Changeset 28534
- Timestamp:
- May 25, 2014, 6:52:42 PM (10 years ago)
- Location:
- extensions/Ldap_Login
- Files:
-
- 8 edited
-
admin/configuration.php (modified) (3 diffs)
-
admin/configuration.tpl (modified) (2 diffs)
-
admin/newusers.php (modified) (1 diff)
-
admin/newusers.tpl (modified) (2 diffs)
-
class.ldap.php (modified) (6 diffs)
-
language/en_UK/plugin.lang.php (modified) (1 diff)
-
language/fr_FR/plugin.lang.php (modified) (2 diffs)
-
main.inc.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
extensions/Ldap_Login/admin/configuration.php
r27284 r28534 12 12 $me = new Ldap(); 13 13 $me->load_config(); 14 $me->ldap_conn(); 14 15 //$me = get_plugin_data($plugin_id); 15 16 16 17 $template->assign('HOST', $me->config['host']); 17 18 $template->assign('BASEDN', $me->config['basedn']); // racine ! 19 $template->assign('USERSBRANCH',$me->config['usersbranch']); 20 $template->assign('GROUPBRANCH',$me->config['groupbranch']); 21 $template->assign('LD_SEARCH_USERS',$me->config['ld_search_users']); 22 $template->assign('LD_SEARCH_GROUPS',$me->config['ld_search_groups']); 18 23 $template->assign('PORT', $me->config['port']); 19 24 $template->assign('LD_ATTR', $me->config['ld_attr']); 25 $template->assign('LD_GROUP', $me->config['ld_group']); 20 26 $template->assign('LD_USE_SSL', $me->config['ld_use_ssl']); 21 27 $template->assign('LD_BINDPW', $me->config['ld_bindpw']); 22 28 $template->assign('LD_BINDDN', $me->config['ld_binddn']); 29 $template->assign('WEBMASTERS_GROUP', $me->config['webmasters_group']); 30 $template->assign('ADMINS_GROUP', $me->config['admins_group']); 23 31 24 32 if (isset($_POST['save'])){ 25 33 $me->config['host'] = $_POST['HOST']; 26 34 $me->config['basedn'] = $_POST['BASEDN']; 35 $me->config['usersbranch'] = $_POST['USERSBRANCH']; 36 $me->config['groupbranch'] = $_POST['GROUPBRANCH']; 27 37 $me->config['port'] = $_POST['PORT']; 28 38 $me->config['ld_attr'] = $_POST['LD_ATTR']; 39 $me->config['ld_group'] = $_POST['LD_GROUP']; 29 40 $me->config['ld_binddn'] = $_POST['LD_BINDDN']; 30 41 $me->config['ld_bindpw'] = $_POST['LD_BINDPW']; 42 43 $me->config['webmasters_group'] = $_POST['WEBMASTERS_GROUP']; 44 $me->config['admins_group'] = $_POST['ADMINS_GROUP']; 31 45 32 46 if (isset($_POST['LD_USE_SSL'])){ … … 34 48 } else { 35 49 $me->config['ld_use_ssl'] = False; 50 } 51 52 if (isset($_POST['LD_SEARCH_GROUPS'])){ 53 $me->config['ld_search_groups'] = True; 54 } else { 55 $me->config['ld_search_groups'] = False; 56 } 57 58 if (isset($_POST['LD_SEARCH_USERS'])){ 59 $me->config['ld_search_users'] = True; 60 } else { 61 $me->config['ld_search_users'] = False; 36 62 } 37 63 } … … 44 70 // Check LDAP configuration 45 71 if (isset($_POST['check_ldap'])){ 46 $check = $me->ldap_name($_POST['USERNAME']);47 $error = $me->check_ldap();72 #$check = $me->ldap_name($_POST['USERNAME']); 73 #$error = $me->check_ldap(); 48 74 49 if ($me->ldap_bind_as($_POST['USERNAME'],$_POST['PASSWORD'])){ 50 $template->assign('LD_CHECK_LDAP','<p style="color:green;">Configuration LDAP OK : '.$check.'</p>'); 75 if ($me->config['users_group']) { 76 if ($me->user_membership($_POST['USERNAME'],$me->ldap_group($me->config['users_group']))) { 77 if ($me->ldap_bind_as($_POST['USERNAME'],$_POST['PASSWORD'])){ 78 // search groups 79 $group_query = 'SELECT name, id FROM '.GROUPS_TABLE.';'; 80 $groups = pwg_query($group_query); 81 $sentence = ''; 82 83 foreach($groups as $group) { 84 if($me->user_membership($_POST['USERNAME'], $me->ldap_group($group['name']))) { 85 $sentence = $sentence . ', '.$group['name']; 86 } 87 } 88 $template->assign('LD_CHECK_LDAP','<p style="color:green;">Configuration LDAP OK : '.