phpldapadmin/login.php

184 lines
5.4 KiB
PHP
Raw Normal View History

2009-06-30 09:22:30 +00:00
<?php
2009-06-30 09:25:54 +00:00
// $Header: /cvsroot/phpldapadmin/phpldapadmin/login.php,v 1.42 2005/04/15 13:16:59 wurley Exp $
2009-06-30 08:05:37 +00:00
2009-06-30 09:22:30 +00:00
/**
* For servers whose auth_type is set to 'cookie' or 'session'. Pass me the login info
2009-06-30 08:05:37 +00:00
* and I'll write two cookies, pla_login_dn_X and pla_pass_X
* where X is the server_id. The cookie_time comes from config.php
*
* Note: this file uses ldap_connect() and ldap_bind() only for purposes
* of verifying the user-supplied DN and Password.
*
* Variables that come in as POST vars:
* - login_dn
2009-06-30 09:24:29 +00:00
* - login_pass
2009-06-30 08:05:37 +00:00
* - server_id
2009-06-30 09:24:29 +00:00
*
* @package phpLDAPadmin
*/
/**
2009-06-30 08:05:37 +00:00
*/
2009-06-30 09:22:30 +00:00
require './common.php';
// Prevents users from coming here without going through the proper channels
isset( $_POST['server_id'] ) or header( "Location: index.php" );
2009-06-30 08:05:37 +00:00
$server_id = $_POST['server_id'];
2009-06-30 09:24:29 +00:00
$ldapserver = new LDAPServer($server_id);
2009-06-30 08:09:20 +00:00
$dn = isset( $_POST['login_dn'] ) ? $_POST['login_dn'] : null;
$uid = isset( $_POST['uid'] ) ? $_POST['uid'] : null;
$pass = isset( $_POST['login_pass'] ) ? $_POST['login_pass'] : null;
$anon_bind = isset( $_POST['anonymous_bind'] ) && $_POST['anonymous_bind'] == 'on' ? true : false;
2009-06-30 08:05:37 +00:00
2009-06-30 09:24:29 +00:00
if( ! $anon_bind )
2009-06-30 09:22:30 +00:00
strlen($pass) or pla_error( $lang['password_blank'] );
2009-06-30 08:05:37 +00:00
2009-06-30 09:24:29 +00:00
$save_auth_type = $ldapserver->auth_type;
2009-06-30 09:22:30 +00:00
2009-06-30 08:05:37 +00:00
if( $anon_bind ) {
$dn = null;
$pass = null;
}
2009-06-30 09:24:29 +00:00
2009-06-30 09:22:30 +00:00
// Checks if the login_attr option is enabled for this host,
2009-06-30 08:10:17 +00:00
// which allows users to login with a simple username like 'jdoe' rather
// than the fully qualified DN, 'uid=jdoe,ou=people,,dc=example,dc=com'.
2009-06-30 09:24:29 +00:00
elseif ( $ldapserver->isLoginAttrEnabled() ) {
// Is this a login string (printf-style)
if( $ldapserver->isLoginStringEnabled() ) {
$dn = str_replace( '<username>', $uid, $ldapserver->getLoginString() );
} else {
// This is a standard login_attr
// Fake the auth_type of config to do searching. This way, the admin can specify
// the DN to use when searching for the login_attr user.
$ldapserver->auth_type = 'config';
set_error_handler( 'temp_login_error_handler' );
2009-06-30 09:25:05 +00:00
if ($ldapserver->login_dn)
$ldapserver->connect(true,false);
else
$ldapserver->connect(true,true);
2009-06-30 09:24:29 +00:00
restore_error_handler();
if (!empty($servers[$ldapserver->server_id]['login_class'])) {
$filter = '(&(objectClass='.$servers[$ldapserver->server_id]['login_class'].')('.$servers[$ldapserver->server_id]['login_attr'].'='.$uid.'))';
} else {
$filter = $servers[$ldapserver->server_id]['login_attr'].'='.$uid;
}
// Got through each of the BASE DNs and test the login.
foreach ($ldapserver->getBaseDN() as $base_dn) {
debug_log(sprintf('login.php: Searching LDAP with base [%s]',$base_dn),9);
$sr = @ldap_search($ldapserver->connect(false), $base_dn, $filter, array('dn'), 0, 1);
$result = @ldap_get_entries($ldapserver->connect(false), $sr);
$dn = isset( $result[0]['dn'] ) ? $result[0]['dn'] : false;
if ($dn) {
debug_log(sprintf('login.php: Got DN [%s] for user ID [%s]',$dn,$uid),5);
break;
}
}
// If we got here then we werent able to find a DN for the login filter.
