RELEASE 0.9.8
This commit is contained in:
Deon George
120
htdocs/login.php
120
htdocs/login.php
@@ -1,13 +1,10 @@
|
||||
<?php
|
||||
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.49.2.2 2005/10/17 10:03:38 wurley Exp $
|
||||
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.51.2.9 2005/12/31 03:13:48 wurley Exp $
|
||||
|
||||
/**
|
||||
* For servers whose auth_type is set to 'cookie' or 'session'. Pass me the login info
|
||||
* and I'll write two cookies, pla_login_dn_X and pla_pass_X
|
||||
* where X is the server_id. The cookie_time comes from config.php
|
||||
*
|
||||
* Note: this file uses ldap_connect() and ldap_bind() only for purposes
|
||||
* of verifying the user-supplied DN and Password.
|
||||
* For servers whose auth_type is set to 'cookie' or 'session'. Pass me the
|
||||
* login info and I'll write two cookies, pla_login_dn_X and pla_pass_X where X
|
||||
* is the server_id. The cookie_time comes from config.php
|
||||
*
|
||||
* Variables that come in via common.php
|
||||
* - server_id
|
||||
@@ -24,24 +21,25 @@ require './common.php';
|
||||
|
||||
# Prevents users from coming here without going through the proper channels
|
||||
if (! isset($ldapserver))
|
||||
header("Location: index.php");
|
||||
header('Location: index.php');
|
||||
|
||||
$dn = isset($_POST['login_dn']) ? $_POST['login_dn'] : null;
|
||||
$pass = isset($_POST['login_pass']) ? $_POST['login_pass'] : null;
|
||||
$uid = isset($_POST['uid']) ? $_POST['uid'] : null;
|
||||
|
||||
$dn = isset( $_POST['login_dn'] ) ? $_POST['login_dn'] : null;
|
||||
$uid = isset( $_POST['uid'] ) ? $_POST['uid'] : null;
|
||||
$pass = isset( $_POST['login_pass'] ) ? $_POST['login_pass'] : null;
|
||||
if ($ldapserver->isAnonBindAllowed())
|
||||
$anon_bind = isset( $_POST['anonymous_bind'] ) && $_POST['anonymous_bind'] == 'on' ? true : false;
|
||||
$anon_bind = isset($_POST['anonymous_bind']) && $_POST['anonymous_bind'] == 'on' ? true : false;
|
||||
else
|
||||
$anon_bind = false;
|
||||
|
||||
if( ! $anon_bind )
|
||||
strlen($pass) or pla_error( $lang['password_blank'] );
|
||||
if (! $anon_bind)
|
||||
strlen($pass) or pla_error(_('You left the password blank.'));
|
||||
|
||||
$save_auth_type = $ldapserver->auth_type;
|
||||
|
||||
if ($anon_bind) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Anonymous Login was posted [%s].',4,$anon_bind);
|
||||
debug_log('Anonymous Login was posted [%s].',64,$anon_bind);
|
||||
|
||||
$dn = null;
|
||||
$pass = null;
|
||||
@@ -52,11 +50,11 @@ if ($anon_bind) {
|
||||
} elseif ($ldapserver->isLoginAttrEnabled()) {
|
||||
|
||||
# Is this a login string (printf-style)
|
||||
if( $ldapserver->isLoginStringEnabled() ) {
|
||||
$dn = str_replace( '<username>', $uid, $ldapserver->getLoginString() );
|
||||
if ($ldapserver->isLoginStringEnabled()) {
|
||||
$dn = str_replace('<username>',$uid,$ldapserver->getLoginString());
|
||||
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('LoginStringDN: [%s]',3,$dn);
|
||||
debug_log('LoginStringDN: [%s]',64,$dn);
|
||||
|
||||
} else {
|
||||
# This is a standard login_attr
|
||||
@@ -65,11 +63,12 @@ if ($anon_bind) {
|
||||
the DN to use when searching for the login_attr user. */
|
||||
$ldapserver->auth_type = 'config';
|
||||
|
||||
set_error_handler( 'temp_login_error_handler' );
|
||||
set_error_handler('temp_login_error_handler');
|
||||
if ($ldapserver->login_dn)
|
||||
$ldapserver->connect(true,false);
|
||||
$ldapserver->connect(true,'user');
|
||||
else
|
||||
$ldapserver->connect(true,true);
|
||||
$ldapserver->connect(true,'anonymous');
|
||||
|
||||
restore_error_handler();
|
||||
|
||||
if (! empty($ldapserver->login_class))
|
||||
@@ -80,15 +79,14 @@ if ($anon_bind) {
|
||||
# Got through each of the BASE DNs and test the login.
|
||||
foreach ($ldapserver->getBaseDN() as $base_dn) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Searching LDAP with base [%s]',9,$base_dn);
|
||||
debug_log('Searching LDAP with base [%s]',64,$base_dn);
|
||||
|
||||
$sr = @ldap_search($ldapserver->connect(false), $base_dn, $filter, array('dn'), 0, 1);
|
||||
$result = @ldap_get_entries($ldapserver->connect(false), $sr);
|
||||
$dn = isset( $result[0]['dn'] ) ? $result[0]['dn'] : false;
|
||||
$result = array_pop($ldapserver->search(null,$base_dn,$filter,array('dn')));
|
||||
$dn = $result['dn'];
|
||||
|
||||
if ($dn) {
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Got DN [%s] for user ID [%s]',5,$dn,$uid);
|
||||
debug_log('Got DN [%s] for user ID [%s]',64,$dn,$uid);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -96,7 +94,7 @@ if ($anon_bind) {