$_POST['USERNAME'].' is in users'.$sentence.' group(s) and can auth. He is a '.$me->ldap_status($_POST['USERNAME']).' user according to the plugin.</p>'); 89 } 90 else { 91 $template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : test '.$me->config['uri'].' '.$me->ldap_name($_POST['USERNAME']).'</p>'); 92 } 93 } 51 94 } 52 95 else { 53 $template->assign('LD_CHECK_LDAP','<p style="color:red;">Error :'.$error.' test '.$me->config['uri'].' '.$check.'</p>'); 96 if ($me->ldap_bind_as($_POST['USERNAME'],$_POST['PASSWORD'])){ 97 // search groups 98 $group_query = 'SELECT name, id FROM '.GROUPS_TABLE.';'; 99 $groups = pwg_query($group_query); 100 $sentence = ''; 101 102 foreach($groups as $group) { 103 if($me->user_membership($_POST['USERNAME'], $me->ldap_group($group['name']))) { 104 $sentence = $sentence . ', '.$group['name']; 105 } 106 } 107 $template->assign('LD_CHECK_LDAP','<p style="color:green;">Configuration LDAP OK : '.$_POST['USERNAME'].' is in group(s) '.$sentence.' and can auth. He is a '.$me->ldap_status($_POST['USERNAME']).' user according to the plugin.</p>'); 108 } 109 else { 110 $template->assign('LD_CHECK_LDAP','<p style="color:red;">Error : test '.$me->config['uri'].' '.$me->ldap_name($_POST['USERNAME']).'</p>'); 111 } 54 112 } 55 113 } -
extensions/Ldap_Login/admin/configuration.tpl
r27036 r28534 37 37 <input type="text" id="port" name="PORT" value="{$PORT}" /> 38 38 </li> 39 </ul>39 40 40 <i>{'If empty, localhost and standard protocol ports will be used in configuration.'|@translate}</i> 41 </fieldset> 42 43 <fieldset class="mainConf"> 44 <legend>{'Ldap attributes'|@translate}</legend> 45 <ul> 41 46 42 <li> 47 43 <label for="basedn">{'Base DN'|@translate}</label> … … 49 45 <input size="70" type="text" id="basedn" name="BASEDN" value="{$BASEDN}" /> 50 46 </li> 47 </ul> 51 48 49 </fieldset> 50 51 <fieldset class="mainConf"> 52 <legend>{'Ldap users'|@translate}</legend> 53 <ul> 54 <li> 55 <label for="usersbranch">{'Users Branch'|@translate}</label> 56 <br> 57 <input size="70" type="text" id="usersbranch" name="USERSBRANCH" value="{$USERSBRANCH}" /> 58 </li> 59 60 <li> 61 <label for="ld_search_users"> 62 {if $LD_SEARCH_USERS } 63 <input type="checkbox" id="ld_search_users" name="LD_SEARCH_USERS" value="{$LD_SEARCH_USERS}" checked /> 64 {else} 65 <input type="checkbox" id="ld_search_users" name="LD_SEARCH_USERS" value="{$LD_SEARCH_USERS}" /> 66 {/if} 67 {'Search Ldap users ?'|@translate}</label> 68 </li> 69 52 70 <li> 53 71 <label for="ld_attr">{'Attribute corresponding to the user name'|@translate}</label> 54 72 <br> 55 73 <input type="text" id="ld_attr" name="LD_ATTR" value="{$LD_ATTR}" /> 74 </li> 75 </ul> 76 </fieldset> 77 78 <fieldset class="mainConf"> 79 <legend>{'Ldap groups'|@translate}</legend> 80 81 <p><i>{'If you create a <a href="admin.php?page=group_list">piwigo group</a> with the same name as an ldap one, all members of the ldap group will automatically join the piwigo group at their next authentication. This allows you to create <a href="admin.php?page=help§ion=groups">specific right access management</a> (restrict access to a particaular album...).'|@translate}</i></p> 82 <ul> 83 84 <li> 85 <label for="groupbranch">{'Groups Branch'|@translate}</label> 86 <br> 87 <input size="70" type="text" id="groupbranch" name="GROUPBRANCH" value="{$GROUPBRANCH}" /> 88 </li> 89 90 <li> 91 <label for="ld_search_groups"> 92 {if $LD_SEARCH_GROUPS } 93 <input type="checkbox" id="ld_search_groups" name="LD_SEARCH_GROUPS" value="{$LD_SEARCH_GROUPS}" checked /> 94 {else} 95 <input type="checkbox" id="ld_search_groups" name="LD_SEARCH_GROUPS" value="{$LD_SEARCH_GROUPS}" /> 96 {/if} 97 {'Search Ldap groups ?'