RELEASE 1.1.0.2
This commit is contained in:
Deon George
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.56 2007/12/15 07:50:30 wurley Exp $
|
||||
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.56.2.2 2007/12/29 08:24:10 wurley Exp $
|
||||
|
||||
/**
|
||||
* For servers whose auth_type is set to 'cookie' or 'session'. Pass me the
|
||||
@@ -13,30 +13,29 @@
|
||||
|
||||
require './common.php';
|
||||
|
||||
$dn = get_request('login_dn');
|
||||
$pass = get_request('login_pass');
|
||||
$uid = get_request('uid');
|
||||
$login['val'] = get_request($ldapserver->getLoginAttr());
|
||||
$login['pass'] = get_request('login_pass');
|
||||
|
||||
if ($ldapserver->isAnonBindAllowed())
|
||||
$anon_bind = get_request('anonymous_bind') == 'on' ? true : false;
|
||||
else
|
||||
$anon_bind = false;
|
||||
|
||||
if (! $anon_bind && ! strlen($pass))
|
||||
if (! $anon_bind && ! strlen($login['pass']))
|
||||
system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('You left the password blank.'),
|
||||
'type'=>'warn'),
|
||||
'cmd.php?cmd=login_form');
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
|
||||
|
||||
$save_auth_type = $ldapserver->auth_type;
|
||||
|
||||
if ($anon_bind) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Anonymous Login was posted [%s].',64,$anon_bind);
|
||||
debug_log('Anonymous Login was posted [%s].',64,__FILE__,__LINE__,__METHOD__,$anon_bind);
|
||||
|
||||
$dn = null;
|
||||
$pass = null;
|
||||
$login['dn'] = null;
|
||||
$login['pass'] = null;
|
||||
|
||||
/* Checks if the login_attr option is enabled for this host,
|
||||
which allows users to login with a simple username like 'jdoe' rather
|
||||
@@ -45,10 +44,10 @@ if ($anon_bind) {
|
||||
|
||||
# Is this a login string (printf-style)
|
||||
if ($ldapserver->isLoginStringEnabled()) {
|
||||
$dn = str_replace('<username>',$uid,$ldapserver->getLoginString());
|
||||
$login['dn'] = str_replace('<username>',$ldapserver->getLoginAttr(),$ldapserver->getLoginString());
|
||||
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('LoginStringDN: [%s]',64,$dn);
|
||||
debug_log('LoginStringDN: [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn']);
|
||||
|
||||
} else {
|
||||
# This is a standard login_attr
|
||||
@@ -63,36 +62,36 @@ if ($anon_bind) {
|
||||
$ldapserver->connect(true,'anonymous');
|
||||
|
||||
if (! empty($ldapserver->login_class))
|
||||
$filter = sprintf('(&(objectClass=%s)(%s=%s))',$ldapserver->login_class,$ldapserver->login_attr,$uid);
|
||||
$filter = sprintf('(&(objectClass=%s)(%s=%s))',$ldapserver->login_class,$ldapserver->getLoginAttr(),$login['val']);
|
||||
else
|
||||
$filter = sprintf('%s=%s',$ldapserver->login_attr,$uid);
|
||||
$filter = sprintf('%s=%s',$ldapserver->getLoginAttr(),$login['val']);
|
||||
|
||||
# Got through each of the BASE DNs and test the login.
|
||||
foreach ($ldapserver->getBaseDN() as $base_dn) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Searching LDAP with base [%s]',64,$base_dn);
|
||||
debug_log('Searching LDAP with base [%s]',64,__FILE__,__LINE__,__METHOD__,$base_dn);
|
||||
|
||||
$result = $ldapserver->search(null,$base_dn,$filter,array('dn'));
|
||||
$result = array_pop($result);
|
||||
$dn = $result['dn'];
|
||||
$login['dn'] = $result['dn'];
|
||||
|
||||
if ($dn) {
|
||||
if ($login['dn']) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Got DN [%s] for user ID [%s]',64,$dn,$uid);
|
||||
debug_log('Got DN [%s] for user ID [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn'],$login['val']);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
