if (!$row) 155 { 156 trigger_error('NO_GROUP'); 157 } 158 159 // generate user account data 160 $ldap_user_row = array( 161 'username' => $username, 162 'user_password' => md5($password), 163 'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '', 164 'group_id' => (int) $row['group_id'], 165 'user_type' => USER_NORMAL, 166 'user_ip' => $user->ip, 167 ); 168 169 unset($ldap_result); 170 171 // this is the user's first login so create an empty profile 172 return array( 173 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 174 'error_msg' => false, 175 'user_row' => $ldap_user_row, 176 ); 177 } 178 } 179 else 180 { 181 unset($ldap_result); 182 @ldap_close($ldap); 183 184 // Give status about wrong password... 185 return array( 186 'status' => LOGIN_ERROR_PASSWORD, 187 'error_msg' => 'LOGIN_ERROR_PASSWORD', 188 'user_row' => array('user_id' => ANONYMOUS), 189 ); 190 } 191 } 192 193 @ldap_close($ldap); 194 195 return array( 196 'status' => LOGIN_ERROR_USERNAME, 197 'error_msg' => 'LOGIN_ERROR_USERNAME', 198 'user_row' => array('user_id' => ANONYMOUS), 199 ); 200 } 201 202 /** 203 * Escapes an LDAP AttributeValue 204 */ 205 function ldap_escape($string) 206 { 207 return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); 208 } 209 210 /** 211 * This function is used to output any required fields in the authentication 212 * admin panel. It also defines any required configuration table fields. 213 */ 214 function acp_ldap(&$new) 215 { 216 global $user; 217 218 $tpl = ' 219 220 <dl> 221 <dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt> 222 <dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd> 223 </dl> 224 <dl> 225 <dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt> 226 <dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd> 227 </dl> 228 <dl> 229 <dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt> 230 <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> 231 </dl> 232 <dl> 233 <dt><label for="ldap_uid">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> 234 <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> 235 </dl> 236 '; 237 238 // These are fields required in the config table 239 return array( 240 'tpl' => $tpl, 241 'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email') 242 ); 243 } 244 245 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 22 00:35:05 2006 | Cross-referenced by PHPXref 0.6 |