|
||||
|
||||
# If we got here then we werent able to find a DN for the login filter.
|
||||
if (! $dn)
|
||||
pla_error($lang['bad_user_name_or_password']);
|
||||
pla_error(_('Bad username or password. Please try again.'));
|
||||
|
||||
# restore the original auth_type
|
||||
$ldapserver->auth_type = $save_auth_type;
|
||||
@@ -105,7 +103,7 @@ if ($anon_bind) {
|
||||
|
||||
# We fake a 'config' server auth_type to omit duplicated code
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Setting login type to CONFIG with DN [%s]',9,$dn);
|
||||
debug_log('Setting login type to CONFIG with DN [%s]',64,$dn);
|
||||
|
||||
$save_auth_type = $ldapserver->auth_type;
|
||||
$ldapserver->auth_type = 'config';
|
||||
@@ -113,80 +111,66 @@ $ldapserver->login_dn = $dn;
|
||||
$ldapserver->login_pass = $pass;
|
||||
|
||||
# Verify that dn is allowed to login
|
||||
if (! userIsAllowedLogin($ldapserver,$dn))
|
||||
pla_error( $lang['login_not_allowed'] );
|
||||
if (! $ldapserver->userIsAllowedLogin($dn))
|
||||
pla_error(_('Sorry, you are not allowed to use phpLDAPadmin with this LDAP server.'));
|
||||
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('User is not prohibited from logging in - now bind with DN [%s]',9,$dn);
|
||||
debug_log('User is not prohibited from logging in - now bind with DN [%s]',64,$dn);
|
||||
|
||||
# verify that the login is good
|
||||
if( is_null($dn) && is_null($pass))
|
||||
$ds = $ldapserver->connect(true,true,true);
|
||||
if (is_null($dn) && is_null($pass))
|
||||
$ds = $ldapserver->connect(true,'anonymous',true);
|
||||
else
|
||||
$ds = $ldapserver->connect(true,false,true);
|
||||
$ds = $ldapserver->connect(true,'user',true);
|
||||
|
||||
if (DEBUG_ENABLED)
|
||||
debug_log('Connection returned [%s]',9,$ds);
|
||||
debug_log('Connection returned [%s]',64,$ds);
|
||||
|
||||
if (! is_resource($ds)) {
|
||||
if ($anon_bind)
|
||||
pla_error($lang['could_not_bind_anon']);
|
||||
pla_error(_('Could not bind anonymously to server.'),null,null,true);
|
||||
else
|
||||
pla_error($lang['bad_user_name_or_password']);
|
||||
pla_error(_('Bad username or password. Please try again.'),null,null,true);
|
||||
|
||||
syslog_notice("Authentification FAILED for $dn");
|
||||
}
|
||||
|
||||
$ldapserver->auth_type = $save_auth_type;
|
||||
set_login_dn($ldapserver,$dn,$pass,$anon_bind) or pla_error( $lang['could_not_set_cookie'] );
|
||||
$ldapserver->setLoginDN($dn,$pass,$anon_bind) or pla_error(_('Could not set cookie.'));
|
||||
set_lastactivity($ldapserver);
|
||||
|
||||
initialize_session_tree();
|
||||
$_SESSION['tree'][$ldapserver->server_id] = array();
|
||||
$_SESSION['tree_icons'][$ldapserver->server_id] = array();
|
||||
|
||||
if(! $anon_bind) {
|
||||
if (! $anon_bind) {
|
||||
syslog_notice("Authentification successful for $dn");
|
||||
}
|
||||
|
||||
session_write_close();
|
||||
pla_session_close();
|
||||
|
||||
include './header.php';
|
||||
?>
|
||||
echo '<body>';
|
||||
|
||||
<body>
|
||||
echo '<script type="text/javascript" language="javascript">';
|
||||
if ($anon_bind && $config->GetValue('appearance','anonymous_bind_redirect_no_tree'))
|
||||
printf("parent.location.href='search.php?server_id=%s'",$ldapserver->server_id);
|
||||
else
|
||||
echo 'parent.left_frame.location.reload();';
|
||||
echo '</script>';
|
||||
|
||||
<script language="javascript">
|
||||
<?php if ($anon_bind && $config->GetValue('appearance','anonymous_bind_redirect_no_tree')) { ?>
|
||||
parent.location.href='search.php?server_id=<?php echo $ldapserver->server_id; ?>'
|
||||
<?php } else { ?>
|
||||
parent.left_frame.location.reload();
|
||||
<?php } ?>
|
||||
</script>
|
||||
echo '<center><br /><br /><br />';
|
||||
printf(_('Successfully logged into server <b>%s</b>').'<br />',htmlspecialchars($ldapserver->name));
|
||||
|
||||
<center>
|
||||
<br />
|
||||
<br />
|
||||
<br />
|
||||
<?php echo sprintf($lang['successfully_logged_in_to_server'],htmlspecialchars($ldapserver->name)); ?><br />
|
||||
<?php if($anon_bind) { ?>
|
||||
(<?php echo $lang['anonymous_bind']; ?>)
|
||||
<?php } ?>
|
||||
<br />
|
||||
</center>
|
||||
if ($anon_bind)
|
||||
printf('(%s)',_('Anonymous Bind'));
|
||||
|
||||
</body>
|
||||
</html>
|
||||
echo '<br /></center>';
|
||||
echo '</body></html>';
|
||||
|
||||
<?php
|
||||
/**
|
||||
* Only gets called when we fail to login.
|
||||
*/
|
||||
function temp_login_error_handler($errno,$errstr,$file,$lineno) {
|
||||
global $lang;
|
||||
if (ini_get('error_reporting') == 0 || error_reporting() == 0)
|
||||
return;
|
||||
|
||||
pla_error($lang['could_not_connect']."<br /><br />".htmlspecialchars($errstr));
|
||||
pla_error(_('Could not connect to LDAP server.').'<br /><br />'.htmlspecialchars($errstr));
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user