2009-06-30 08:12:47 +00:00
|
|
|
<?php
|
|
|
|
|
// $Header: /cvsroot/phpldapadmin/phpldapadmin/login.php,v 1.29 2004/04/23 12:34:06 uugdave Exp $
|
|
|
|
|
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
/**
|
|
|
|
|
* For servers whose auth_type is set to 'cookie' or 'session'. Pass me the login info
|
2009-06-30 08:05:37 +00:00
|
|
|
* and I'll write two cookies, pla_login_dn_X and pla_pass_X
|
|
|
|
|
* where X is the server_id. The cookie_time comes from config.php
|
|
|
|
|
*
|
|
|
|
|
* Note: this file uses ldap_connect() and ldap_bind() only for purposes
|
|
|
|
|
* of verifying the user-supplied DN and Password.
|
|
|
|
|
*
|
|
|
|
|
* Variables that come in as POST vars:
|
|
|
|
|
* - login_dn
|
|
|
|
|
* - login_pass
|
|
|
|
|
* - server_id
|
|
|
|
|
*/
|
|
|
|
|
|
2009-06-30 08:07:14 +00:00
|
|
|
require 'common.php';
|
2009-06-30 08:05:37 +00:00
|
|
|
|
|
|
|
|
$server_id = $_POST['server_id'];
|
2009-06-30 08:09:20 +00:00
|
|
|
$dn = isset( $_POST['login_dn'] ) ? $_POST['login_dn'] : null;
|
|
|
|
|
$uid = isset( $_POST['uid'] ) ? $_POST['uid'] : null;
|
|
|
|
|
$pass = isset( $_POST['login_pass'] ) ? $_POST['login_pass'] : null;
|
|
|
|
|
$anon_bind = isset( $_POST['anonymous_bind'] ) && $_POST['anonymous_bind'] == 'on' ? true : false;
|
2009-06-30 08:12:47 +00:00
|
|
|
check_server_id( $server_id ) or pla_error( $lang['bad_server_id'] );
|
2009-06-30 08:05:37 +00:00
|
|
|
|
|
|
|
|
if( ! $anon_bind ) {
|
2009-06-30 08:12:47 +00:00
|
|
|
strlen($pass) or pla_error( $lang['password_blank'] );
|
2009-06-30 08:05:37 +00:00
|
|
|
}
|
|
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
$auth_type = $servers[$server_id]['auth_type'];
|
|
|
|
|
|
2009-06-30 08:05:37 +00:00
|
|
|
if( $anon_bind ) {
|
|
|
|
|
$dn = null;
|
|
|
|
|
$pass = null;
|
|
|
|
|
}
|
2009-06-30 08:12:47 +00:00
|
|
|
// Checks if the login_attr option is enabled for this host,
|
2009-06-30 08:10:17 +00:00
|
|
|
// which allows users to login with a simple username like 'jdoe' rather
|
|
|
|
|
// than the fully qualified DN, 'uid=jdoe,ou=people,,dc=example,dc=com'.
|
2009-06-30 08:12:47 +00:00
|
|
|
elseif ( login_attr_enabled( $server_id ) ) {
|
|
|
|
|
|
|
|
|
|
// Fake the auth_type of config to do searching. This way, the admin can specify
|
|
|
|
|
// the DN to use when searching for the login_attr user.
|
|
|
|
|
$servers[$server_id]['auth_type'] = 'config';
|
2009-06-30 08:07:14 +00:00
|
|
|
|
|
|
|
|
// search for the "uid" first
|
2009-06-30 08:12:47 +00:00
|
|
|
set_error_handler( 'temp_login_error_handler' );
|
|
|
|
|
$ds = pla_ldap_connect( $server_id ) or pla_error( $lang['could_not_bind'] );
|
|
|
|
|
restore_error_handler();
|
2009-06-30 08:10:17 +00:00
|
|
|
$search_base = isset( $servers[$server_id]['base'] ) && '' != trim( $servers[$server_id]['base'] ) ?