|@translate}</label> 98 </li> 99 100 <li> 101 <label for="ld_attr">{'Attribute corresponding to the group name'|@translate}</label> 102 <br> 103 <input type="text" id="ld_group" name="LD_GROUP" value="{$LD_GROUP}" /> 104 </li> 105 <br> 106 107 <li> 108 <label for="webmasters_group">{'Webmasters group'|@translate}</label> 109 <br> 110 {'Users members of this ldap group are granted piwigo webmasters.'|@translate}<br> 111 <input size="70" type="text" id="webmasters_group" name="WEBMASTERS_GROUP" value="{$WEBMASTERS_GROUP}" /> 112 </li> 113 114 <li> 115 <label for="admins_group">{'Admins group'|@translate}</label> 116 <br> 117 {'Users members of this ldap group are granted piwigo admins.'|@translate}<br> 118 <input size="70" type="text" id="admins_group" name="ADMINS_GROUP" value="{$ADMINS_GROUP}" /> 119 120 <br><br> 121 122 {'To get them out of these roles, they must be sorted of the ldap group and then role updated in the <a href="admin.php?page=user_list">piwigo admin</a>. If a group is mandatory as described in the <a href="admin.php?page=plugin-Ldap_Login-newusers">new piwigo users tab</a>, then they must also belong to the users group.'|@translate} 56 123 </li> 57 124 </ul> -
extensions/Ldap_Login/admin/newusers.php
r27284 r28534 17 17 $template->assign('SEND_CASUAL_MAIL', $me->config['send_password_by_mail_ldap']); 18 18 19 $template->assign('USERS_GROUP', $me->config['users_group']); 20 19 21 if (isset($_POST['save'])){ 22 23 $me->config['users_group'] = $_POST['USERS_GROUP']; 20 24 21 25 if (isset($_POST['ALLOW_NEWUSERS'])){ -
extensions/Ldap_Login/admin/newusers.tpl
r27036 r28534 28 28 {'Do you allow new piwigo users to be created when users authenticate succesfully on the ldap ?'|@translate} 29 29 </p> 30 30 31 <p> 32 <b><label for="users_group">{'Users group'|@translate}</label></b> 33 <br> 34 {'Users members of this ldap group (e.g.: piwigo,users ... , default is void ) can authenticate on piwigo and are created if the option above is selected. If left blank, everyone can authenticate.'|@translate} 35 <input size="70" type="text" id="users_group" name="USERS_GROUP" value="{$USERS_GROUP}" /> 36 </p> 37 31 38 <p> 32 39 {if $ADVERTISE_ADMINS} … … 48 55 49 56 </fieldset> 50 57 51 58 <p> 52 59 <input type="submit" value="{'Save'|@translate}" name="save" /> -
extensions/Ldap_Login/class.ldap.php
r27285 r28534 44 44 { 45 45 $this->config['host'] = 'localhost'; 46 $this->config['basedn'] = 'ou=people,dc=example,dc=com'; // racine ! 46 $this->config['basedn'] = 'dc=example,dc=com'; // racine ! 47 $this->config['usersbranch'] = 'ou=people'; 48 $this->config['groupbranch'] = 'ou=group'; 49 $this->config['ld_search_users'] = False; 50 $this->config['ld_search_groups'] = False; 47 51 $this->config['port'] = ''; // if port is empty, I count on the software to care of it ! 48 52 $this->config['ld_attr'] = 'uid'; 53 $this->config['ld_group'] = 'cn'; 54 //$this->config['ld_class'] = 'posixAccount'; 49 55 $this->config['ld_use_ssl'] = False; 50 56 $this->config['ld_bindpw'] =''; 51 57 $this->config['ld_binddn'] =''; 52 53 58 $this->config['allow_newusers'] = False; 54 59 $this->config['advertise_admin_new_ldapuser'] = False; 55 60 $this->config['send_password_by_mail_ldap'] = False; 61 62 $this->config['users_group'] = False; 63 $this->config['webmasters_group'] = False; 64 $this->config['admins_group'] = False; 56 65 } 57 66 58 67 function load_config() { 59 // first we load the base config 68 $this->load_default_config(); 69 70 // after the default, we can load the actual conf. That way, no holes ! 60 71 $conf_file = @file_get_contents( LDAP_LOGIN_PATH.'data.dat' ); 61 72 if ($conf_file!