phpldapadmin/htdocs/login.php

168 lines
5.5 KiB
PHP
Raw Normal View History

2009-06-30 09:22:30 +00:00
<?php
2009-06-30 11:50:46 +00:00
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.56.2.4 2008/01/04 12:29:15 wurley Exp $
2009-06-30 08:05:37 +00:00
2009-06-30 09:22:30 +00:00
/**
2009-06-30 10:26:08 +00:00
* For servers whose auth_type is set to 'cookie' or 'session'. Pass me the
* login info and I'll write two cookies, pla_login_dn_X and pla_pass_X where X
* is the server_id. The cookie_time comes from config.php
2009-06-30 08:05:37 +00:00
*
2009-06-30 09:29:51 +00:00
* @package phpLDAPadmin
*/
/**
2009-06-30 08:05:37 +00:00
*/
2009-06-30 09:22:30 +00:00
require './common.php';
2009-06-30 11:46:44 +00:00
$login['val'] = get_request($ldapserver->getLoginAttr());
$login['pass'] = get_request('login_pass');
2009-06-30 08:05:37 +00:00
2009-06-30 09:29:51 +00:00
if ($ldapserver->isAnonBindAllowed())
2009-06-30 10:46:00 +00:00
$anon_bind = get_request('anonymous_bind') == 'on' ? true : false;
2009-06-30 09:29:51 +00:00
else
$anon_bind = false;
2009-06-30 08:05:37 +00:00
2009-06-30 11:46:44 +00:00
if (! $anon_bind && ! strlen($login['pass']))
2009-06-30 10:46:00 +00:00
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('You left the password blank.'),
'type'=>'warn'),
2009-06-30 11:46:44 +00:00
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
2009-06-30 08:05:37 +00:00
2009-06-30 09:29:51 +00:00
$save_auth_type = $ldapserver->auth_type;
2009-06-30 09:22:30 +00:00
2009-06-30 09:29:51 +00:00
if ($anon_bind) {
2009-06-30 10:41:18 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('Anonymous Login was posted [%s].',64,__FILE__,__LINE__,__METHOD__,$anon_bind);
2009-06-30 09:40:37 +00:00
2009-06-30 11:46:44 +00:00
$login['dn'] = null;
$login['pass'] = null;
2009-06-30 09:29:51 +00:00
/* Checks if the login_attr option is enabled for this host,
which allows users to login with a simple username like 'jdoe' rather
than the fully qualified DN, 'uid=jdoe,ou=people,,dc=example,dc=com'. */
} elseif ($ldapserver->isLoginAttrEnabled()) {
# Is this a login string (printf-style)
2009-06-30 10:26:08 +00:00
if ($ldapserver->isLoginStringEnabled()) {
2009-06-30 11:50:46 +00:00
$login['dn'] = str_replace('<username>',$login['val'],$ldapserver->getLoginString());
2009-06-30 09:40:37 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('LoginStringDN: [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn']);
2009-06-30 09:29:51 +00:00
} else {
# This is a standard login_attr
/* Fake the auth_type of config to do searching. This way, the admin can specify
the DN to use when searching for the login_attr user. */
$ldapserver->auth_type = 'config';
if ($ldapserver->login_dn)
2009-06-30 10:46:00 +00:00
$ldapserver->connect();
2009-06-30 09:29:51 +00:00
else
2009-06-30 10:26:08 +00:00
$ldapserver->connect(true,'anonymous');
2009-06-30 09:29:51 +00:00
if (! empty($ldapserver->login_class))
2009-06-30 11:46:44 +00:00
$filter = sprintf('(&(objectClass=%s)(%s=%s))',$ldapserver->login_class,$ldapserver->getLoginAttr(),$login['val']);
2009-06-30 09:29:51 +00:00
else
2009-06-30 11:46:44 +00:00
$filter = sprintf('%s=%s',$ldapserver->getLoginAttr(),$login['val']);
2009-06-30 09:29:51 +00:00
# Got through each of the BASE DNs and test the login.
foreach ($ldapserver->getBaseDN() as $base_dn) {
2009-06-30 10:41:18 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('Searching LDAP with base [%s]',64,__FILE__,__LINE__,__METHOD__,$base_dn);
2009-06-30 09:29:51 +00:00
2009-06-30 10:41:18 +00:00
$result = $ldapserver->search(null,$base_dn,$filter,array('dn'));
$result = array_pop($result);
2009-06-30 11:46:44 +00:00
$login['dn'] = $result['dn'];
2009-06-30 09:29:51 +00:00
2009-06-30 11:46:44 +00:00
if ($login['dn']) {
2009-06-30 10:41:18 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('Got DN [%s] for user ID [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn'],$login['val']);
2009-06-30 09:29:51 +00:00
break;