|
|
|
|
|
$servers[$server_id]['base'] :
|
2009-06-30 08:12:47 +00:00
|
|
|
try_to_get_root_dn( $server_id, $ds );
|
|
|
|
|
if (!empty($servers[$server_id]['login_class'])) {
|
|
|
|
|
$filter = '(&(objectClass='.$servers[$server_id]['login_class'].')('.$servers[$server_id]['login_attr'].'='.$uid.'))';
|
|
|
|
|
} else {
|
|
|
|
|
$filter = $servers[$server_id]['login_attr'].'='.$uid;
|
|
|
|
|
}
|
|
|
|
|
$sr = @ldap_search($ds, $search_base, $filter, array('dn'), 0, 1);
|
|
|
|
|
$result = @ldap_get_entries($ds, $sr);
|
2009-06-30 08:10:17 +00:00
|
|
|
$dn = isset( $result[0]['dn'] ) ? $result[0]['dn'] : false;
|
2009-06-30 08:12:47 +00:00
|
|
|
if( ! $dn ) {
|
|
|
|
|
pla_error( $lang['bad_user_name_or_password'] );
|
|
|
|
|
}
|
2009-06-30 08:07:14 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
// restore the original auth_type
|
|
|
|
|
$servers[$server_id]['auth_type'] = $auth_type;
|
2009-06-30 08:10:17 +00:00
|
|
|
}
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
// We fake a 'config' server config to omit duplicated code
|
|
|
|
|
$auth_type = $servers[$server_id]['auth_type'];
|
|
|
|
|
$servers[$server_id]['auth_type'] = 'config';
|
|
|
|
|
$servers[$server_id]['login_dn'] = $dn;
|
|
|
|
|
$servers[$server_id]['login_pass'] = $pass;
|
|
|
|
|
|
|
|
|
|
// verify that the login is good
|
|
|
|
|
$ds = pla_ldap_connect( $server_id );
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
if ( ! $ds ) {
|
2009-06-30 08:10:17 +00:00
|
|
|
if( $anon_bind )
|
2009-06-30 08:12:47 +00:00
|
|
|
pla_error( $lang['could_not_bind_anon'] );
|
2009-06-30 08:10:17 +00:00
|
|
|
else
|
2009-06-30 08:12:47 +00:00
|
|
|
pla_error( $lang['bad_user_name_or_password'] );
|
2009-06-30 08:10:17 +00:00
|
|
|
}
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
$servers[$server_id]['auth_type'] = $auth_type;
|
|
|
|
|
set_login_dn( $server_id, $dn, $pass, $anon_bind ) or pla_error( $lang['could_not_set_cookie'] );
|
|
|
|
|
|
|
|
|
|
initialize_session_tree();
|
|
|
|
|
$_SESSION['tree'][$server_id] = array();
|
|
|
|
|
$_SESSION['tree_icons'][$server_id] = array();
|
2009-06-30 08:09:20 +00:00
|
|
|
|
|
|
|
|
session_write_close();
|
|
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
include realpath( 'header.php' );
|
2009-06-30 08:05:37 +00:00
|
|
|
?>
|
|
|
|
|
|
|
|
|
|
<script language="javascript">
|
2009-06-30 08:12:47 +00:00
|
|
|
<?php if( $anon_bind && anon_bind_tree_disabled() ) { ?>
|
|
|
|
|
|
|
|
|
|
parent.location.href='search.php?server_id=<?php echo $server_id; ?>'
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
<?php } else { ?>
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
parent.left_frame.location.reload();
|
2009-06-30 08:05:37 +00:00
|
|
|
|
|
|
|
|
<?php } ?>
|
2009-06-30 08:12:47 +00:00
|
|
|
</script>
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
<center>
|
|
|
|
|
<br />
|
|
|
|
|
<br />
|
|
|
|
|
<br />
|
|
|
|
|
<?php echo sprintf( $lang['successfully_logged_in_to_server'],
|
|
|
|
|
htmlspecialchars( $servers[$server_id]['name'] ) ); ?><br />
|
|
|
|
|
<?php if( $anon_bind ) { ?>
|
|
|
|
|
(<?php echo $lang['anonymous_bind']; ?>)
|
2009-06-30 08:05:37 +00:00
|
|
|
<?php } ?>
|
2009-06-30 08:12:47 +00:00
|
|
|
<br />
|
|
|
|
|
</center>
|
2009-06-30 08:05:37 +00:00
|
|
|
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
|
|
|
|
|
2009-06-30 08:12:47 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Only gets called when we fail to login.
|
|
|
|
|
*/
|
|
|
|
|
function temp_login_error_handler( $errno, $errstr, $file, $lineno )
|
|
|
|
|
{
|
|
|
|
|
global $lang;
|
|
|
|
|
if( 0 == ini_get( 'error_reporting' ) || 0 == error_reporting() )
|
|
|
|
|
return;
|
|
|
|
|
pla_error( $lang['could_not_connect'] . "<br /><br />" . htmlspecialchars( $errstr ) );
|
|
|
|
|
}
|
|
|
|
|
?>
|
|
|
|
|
|