==false) 62 73 { 63 74 $this->config = unserialize($conf_file); 75 $this->config['full_usersbranch'] = $this->config['usersbranch'].','.$this->config['basedn']; 76 $this->config['full_groupbranch'] = $this->config['groupbranch'].','.$this->config['basedn']; 64 77 } 65 78 } … … 102 115 } 103 116 117 // first, we initializes connection to ldap 104 118 if ($this->cnx = @ldap_connect($this->config['uri'])){ 105 @ldap_set_option($this->cnx, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible 106 return true; 107 } 108 return false; 109 110 // connect with rootdn in case not anonymous. 111 if (!empty($obj->config['ld_binddn']) && !empty($obj->config['ld_bindpw'])){ // if empty ld_binddn, anonymous work 112 113 // authentication with rootdn and rootpw for dn search 114 // carefull ! rootdn should be in full ldap style ! Nothing is supposed (to be one of the users the plugin auth…). 115 if (@ldap_bind($obj->config['ld_binddn'],$obj->config['ld_bindpw'])){ 116 return false; 117 } 118 } 119 @ldap_set_option($this->cnx, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible 120 121 // then we authenticate if anonymous search is forbidden 122 if (!empty($obj->config['ld_binddn']) && !empty($obj->config['ld_bindpw'])){ 123 if (@ldap_bind($this->cnx,$this->config['ld_binddn'],$this->config['ld_bindpw'])){ 124 return true; 125 } 126 else { return false; } 127 } 128 // if anonymous search is allowed, we still need a fake auth using ldap_bind 129 else { 130 if (@ldap_bind($this->cnx)){ 131 return true; 132 } 133 else { return false; } 134 } 135 } 136 else { return false; } 119 137 } 120 138 … … 126 144 // return the name ldap understand 127 145 public function ldap_name($name){ 128 return $this->config['ld_attr'].'='.$name.','.$this->config['basedn']; 146 if ($this->config['ld_search_users']) { 147 return $this->ldap_search_dn($name); 148 } 149 else { return $this->config['ld_attr'].'='.$name.','.$this->config['full_usersbranch']; } 150 } 151 152 public function ldap_group($groupname){ 153 // this should return an array, even if it's only one ! 154 if ($this->config['ld_search_groups']) { 155 return $this->ldap_search_group($groupname); 156 } 157 else { 158 $result[] = $this->config['ld_group'].'='.$groupname.','.$this->config['full_groupbranch']; 159 return $result; 160 } 129 161 } 130 162 … … 138 170 139 171 public function ldap_mail($name){ 140 141 //echo $this->cnx;142 //echo $this->ldap_name($name);143 172 $sr=@ldap_read($this->cnx, $this->ldap_name($name), "(objectclass=*)", array('mail')); 144 173 $entry = @ldap_get_entries($this->cnx, $sr); … … 150 179 } 151 180 152 // return userdn (and username) for authentication 153 /* public function ldap_search_dn($to_search){ 154 $filter = str_replace('%s',$to_search,$this->config['ld_filter']); 155 //$this->write_log('$filter '.$filter); 156 157 if ($search = @ldap_search($this->cnx,$this->config['basedn'],$filter,array('dn',$this->config['ld_attr']),0,1)){ 158 $entry = @ldap_get_entries($this->cnx, $search); 159 if (!empty($entry[0][strtolower($this->config['ld_attr'])][0])) { 160 return $entry; 161 } 162 } 163 return false; 164 } */ 165 166 167 public function getAttr() { 181 public function ldap_search_group($to_search){ 182 $ld_group = $this->config['ld_group']; 183 184 $sr=@ldap_search($this->cnx, $this->config['full_groupbranch'], "($ld_group=$to_search)", array('dn'),0,0); 185 $groups = @ldap_get_entries($this->cnx, $sr); 186 $result = array(); 187 foreach ($groups as $group) { 188 $result[] = $group['dn']; 189 } 190 return $result; 191 } 192 193 public function ldap_search_dn($to_search){ 194 $ld_attr = $this->config['ld_attr']; 195 196 $sr=@ldap_search($this->cnx, $this->config['full_usersbranch'], "($ld_attr=$to_search)", array('dn','mail'),0,0); 197 $entry = @ldap_get_entries($this->cnx, $sr); 198 199 if (!empty($entry[0]['dn'])) { 200 return $entry[0]['dn']; 201 } 202 else { return False; } 203 } 204 205 public function user_membership($user, $groups){ 206 // $groups is an array of groupdn ! (there is a possibility of several groups, we search the user in each of them). 