if( ! $dn ) {
pla_error( $lang['bad_user_name_or_password'] );
}
// restore the original auth_type
$ldapserver->auth_type = $save_auth_type;
}
2009-06-30 08:07:14 +00:00
}
2009-06-30 09:24:29 +00:00
// We fake a 'config' server auth_type to omit duplicated code
debug_log(sprintf('Setting login type to config with DN [%s]',$dn),9);
$save_auth_type = $ldapserver->auth_type;
$ldapserver->auth_type = 'config';
$servers[$ldapserver->server_id]['login_dn'] = $dn;
$servers[$ldapserver->server_id]['login_pass'] = $pass;
2009-06-30 08:05:37 +00:00
2009-06-30 09:24:29 +00:00
// Verify that dn is allowed to login
if ( ! userIsAllowedLogin($ldapserver,$dn) )
pla_error( $lang['login_not_allowed'] );
debug_log(sprintf('User is not prohibited from logging in - now bind [%s]',$dn),9);
// verify that the login is good
2009-06-30 09:22:30 +00:00
if( null == $dn && null == $pass )
2009-06-30 09:24:29 +00:00
$ds = $ldapserver->connect(true,true,true);
2009-06-30 08:10:17 +00:00
else
2009-06-30 09:24:29 +00:00
$ds = $ldapserver->connect(true,false,true);
debug_log(sprintf('login.php: ds is a [%s]',$ds),9);
2009-06-30 08:05:37 +00:00
2009-06-30 09:24:29 +00:00
if( ! is_resource( $ds ) ) {
2009-06-30 08:10:17 +00:00
if( $anon_bind )
2009-06-30 09:22:30 +00:00
pla_error( $lang['could_not_bind_anon'] );
2009-06-30 08:10:17 +00:00
else
2009-06-30 09:22:30 +00:00
pla_error( $lang['bad_user_name_or_password'] );
2009-06-30 08:05:37 +00:00
2009-06-30 09:25:54 +00:00
syslog_notice ( "Authentification FAILED for $dn" );
2009-06-30 09:24:29 +00:00
}
$ldapserver->auth_type = $save_auth_type;
set_login_dn( $ldapserver, $dn, $pass, $anon_bind ) or pla_error( $lang['could_not_set_cookie'] );
set_lastactivity( $ldapserver );
2009-06-30 09:22:30 +00:00
initialize_session_tree();
2009-06-30 09:24:29 +00:00
$_SESSION['tree'][$ldapserver->server_id] = array();
$_SESSION['tree_icons'][$ldapserver->server_id] = array();
if( ! $anon_bind ) {
2009-06-30 09:25:54 +00:00
syslog_notice ( "Authentification successful for $dn" );
2009-06-30 09:24:29 +00:00
}
2009-06-30 08:09:20 +00:00
session_write_close();
2009-06-30 09:22:30 +00:00
include realpath( 'header.php' );
2009-06-30 08:05:37 +00:00
?>
<body>
2009-06-30 09:22:30 +00:00
<script language="javascript">
<?php if( $anon_bind && anon_bind_tree_disabled() ) { ?>
2009-06-30 09:24:29 +00:00
parent.location.href='search.php?server_id=<?php echo $ldapserver->server_id; ?>'
2009-06-30 09:22:30 +00:00
<?php } else { ?>
parent.left_frame.location.reload();
2009-06-30 09:24:29 +00:00
<?php } ?>
2009-06-30 08:05:37 +00:00
2009-06-30 09:24:29 +00:00
<?php if ( isset($custom_welcome_page) and $custom_welcome_page ) { ?>
parent.right_frame.location.href='welcome.php';
2009-06-30 08:05:37 +00:00
<?php } ?>
2009-06-30 09:22:30 +00:00
</script>
2009-06-30 08:05:37 +00:00
2009-06-30 09:22:30 +00:00
<center>
<br />
<br />
<br />
2009-06-30 09:24:29 +00:00
<?php echo sprintf( $lang['successfully_logged_in_to_server'],
htmlspecialchars( $ldapserver->name ) ); ?><br />
2009-06-30 09:22:30 +00:00
<?php if( $anon_bind ) { ?>
2009-06-30 09:24:29 +00:00
(<?php echo $lang['anonymous_bind']; ?>)
2009-06-30 08:05:37 +00:00
<?php } ?>
2009-06-30 09:22:30 +00:00
<br />
</center>
2009-06-30 08:05:37 +00:00
</body>
</html>
2009-06-30 09:22:30 +00:00
<?php
/**
* Only gets called when we fail to login.
*/
function temp_login_error_handler( $errno, $errstr, $file, $lineno )
{
2009-06-30 09:24:29 +00:00
global $lang;
2009-06-30 09:22:30 +00:00
if( 0 == ini_get( 'error_reporting' ) || 0 == error_reporting() )
2009-06-30 09:24:29 +00:00
return;
pla_error( $lang['could_not_connect'] . "<br /><br />" . htmlspecialchars( $errstr ) );
2009-06-30 09:22:30 +00:00
}
?>