}
}
# If we got here then we werent able to find a DN for the login filter.
2009-06-30 11:46:44 +00:00
if (! $login['dn'])
2009-06-30 10:46:00 +00:00
if ($ldapserver->login_fallback_dn)
2009-06-30 11:46:44 +00:00
$login['dn'] = $login['val'];
2009-06-30 10:46:00 +00:00
else
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Bad username or password. Please try again.'),
'type'=>'error'),
2009-06-30 11:46:44 +00:00
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
2009-06-30 10:46:00 +00:00
# Restore the original auth_type
2009-06-30 09:29:51 +00:00
$ldapserver->auth_type = $save_auth_type;
}
2009-06-30 11:48:22 +00:00
} else {
$login['dn'] = $login['val'];
2009-06-30 08:05:37 +00:00
}
2009-06-30 08:07:14 +00:00
2009-06-30 09:29:51 +00:00
# We fake a 'config' server auth_type to omit duplicated code
2009-06-30 09:40:37 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('Setting login type to CONFIG with DN [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn']);
2009-06-30 09:29:51 +00:00
$save_auth_type = $ldapserver->auth_type;
$ldapserver->auth_type = 'config';
2009-06-30 11:46:44 +00:00
$ldapserver->login_dn = $login['dn'];
$ldapserver->login_pass = $login['pass'];
2009-06-30 09:29:51 +00:00
# Verify that dn is allowed to login
2009-06-30 11:46:44 +00:00
if (! $ldapserver->userIsAllowedLogin($login['dn']))
2009-06-30 10:46:00 +00:00
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Sorry, you are not allowed to use phpLDAPadmin with this LDAP server.'),
'type'=>'error'),
2009-06-30 11:46:44 +00:00
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
2009-06-30 08:05:37 +00:00
2009-06-30 09:40:37 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('User is not prohibited from logging in - now bind with DN [%s]',64,__FILE__,__LINE__,__METHOD__,$login['dn']);
2009-06-30 09:29:51 +00:00
2009-06-30 10:46:00 +00:00
# Verify that the login is good
2009-06-30 11:46:44 +00:00
if (is_null($login['dn']) && is_null($login['pass']))
2009-06-30 10:46:00 +00:00
$ds = $ldapserver->connect(false,'anonymous',true);
2009-06-30 08:10:17 +00:00
else
2009-06-30 10:46:00 +00:00
$ds = $ldapserver->connect(false,'user',true);
2009-06-30 09:29:51 +00:00
2009-06-30 09:40:37 +00:00
if (DEBUG_ENABLED)
2009-06-30 11:46:44 +00:00
debug_log('Connection returned [%s]',64,__FILE__,__LINE__,__METHOD__,$ds);
2009-06-30 08:05:37 +00:00
2009-06-30 09:29:51 +00:00
if (! is_resource($ds)) {
if ($anon_bind)
2009-06-30 10:46:00 +00:00
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Could not bind anonymously to server.'),
'type'=>'error'),
2009-06-30 11:46:44 +00:00
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
2009-06-30 10:46:00 +00:00
2009-06-30 08:10:17 +00:00
else
2009-06-30 10:46:00 +00:00
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Bad username or password. Please try again.'),
'type'=>'error'),
2009-06-30 11:46:44 +00:00
sprintf('cmd.php?cmd=login_form&server_id=%s',$ldapserver->server_id));
2009-06-30 09:29:51 +00:00
2009-06-30 11:46:44 +00:00
syslog_notice(sprintf('Authentification FAILED for %s',$login['dn']));
2009-06-30 09:29:51 +00:00
}
2009-06-30 08:05:37 +00:00
2009-06-30 09:29:51 +00:00
$ldapserver->auth_type = $save_auth_type;
2009-06-30 11:46:44 +00:00
$ldapserver->setLoginDN($login['dn'],$login['pass'],$anon_bind) or pla_error(_('Could not set cookie.'));
2009-06-30 09:29:51 +00:00
set_lastactivity($ldapserver);
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
if (! $anon_bind) {
2009-06-30 11:46:44 +00:00
syslog_notice(sprintf('Authentification successful for %s',$login['dn']));
2009-06-30 09:29:51 +00:00
}
2009-06-30 08:09:20 +00:00
2009-06-30 10:46:00 +00:00
# Since we were successful, clear the cache so that it will be refreshed with the new creditentials.
del_cached_item($ldapserver->server_id,'tree','null');
2009-06-30 08:05:37 +00:00
2009-06-30 10:46:00 +00:00
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Successfully logged into server.').($anon_bind ? sprintf(' (%s)',_('Anonymous Bind')) : ''),
'type'=>'info'),
2009-06-30 11:46:44 +00:00
sprintf('index.php?server_id=%s',$ldapserver->server_id));
2009-06-30 09:22:30 +00:00
?>