207 foreach ($groups as $groupdn) { 208 $filter = '(objectClass=*)'; 209 $result = @ldap_read($this->cnx,$groupdn,$filter,array('memberUid')); 210 $result2 = @ldap_get_entries($this->cnx, $result); 211 if(isset($result2[0]['memberuid'])){ 212 foreach($result2[0]['memberuid'] as $item){ 213 if ($item == $user){ 214 return True; 215 } 216 } 217 } 218 } 219 return False; 220 } 221 222 public function ldap_status($username){ 223 if ($this->config['webmasters_group']) { 224 if ($this->user_membership($username,$this->ldap_group($this->config['webmasters_group']))) { 225 // set status to webmaster and quit (more powerfull, no need to get further) 226 return 'webmaster'; 227 } 228 } 229 if ($this->config['admins_group']) { 230 if ($this->user_membership($username,$this->ldap_group($this->config['admins_group']))) { 231 // set status to admin 232 return 'admin'; 233 } 234 } 235 else 236 { 237 return 'normal'; 238 } 239 } 240 241 public function getAttr(){ 168 242 $search = @ldap_read($this->cnx, "cn=subschema", "(objectClass=*)", array('*', 'subschemasubentry')); 169 243 $entries = @ldap_get_entries($this->cnx, $search); 170 echo count($entries); 171 } 172 173 public function getRootDse() { 244 } 245 246 public function getRootDse(){ 174 247 175 248 $search = @ldap_read($this->cnx, NULL, 'objectClass=*', array("*", "+")); … … 177 250 return $entries[0]; 178 251 } 179 180 252 181 253 public function ldap_check_basedn(){ -
extensions/Ldap_Login/language/en_UK/plugin.lang.php
r27165 r28534 26 26 $lang['Secure connexion'] = 'Secure connection (ldaps)'; 27 27 $lang['Ldap port'] = 'LDAP port'; 28 $lang['Base DN'] = 'Base DN of LDAP server (e.g.: dc=example,dc=com):'; 28 29 29 // ldap attributes 30 // ldap users 31 $lang['Ldap users'] = 'LDAP users'; 32 $lang['Users branch'] = 'Branch where LDAP users should be found (e.g.: ou=users):'; 33 $lang['Attribute corresponding to the user name'] = 'Attribute corresponding to the user name'; 34 $lang['Search Ldap users ?'] = 'Search Ldap users ? If you have your users widespreaded in several branchs or OU, you will need this. If you avoid it, you save one ldap request. You may not need it if your ldap tree is simple (e.g.: uid=user,ou=people,dc=example,dc=com).'; 30 35 31 $lang['Ldap attributes'] = 'LDAP attributes'; 32 $lang[' Base DN'] = 'Base DN where LDAP users should be found (e.g.: ou=users,dc=example,dc=com):';33 $lang[' Ldap filter :'] = 'LDAP filter';34 $lang[' Attribute corresponding to the user name'] = 'Attribute corresponding to the user name';36 // ldap groups 37 $lang['Ldap groups'] = 'LDAP groups'; 38 $lang['Groups branch'] = 'Branch where LDAP groups should be found (e.g.: ou=groups):'; 39 $lang['Search Ldap groups ?'] = 'Search Ldap users ? If you have your groups widespreaded in several branchs or OU, you will need this. If you avoid it, you save one ldap request. You may not need it if your ldap tree is simple (e.g.: cn=groupname,ou=groups,dc=example,dc=com).'; 35 40 36 41 // ldap connection credentials -
extensions/Ldap_Login/language/fr_FR/plugin.lang.php