# If we got here then we werent able to find a DN for the login filter.
|
||||
if (! $dn)
|
||||
if (! $login['dn'])
|
||||
if ($ldapserver->login_fallback_dn)
|
||||
$dn = $uid;
|
||||
$login['dn'] = $login['val'];
|
||||
else
|
||||
system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('Bad username or password. Please try again.'),
|
||||
'type'=>'error'),
|
||||
'cmd.php?cmd=login_form');
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
|
||||
|
||||
# Restore the original auth_type
|
||||
$ldapserver->auth_type = $save_auth_type;
|
||||
@@ -101,32 +100,32 @@ if ($anon_bind) {
|
||||
|
||||
# We fake a 'config' server auth_type to omit duplicated code
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Setting login type to CONFIG with DN [%s]',64,$dn);
|
||||
debug_log('Setting login type to CONFIG with DN [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn']);
|
||||
|
||||
$save_auth_type = $ldapserver->auth_type;
|
||||
$ldapserver->auth_type = 'config';
|
||||
$ldapserver->login_dn = $dn;
|
||||
$ldapserver->login_pass = $pass;
|
||||
$ldapserver->login_dn = $login['dn'];
|
||||
$ldapserver->login_pass = $login['pass'];
|
||||
|
||||
# Verify that dn is allowed to login
|
||||
if (! $ldapserver->userIsAllowedLogin($dn))
|
||||
if (! $ldapserver->userIsAllowedLogin($login['dn']))
|
||||
system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('Sorry, you are not allowed to use phpLDAPadmin with this LDAP server.'),
|
||||
'type'=>'error'),
|
||||
'cmd.php?cmd=login_form');
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
|
||||
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('User is not prohibited from logging in - now bind with DN [%s]',64,$dn);
|
||||
debug_log('User is not prohibited from logging in - now bind with DN [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn']);
|
||||
|
||||
# Verify that the login is good
|
||||
if (is_null($dn) && is_null($pass))
|
||||
if (is_null($login['dn']) && is_null($login['pass']))
|
||||
$ds = $ldapserver->connect(false,'anonymous',true);
|
||||
else
|
||||
$ds = $ldapserver->connect(false,'user',true);
|
||||
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Connection returned [%s]',64,$ds);
|
||||
debug_log('Connection returned [%s]',64,__FILE__,__LINE__,__METHOD__,$ds);
|
||||
|
||||
if (! is_resource($ds)) {
|
||||
if ($anon_bind)
|
||||
@@ -134,24 +133,24 @@ if (! is_resource($ds)) {
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('Could not bind anonymously to server.'),
|
||||
'type'=>'error'),
|
||||
'cmd.php?cmd=login_form');
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
|
||||
|
||||
else
|
||||
system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('Bad username or password. Please try again.'),
|
||||
'type'=>'error'),
|
||||
'cmd.php?cmd=login_form');
|
||||
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
|
||||
|
||||
syslog_notice("Authentification FAILED for $dn");
|
||||
syslog_notice(sprintf('Authentification FAILED for %s',$login['dn']));
|
||||
}
|
||||
|
||||
$ldapserver->auth_type = $save_auth_type;
|
||||
$ldapserver->setLoginDN($dn,$pass,$anon_bind) or pla_error(_('Could not set cookie.'));
|
||||
$ldapserver->setLoginDN($login['dn'],$login['pass'],$anon_bind) or pla_error(_('Could not set cookie.'));
|
||||
set_lastactivity($ldapserver);
|
||||
|
||||
if (! $anon_bind) {
|
||||
syslog_notice("Authentification successful for $dn");
|
||||
syslog_notice(sprintf('Authentification successful for %s',$login['dn']));
|
||||
}
|
||||
|
||||
# Since we were successful, clear the cache so that it will be refreshed with the new creditentials.
|
||||
@@ -161,5 +160,5 @@ system_message(array(
|
||||
'title'=>_('Authenticate to server'),
|
||||
'body'=>_('Successfully logged into server.').($anon_bind ? sprintf(' (%s)',_('Anonymous Bind')) : ''),
|
||||
'type'=>'info'),
|
||||
'index.php');
|
||||
sprintf('index.php?server_id=%s',$ldapserver->server_id));
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user