Changeset 28534 for extensions/Ldap_Login/main.inc.php
- Timestamp:
- May 25, 2014, 6:52:42 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Ldap_Login/main.inc.php
r27286 r28534 2 2 /* 3 3 Plugin Name: Ldap_Login 4 Version: 1. 14 Version: 1.2 5 5 Description: Allow piwigo authentication along an ldap 6 6 Plugin URI: http://www.22decembre.eu/2014/02/09/piwigo-ldap-login-v1-1/ … … 14 14 // +-----------------------------------------------------------------------+ 15 15 define('LDAP_LOGIN_ID', basename(dirname(__FILE__))); 16 define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID. '/');16 define('LDAP_LOGIN_PATH' , __DIR__ . '/'); 17 17 define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID); 18 define('LDAP_LOGIN_VERSION', '1. 1');18 define('LDAP_LOGIN_VERSION', '1.2'); 19 19 20 20 include_once(LDAP_LOGIN_PATH.'/class.ldap.php'); … … 51 51 function ld_init(){ 52 52 load_language('plugin.lang', LDAP_LOGIN_PATH); 53 global $conf; 53 54 } 54 55 56 function fail($username) { 57 trigger_action('login_failure', stripslashes($username)); 58 return false; 59 } 60 61 function update_user($username,$id) { 62 $up = new Ldap(); 63 $up->load_config(); 64 $up->ldap_conn() or error_log("Unable to connect LDAP server : ".$up->getErrorString()); 65 66 // update user piwigo rights / access according to ldap. Only if it's webmaster / admin, so no normal ! 67 if($up->ldap_status($username) !='normal') { 68 single_update(USER_INFOS_TABLE,array('status' => $up->ldap_status($username)),array('user_id' => $id)); 69 } 70 71 // search groups 72 $group_query = 'SELECT name, id FROM '.GROUPS_TABLE.';'; 73 74 $result = pwg_query($group_query); 75 $inserts = array(); 76 while ($row = pwg_db_fetch_assoc($result)) 77 { 78 if($up->user_membership($username, $up->ldap_group($row['name']))) { 79 $inserts[] = array('user_id' => $id,'group_id' => $row['id']); 80 } 81 } 82 83 if (count($inserts) > 0) 84 { 85 mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts,array('ignore'=>true)); 86 } 87 } 55 88 56 89 function login($success, $username, $password, $remember_me){ 57 90 58 91 global $conf; 92 $allow_auth = False; 59 93 60 94 $obj = new Ldap(); 61 95 $obj->load_config(); 62 $obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString()); 96 $obj->ldap_conn() or error_log("Unable to connect LDAP server : ".$obj->getErrorString()); 97 98 // if there's a users group... 99 if ($obj->config['users_group']) { 100 // and the user is in 101 if ($obj->user_membership($username,$obj->ldap_group($obj->config['users_group']))) { 102 // it can continue 103 $allow_auth = True; 104 } 105 else 106 { // otherwise it means the user is not allowed to enter ! 107 fail($username); 108 } 109 } 110 else { 111 // if there's no user group, we can continue. 112 $allow_auth = True; 113 } 114 115 if ($allow_auth) { 116 if ($obj->ldap_bind_as($username,$password)){ // bind with userdn 117 // search user in piwigo database 118 $query = ' 119 SELECT '.$conf['user_fields']['id'].' AS id 120 FROM '.USERS_TABLE.' 121 WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\';'; 122 $row = pwg_db_fetch_assoc(pwg_query($query)); 63 123 64 if (!$obj->ldap_bind_as($username,$password)){ // bind with userdn 65 trigger_action('login_failure', stripslashes($username)); 66 return false; // wrong password 124 // if query is not empty, it means everything is ok and we can continue, auth is done ! 125 if (!empty($row['id'])) { 126 update_user($username,$row['id']); 127 128 log_user($row['id'], $remember_me); 129 trigger_action('login_success', stripslashes($username)); 130 131 return True; 132 } 133 134 // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! 135 else { 136 // this is where we check we are allowed to create new users upon that. 137 if ($obj->config['allow_newusers']) { 138 139 // we got the email address 140 if ($obj->ldap_mail($username)) { 141 $mail = $obj->ldap_mail($username); 142 } 143 else { 144 $mail = NULL; 145 } 146 147 // we actually register the new user 148 $new_id = register_user($username,random_password(8),$mail); 149 update_user($username,$new_id); 150 151 // now we fetch again his id in the piwigo db, and we get them, as we just created him ! 152 log_user($new_id, False); 153 154 trigger_action('login_success', stripslashes($username)); 155 156 redirect('profile.php'); 157 return true; 158 } 159 // else : this is the normal behavior ! user is not created. 160 else { fail($username); } 161 } 162 } 163 // ldap_bind_as was not successful 164 else { fail($username); } 67 165 } 68 69 // search user in piwigo database 70 $query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; 71 72 $row = pwg_db_fetch_assoc(pwg_query($query)); 73 74 // if query is not empty, it means everything is ok and we can continue, auth is done ! 75 if (!empty($row['id'])) { 76 log_user($row['id'], $remember_me); 77 trigger_action('login_success', stripslashes($username)); 78 return true; 79 } 80 81 // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! 82 else { 83 // this is where we check we are allowed to create new users upon that. 84 if ($obj->config['allow_newusers']) { 85 86 // we got the email address 87 if ($obj->ldap_mail($username)) { 88 $mail = $obj->ldap_mail($username); 89 } 90 else { 91 $mail = NULL; 92 } 93 94 // we actually register the new user 95 $new_id = register_user($username,random_password(8),$mail); 96 97 // now we fetch again his id in the piwigo db, and we get them, as we just created him ! 98 //$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; 99 //$row = pwg_db_fetch_assoc(pwg_query($query)); 100 101 log_user($new_id, False); 102 trigger_action('login_success', stripslashes($username)); 103 redirect('profile.php'); 104 return true; 105 } 106 // else : this is the normal behavior ! user is not created. 107 else { 108 trigger_action('login_failure', stripslashes($username)); 109 return false; 110 } 111 } 166 // user is not allowed to auth or auth is wrong ! 167 else { fail($username); } 112 168 } 113 114 169 ?>
Note: See TracChangeset
for help on using the changeset viewer.