r27659 r28534 25 25 $lang['Secure connexion'] = 'Connexion sécurisée (ldaps)'; 26 26 $lang['Ldap port'] = 'Port a utiliser'; 27 $lang['Base DN'] = 'Racine du serveur LDAP (e.g.: dc=example,dc=com):'; 27 28 28 29 // ldap attributes … … 31 32 $lang['Base DN'] = 'Arbre ldap à explorer où rechercher les utilisateurs (ex : ou=users,dc=exemple,dc=com)'; 32 33 $lang['Attribute corresponding to the user name'] = 'Attribut correspondant au nom d\'utilisateur'; 34 35 //ldap users 36 $lang['Ldap users'] = 'utilisateurs Ldap'; 37 $lang['Users branch'] = 'Branche où les utilisateurs LDAP peuvent être trouvés (e.g.: ou=users):'; 38 $lang['Attribute corresponding to the user name'] = 'Attribut correspondant au nom d\'utilisateur (e.g.: uid):'; 39 $lang['Search Ldap users ?'] = 'Faire une recherche sur le nom des utilisateurs ? Vous n\'avez pas besoin de cela si votre annuaire est assez simple (e.g.: uid=user,ou=people,dc=example,dc=com). Si vous n\'utilisez pas cette option, vous épargnez une requete Ldap.'; 40 41 //ldap groups 42 $lang['Ldap groups'] = 'groupes Ldap'; 43 $lang['Groups branch'] = 'Branche où les groupes LDAP peuvent être trouvés (e.g.: ou=groups):'; 44 $lang['Attribute corresponding to the group name'] = 'Attribut correspondant au nom du groupe (e.g.: cn):'; 45 $lang['Search Ldap groups ?'] = 'Faire une recherche sur le nom des groupes ? Vous n\'avez pas besoin de cela si votre annuaire est assez simple (e.g.: cn=groupname,ou=groups,dc=example,dc=com). Si vous n\'utilisez pas cette option, vous épargnez une requete Ldap.'; 33 46 34 47 // ldap connection credentials -
extensions/Ldap_Login/main.inc.php
r27286 r28534 2 2 /* 3 3 Plugin Name: Ldap_Login 4 Version: 1. 14 Version: 1.2 5 5 Description: Allow piwigo authentication along an ldap 6 6 Plugin URI: http://www.22decembre.eu/2014/02/09/piwigo-ldap-login-v1-1/ … … 14 14 // +-----------------------------------------------------------------------+ 15 15 define('LDAP_LOGIN_ID', basename(dirname(__FILE__))); 16 define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID. '/');16 define('LDAP_LOGIN_PATH' , __DIR__ . '/'); 17 17 define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID); 18 define('LDAP_LOGIN_VERSION', '1. 1');18 define('LDAP_LOGIN_VERSION', '1.2'); 19 19 20 20 include_once(LDAP_LOGIN_PATH.'/class.ldap.php'); … … 51 51 function ld_init(){ 52 52 load_language('plugin.lang', LDAP_LOGIN_PATH); 53 global $conf; 53 54 } 54 55 56 function fail($username) { 57 trigger_action('login_failure', stripslashes($username)); 58 return false; 59 } 60 61 function update_user($username,$id) { 62 $up = new Ldap(); 63 $up->load_config(); 64 $up->ldap_conn() or error_log("Unable to connect LDAP server : ".$up->getErrorString()); 65 66 // update user piwigo rights / access according to ldap. Only if it's webmaster / admin, so no normal ! 67 if($up->ldap_status($username) !='normal') { 68 single_update(USER_INFOS_TABLE,array('status' => $up->ldap_status($username)),array('user_id' => $id)); 69 } 70 71 // search groups 72 $group_query = 'SELECT name, id FROM '.GROUPS_TABLE.';'; 73 74 $result = pwg_query($group_query); 75 $inserts = array(); 76 while ($row = pwg_db_fetch_assoc($result)) 77 { 78 if($up->user_membership($username, $up->ldap_group($row['name']))) { 79 $inserts[] = array('user_id' => $id,'group_id' => $row['id']); 80 } 81 } 82 83 if (count($inserts) > 0) 84 { 85 mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts,array('ignore'=>true)); 86 } 87 } 55 88 56 89 function login($success, $username, $password, $remember_me){ 57 90 58 91 global $conf; 92 $allow_auth = False; 59 93 60 94 $obj = new Ldap(); 61 95 $obj->load_config(); 62 $obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString()); 96 $obj->ldap_conn() or error_log("Unable to connect LDAP server : ".$obj->getErrorString()); 97 98 // if there's a users group... 99 if ($obj->config['users_group']) { 100 // and the user is in 101 if ($obj->user_membership($username,$obj->ldap_group($obj->config['users_group']))) { 102 // it can continue 103 $allow_auth = True; 104 } 105 else 106 { // otherwise it means the user is not allowed to enter ! 107 fail($username); 108 } 109 } 110 else { 111 // if there's no user group, we can continue. 112 $allow_auth = True; 113 } 114 115 if ($allow_auth) { 116 if ($obj->ldap_bind_as($username,$password)){ // bind with userdn 117 // search user in piwigo database 118 $query = ' 119 SELECT '.$conf['user_fields']['id'].' AS id 120 FROM '.USERS_TABLE.' 121 WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\';'; 122 $row = pwg_db_fetch_assoc(pwg_query($query)); 63 123 64 if (!$obj->ldap_bind_as($username,$password)){ // bind with userdn 65 trigger_action('login_failure', stripslashes($username)); 66 return false; // wrong password 124 // if query is not empty, it means everything is ok and we can continue, auth is done ! 125 if (!empty($row['id'])) { 126 update_user($username,$row['id']); 127 128 log_user($row['id'], $remember_me); 129 trigger_action('login_success', stripslashes($username)); 130 131 return True; 132 } 133 134 // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! 135 else { 136 // this is where we check we are allowed to create new users upon that. 137 if ($obj->config['allow_newusers']) { 138 139 // we got the email address 140 if ($obj->ldap_mail($username)) { 141 $mail = $obj->ldap_mail($username); 142 } 143 else { 144 $mail = NULL; 145 } 146 147 // we actually register the new user 148 $new_id = register_user($username,random_password(8),$mail); 149 update_user($username,$new_id); 150 151 // now we fetch again his id in the piwigo db, and we get them, as we just created him ! 152 log_user($new_id, False); 153 154 trigger_action('login_success', stripslashes($username)); 155 156 redirect('profile.php'); 157 return true; 158 } 159 // else : this is the normal behavior ! user is not created. 160 else { fail($username); } 161 } 162 } 163 // ldap_bind_as was not successful 164 else { fail($username); } 67 165 } 68 69 // search user in piwigo database 70 $query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; 71 72 $row = pwg_db_fetch_assoc(pwg_query($query)); 73 74 // if query is not empty, it means everything is ok and we can continue, auth is done ! 75 if (!empty($row['id'])) { 76 log_user($row['id'], $remember_me); 77 trigger_action('login_success', stripslashes($username)); 78 return true; 79 } 80 81 // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! 82 else { 83 // this is where we check we are allowed to create new users upon that. 84 if ($obj->config['allow_newusers']) { 85 86 // we got the email address 87 if ($obj->ldap_mail($username)) { 88 $mail = $obj->ldap_mail($username); 89 } 90 else { 91 $mail = NULL; 92 } 93 94 // we actually register the new user 95 $new_id = register_user($username,random_password(8),$mail); 96 97 // now we fetch again his id in the piwigo db, and we get them, as we just created him ! 98 //$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; 99 //$row = pwg_db_fetch_assoc(pwg_query($query)); 100 101 log_user($new_id, False); 102 trigger_action('login_success', stripslashes($username)); 103 redirect('profile.php'); 104 return true; 105 } 106 // else : this is the normal behavior ! user is not created. 107 else { 108 trigger_action('login_failure', stripslashes($username)); 109 return false; 110 } 111 } 166 // user is not allowed to auth or auth is wrong ! 167 else { fail($username); } 112 168 } 113 114 169 ?>
Note: See TracChangeset
for help on using the changeset viewer.
